Classifying Threats Flashcards
An individual or group with advanced skills and funding, typically aligned with a nation’s interests.
Nation-state actor
An attacker motivated by ideology or social change, often using public defacement or data leaks.
Hacktivist
An insider who intentionally or unintentionally compromises security by leaking or mishandling data.
Insider threat
Threat actors that aim for financial gain through organized campaigns like ransomware and fraud.
Organized crime group
An individual who uses pre-built tools or scripts to launch attacks with little technical knowledge.
Script kiddie
An attacker who attempts to gain business secrets to undermine a competitor’s advantage.
Corporate espionage threat
The type of attack in which an adversary targets a software vendor to compromise multiple clients.
Supply chain attack
A tactic where attackers scan for open ports across a wide IP range without targeting specific victims.
Opportunistic scanning
A threat actor with defined objectives, using stealthy techniques over an extended period.
Advanced Persistent Threat (APT)
The type of threat where third-party vendors or service providers introduce vulnerabilities.
Third-party risk
A person who violates ethical norms but may help organizations by disclosing vulnerabilities.
Gray hat hacker
The cybersecurity threat resulting from unsupported operating systems or legacy equipment.
Obsolescence risk
An attack that manipulates domain name resolution to redirect traffic to malicious sites.
DNS poisoning
A threat based on manipulating people into bypassing normal security procedures.
Social engineering
A criminal that targets high-ranking officials through deceptive emails.
Whaling attacker
The threat that comes from poor configuration, weak access controls, or open services.
Misconfiguration
A method of attack that simulates real adversaries to test an organization’s defenses.
Red teaming
A malware type that doesn’t require user interaction and spreads across systems automatically.
Worm
An attacker motivated by personal revenge against an employer or coworker.
Malicious insider
The classification model that breaks threats down by motive, capability, and opportunity.
Threat actor profiling
An attack that occurs due to accidental internal user actions, such as misdirected emails.
Unintentional insider threat
A targeted threat actor with specific knowledge of the organization’s environment.
Insider with elevated privileges
The concept that no user, system, or device is inherently trusted within the network.
Zero Trust security model
The motivation behind ransomware gangs demanding cryptocurrency payments.
Financial gain
A threat vector that relies on outdated protocols like FTP or Telnet still being enabled.
Insecure protocol usage
Attackers who compromise infrastructure to remain dormant until activated.
Sleeper cell threat
A person or group testing systems without permission, often for malicious purposes.
Black hat hacker
The threat resulting from default passwords and unchanged credentials.
Credential misuse
The threat posed by AI-generated phishing emails that closely mimic human writing.
AI-driven social engineering
When attackers hijack legitimate remote access tools to avoid detection.
Living off the land (LotL) technique
The type of threat that uses insider knowledge to evade traditional detection tools.
Insider-initiated lateral movement
The concept of assessing a threat based on both its likelihood and potential damage.
Threat classification and prioritization
An actor operating under unofficial state sponsorship, often disavowed by the government.
State-aligned proxy
A threat targeting organizations using unsanctioned SaaS apps and cloud storage.
Shadow IT risk
A threat actor that collects data over time for a future, larger coordinated attack.
Intelligence gatherer
