Explaining Threat Actors and Threat Intelligence Flashcards
Black Hat
Unethical/malicious intent
White Hat
Ethical hacker certified
Grey Hat
illegal, but no malicious intent
script kiddie
someone who uses hacker tools without necessarily understanding
how they work or having the ability to craft new attacks
Hacktivist
might attempt to obtain and release
confidential information to the public domain, perform denial of service (DoS) attacks,
or deface websites
Advanced Persistent Threat
coined to understand the behavior underpinning modern types of
cyber adversaries
State Actors
implicated in many attacks, particularly on energy and health
network systems
Criminal Syndicate
operate across the Internet from
different jurisdictions than its victim, increasing the complexity of prosecution.
Attack Surface
all the points at which a malicious threat actor could try to
exploit a vulnerability.
attack vector
is the path that a threat actor uses
to gain access to a secure system
Supply Chain Attack Vector
rather than attack the target directly, a threat actor may seek
ways to infiltrate it via companies in its supply chain
What is Cyber Threat Intelligence?(CTI)
Threat data can be packaged as feeds that integrate with a security information and
event management (SIEM) platform.
Open source intelligence (OSINT)
some companies operate threat intelligence
services on an open-source basis, earning income from consultancy rather than
directly from the platform or research effort.
Tactic, technique or procedure(TTP)
categorize behaviors in terms of campaign strategy and approach
(tactics), generalized attack vectors (techniques), and specific intrusion tools and
methods (procedures).
indicator of compromise (IoC)
residual sign that an asset or network has
been successfully attacked or is continuing to be attacked
