J.Dion Sec. 3 Threat Actors Flashcards
An individual or entity responsible for incidents that impact security and data protection.
Threat actor
Specific characteristics or properties that define and differentiate various threat actors from one another.
Threat actor attributes
Individuals with limited technical expertise who use readily available tools like downloaded scripts or exploits to carry out attacks.
Unskilled attackers
Cyber attackers who carry out their activities driven by political, social, or environmental ideologies who often want to draw attention to a specific cause or drive social change.
Hacktivists
Well-structured groups that execute cyberattacks for financial gain, usually through methods like ransomware, identity theft, or credit card fraud.
Organized crime
Highly skilled attackers that are sponsored by governments to carry out cyber espionage, sabotage, or cyber warfare against other nation states or specific targets in a variety of industries.
Nation-state actors
Security threats that originate from within the organization.
Insider threats
IT systems, devices, software, applications, and services that are managed and utilized without explicit organizational approval.
Shadow IT
Name the 6 different types of threat vectors.
Message-based
Imaged-based
File-based
Voice calls
Removable devices
Use of unsecured networks
Name the 4 deception and disruption technologies used to outsmart threat actors.
Honeypots
Honeynets
Honeyfiles
Honeytokens
Decoy systems or servers designed to attract and deceive potential attackers, simulating real-world IT assets to study their techniques.
Honeypots
Creates an entire network of decoy systems to observer complex, multi-stage attacks.
Honeynets
Decoy files placed within systems to detect unauthorized access or data breaches.
Honeyfiles
Fake pieces of data, like a fabricated user credential, inserted into databases or systems to alert administrators when they are accessed or used.
Honeytokens
List the types of threat actor motivations.
Data exfiltration
Blackmail
Espionage
Service disruption
Financial gain
Philosophical or political beliefs
Ethical reasons
Revenge
Disruption or chaos
War
The unauthorized transfer of data from a computer.
Data exfiltration
One of the most common motivations for cybercriminals.
Financial gain
What type of attacks do cybercriminals use to achieve financial gain?
Ransomware attacks
Banking trojans
Type of motivation where the attacker obtains sensitive/compromising information about an individual or an organization and threatens to release this information to the public unless certain demands are met.
Blackmail
This type of motivation is often achieved by Distributed Denial of Service (DDoS) attack to overwhelm a network, service, or server with excessive amounts of traffic so that it becomes unavailable to its normal users.
Service disruption
This motivation type is used by individuals or groups use hacking to promote a political agenda, social change, or to protest against organizations they perceive as unethical.
Philosophical or Political beliefs
Motivation type where ethical hackers, also known as, authorized hackers, are motivated by a desire to improve security.
Ethical reasons
Motivation type where an employee who is disgruntled, or one who has recently been fired/laid off, might want to harm their current/former employer by causing a data breach, disrupting services, or leaking sensitive information.
Revenge
Motivation type where threat actors, often referred to as unauthorized hackers, engage in malicious activities for the thrill of it, to challenge their skills, or simply to cause harm.
Disruption or chaos
Motivation type that involves spying on individuals, organizations, or nations to gather sensitive or classified information.
Espionage
Motivation type where cyberattacks have increasingly become a tool for nations to attack each other on/off the battlefield.
War
What are the three attributes of an attacker?
Origin: Internal vs external
Resources and funding
Level of sophistication and capability
Category that refers to individual/entities within an organization who pose a threat to its security.
Internal threat actors
Category that refers to individuals/groups outside of an organization who attempt to breach its cybersecurity defense.
External threat actors
Category that refers to the tools, skills, and personnel at the the disposal of a give threat actor.
Resources and Funding
Category that refers to their technical skill, the complexity of the tools and techniques they use, and their ability to evade detection and countermeasures.
Level of sophistication and capability
What level of sophistication and capability is a threat actor listed as who uses widely available tools and techniques such as the common malware or phishing attacks?
Low level
An low level categorized individual with limited technical knowledge who uses pre-made software or scripts to exploit computer systems and networks without understanding the underlying principles.
Script Kiddie
What type of attacks do hacktivists utilize?
Website defacement
DDoS attacks
Doxing
Leaking of sensitive data
Website defacement is treated as?
Website vandalism
Type of attack that releases an individuals or organizations private information such as name, home address, etc.
Doxxing