N2K - Flash Cards - Threats, Vulnerabilities, and Mitigations - Compare and Contrast Common Threat Actors and Motivations
Which category of threat actor is most likely to have high funding and a high level of sophistication?
Nation-State Actors
or
Advanced Persistent Threats (APTs)
What is an insider threat?
An employee who uses their access to the network and facility to obtain confidential information or grant access to a malicious actor
Which two types of threat actor would have the largest amount of resources and/or funding for attacks?
Nation/State (or APTs) and organized crime
What are the six categories of threat actors according to the CompTIA Security + blueprint?
Nation-State
Unskilled Attacker
Hacktivist
Insider Threat
Organized Crime
Shadow IT
Which categories of threat actor are internal to the organization?
Insider threats and shadow IT
Which threat actor motivation is demonstrated by retaliating against perceived wrongs or grievances, seeking to inflict harm or damage as retribution?
Revenge
Which threat actor motivation consists of actively targeting individuals and groups based on ideological differences, aiming to advanced or enforce beliefs?
Philosophical/political beliefs
What is meant by the term data exfiltration?
The unauthorized transfer of data from a computer or network
Which type of threat actor is MOST likely to be motivated by monetary gain?
Organized Crime
Which type of threat actors typically have an unsophisticated skill level and rely on tools that are widely available on the internet?
Script Kiddies
Which category of threat actor is most likely to be trying to make a political statement?
Hacktivist
Which threat actor motivation is exemplified by creating disorder, destabilizing systems, or causing harm to create confusion and disorder?
Disruption/Chaos
Which category of threat actor is most likely to be acting out of a grievance against the organization?
Insider
Which type of threat describes when an employee steals another employee’s password?
Internal or Insider
Which threat actor motivation can be described as coercing action from a victim through threat of revealing compromising information for personal gain or leverage?
Blackmail