Objetive 2.1 Flashcards
Compare and contrast common threat actors and motivations.
An individual or entity responsible for incidents that impact security and data protection.
Threat Actor
Specific characteristics or properties that define and differentiate various threat actors from one another.
Threat Actor Attributes
Types of Threat Actors
- Unskilled Attackers
- Hacktivists
- Organized Crime
- Nation-state Actors
- Insider Threats
[Threat Actors] Individuals with limited technical expertise who use readily available tools like downloaded scripts or exploits to carry out attacks.
Unskilled Attackers
[Threat Actors] Well-structured groups that execute cyberattacks for financial gain, usually through methods like ransomware, identity theft, or credit card fraud.
Organized Crime
[Threat Actors] Cyber attackers who carry out their activities driven by political, social, or environmental ideologies who often want to draw attention to a specific cause.
Hacktivists
[Threat Actors] Highly skilled attackers that are sponsored by governments to carry out cyber espionage, sabotage, or cyber warfare against other nation states or specific targets in a variety of industries.
Nation-state Actors
[Threat Actors] Security threats that originate from within the organization.
Insider Threats
IT systems, devices, software, applications, and services that are managed and utilized without explicit organizational approval.
Shadow IT
Refers to the specific objective or goal that a threat actor is aiming to achieve.
Threat Actor Intent
Underlying reasons or driving forces that pushes a threat actor ot carry out the attack.
Threat Actor Motivation
These below are types of threat actor… ?
- Data Exfiltration
- Philosophical or Political Beliefs
- Blackmail
- Ethical Reasons
- Espionage
- Revenge
- Service Disruption
- Disruption or Chaos
- Financial Gain
- War
Threat Actor Motivations
Unauthorized transfer of data from a computer.
Data Exfiltration
Examples of data exfiltration purposes
- Selling it on the dark web
- Using it for identity theft
- Levaraging it for a competitive advantage
One of the most common motivations for cyberriminals.
Financial Gain
E
Examples of Financial Gains motivation attacks
- Ransomware Attacks
- Banking Trojans
The attacker obtain sensitive or compromising information about an individual or an organization and threatens to release this information to the public unless certain demands are met.
Blackmail
Examples of cyber blackmail motivation attacks
- Ransomware
- Doxxing
- Sextortion
Often achieved by conducting a Distributed Denial of Service (DDoS) attack to overwhelm a network, service, or server with excessive amounts of traffic so that it becomes unavailable to its normal users.
Service Disruption
Individuals or groups use hacking to promote a political agenda, social change, or to protest against organizations they perceive as unethical.
Philosophical or Political Beliefs
Also known as Authorized hackers, are motivated by a desire to improve security.
Ethical Reasons
Examples of Ethical Reasons attack Actors
- Pentesters
- Bounty hunters
An employee who is disgrunted, or one who has recently been fired or laid off, might want to harm their current or former employer by causing a data breach, disrupting services, or leaking sensitive information.
Revenge
These actors, often referred to as Unauthorized hackers, engage in malicious activities for the thrill of it, to challenge their skills, or simply to cause harm.
Disruption or Chaos
Involves spying on individuals, organizations, or nations, to gather sensitive or classified information.
Espionage
Cyber espionage motivations
- National security interests (conducted by a nation-state)
- Gain competitive business intelligence (conducted by a rival company)
- Gain political stratefic advantage (conducted by hackitivists or nation state actors)
Cyberattacks have increasingly become a tool for nations to attack each other both on and off the battlefield.
War
Why is it important to understand the motivations behind the different types of threat actor?
To help formulate an effective defense against them.
[Threat Actor Attributes] Individuals or entities within an organization who pose a threat to its security.
Internal Threat Actors
[Threat Actor Attributes] Internal threat actors motivations
- Revenge
- Financial gain
- Coercion by external entities
[Threat Actor Attributes] Individuals or groups outside an organization who attempt to breach its cybersecurity defenses.
External Threat Actors
[Threat Actor Attributes] Refers to the tools, skills, and personnel at the disposal of a given threat actor.
Resources and Funding
[Threat Actor Attributes] Refers to their technical skill, the complexity of the tools and techniques they use, their ability to evade detection and countermeasures.
Level of sophistication and capability
We usualy classify lowest skilled threat actors as a ………. ?
Script Kiddies
A threat actor that uses pre-made software or sripts to exploit computer systems and networks often without understanding the underlying principles.
Script Kiddies
Threat actors with high level of sophistication and capabilities possess advanced technical skills and use sophisticated tools and techniques.
Usually are:
- Nation-state actors
- Groups
- Advanced Persistent Threats (APT Groups)
[Threat Actor Attributes] Threat actors are classified based on their ….
ATTRIBUTES
[Threat Actor Attributes] Attibutes
- Internal vs External
- Resorces and Funding
- Level of sophistication and capability
An individual who lacks the technical knowledge to develop their own hacking tools or exploits.
Unskilled Attacker
Can still cause significant damage using readily available tools and exploits to victimize systems with unpatched, known vulnerabilities.
Unskilled Attackers
Unskilled attackers are motivated by
A desire for recognition or the thrill of causing disruption o an organization’s network.
Unskilled attackers are less likely to be motivated by
Financial gain or political ideologies.
This threat actor focus on easier targets instead of higher value ones.
Unskilled attackers
An individual who lacks the technical knowledge to develop their own hacking tools or exploits.
Unskilled attacker
Individuals or groups that use their technical skills to promote a cause or drive social change instead of for personal gain.
Hacktivists
Hacktivism/Hacktivists use cyberattacks to achieve their ………… or ………… beliefs.
Hacktivism/Hacktivists use cyberattacks to achieve their ideological or political beliefs.
Hicktivists uses techniques like
- Website Defacement
- DDoS Attacks
- Doxing
- Leaking of Sensitive Data
A form of electronic graffiti, an act of vandalism.
Website Defacement
An attempt to overwhealm the victim’s systems or networks so that they cannot be accessed by the organization’s legitimate users.
Distributed Denial of Service Attack
Public release of private information about an individual or organization such as their name, home address, phone number, or email in hopes that someone will take the real-world action against the victim.
Doxxing
Tend to demonstrate fairly high level of sophistication.
Hacktivists
Are primarily motivated by their ideological beliefs rather than trying to achieve financial gains.
Hacktivists
Target organizations or individuals that they perceive as acting out against their cause.
Hacktivists
Anonymous and LulzSec is an example of which type of threat actor?
Hacktivist
The act of hacking or breaking into computer systems for a politically or socially motivated purpose. Often to promote, repeat, or protest against specific issues or actions.
Hacktivism
Is an indvidual who engages in hacktivism, using cyber tools and techniques to promote a social or political cause.
Hacktivist
…………………… conducts ……………… to advance their own ideological agendas.
Hacktivists conducts hacktivism to advance their own ideological agendas.
Shophisticated and well-structured entities that leverage resources and technical skills for illicit gain. Their operations are usually well-planned and coordinated based on the criminal ring structured nature and strategic approach to conducting attacks.
Organized Cyber Crime Groups
They are operating across national borders, these transnational …………………….. organizations can create increased complexity for law enforcement when they attempt to prosecute these attackers.
Organized Cyber Crime
Tehnical Capability Level of an Organized Cyber Crime Group?
Very High
Often employ advanced hacking techniques and tools, like:
- Custom Malware
- Ransomware
- Sophisticated Phishing Campaings
Exploit emerging technologies such as cryptocurrencies, Dark Web and the use of Cellular Collection Devices to facilitate their activities and evade detection.
Organized Cyber Crime Groups
Motivation for Organized Cyber Crime Groups
Financial Gain
Common illicit ativities linked to cyber crime groups are…
- Data Breaches
- Indentity Theft
- Online Fraud
- Ransomware Attacks
Common organized crime targets are…
- Small or medium-sized business
- High net worth individuals who have substantial financial resources or valuable data.
This threat actor is no typically driven by ideological or political objectives. However, these groups may be hired by other entities, including governments, to conduct cyber operations and attacks on their behalf.
Cyber Crime Groups
May operate in the political spectrum but only do so to generate financial gains for themselves.
Essentially, when conducting these types of attacks, this threat actor is acting as a hired gun or mercenary for the political organization or government that hires them.
Organized Cyber Crime Groups
FIN7 and Carbanak is an example of which type of threat actor?
Organized Cyber Crime Group
Groups that are sponsored by a government to conduct cyber operations against other nations, organizations, or individuals.
Nation-State Actors
Kind of attack that is orchestrated in such a way that it appears to originate from a different source or group.
False Flag Attack
Term that used to be used synonymously with a nation-state actor because of their long-term persistence and stealth.
Advanced Persistent Threat
Motivations of a nation-state actor
Gathering Intelligence
Disrupting Critical Infrastructure
Influencing Political Processes
Cyber espionage
Cybersecurity threats that originate from within the organization
Insider Threat
The use of information technology systems, devices, software, applications, and services without explicit organizational approval.
Shadow IT