S3 - THREAT ACTORS Flashcards
There are 10 types of actor motivations. Name at the most commons ones
Data Exfiltration (cxc), Financial Gain, Espionage, Revenge, Ethical (pentest) ||| War, Sevice Disruption, Blackmail, Political Beliefs, Chaos
Name the three types of Threat Attributes
Internal vs External, Resource and Funding, Capability
Caracterist of unskilled attacker
“Script Kiddie”, can’t develop his own hacking tools, lacks technical knowledge, seeks some king of recognition. Can still cause harm and losses
Caracteristics of Hacktivist
Individual who enagages in hacktivism, movitated by social or political cause. Likley skilled
Caracteristics of Organized Cyber Crime Grupos
High technical skills, driven by financial gain, well-structured
Its common that a Nation-State actor use a false flag attack. What is it?
A false flag attack is an attack that can be falsely tracked back into another country or institution (ex: South Korea olimpics, was tracked with some North korean common technologies but was from Russians) THEY ARE SOPHISTICATED, zero day exploits
Insider Threat caracteristics
Threats that originate from within the organization
What is Shadow IT?
Is the use of any Technology System (hardware or software) without your organization approval
Define Threat Vector and name three of them
Threat vector is the mean that the attacker will use to attack. Like a message, image, file, voice call, Removable devices, unsecured networks.
Name the 4 baits or honeys (explain them)
Honeypot (bait system), Honeynet (bait net, with router, system and switches), Honeyfiles (bait files, watermarked), Honeytokens (fake users or tokens)