Section 2: Threat Actors Flashcards
Data Exfiltration
Unauthorized transfer of data from a computer
Blackmail
Obtaining sensitive or compromising information and threatening to release it unless demands are met
Espionage
Spying on individuals, organizations, or nations to gather sensitive or classified information
Service Disruption
Disrupting services to cause chaos, make a political statement, or demand a ransom
Financial Gain
Achieving profit through means such as ransomware attacks or banking trojans
Philosophical/Political Beliefs
Hacktivism driven by political, social, or environmental ideologies
Ethical Reasons
Ethical hackers motivated by improving security rather than malicious intent
Revenge
Targeting an entity perceived to have wronged the threat actor
Disruption/Chaos
Spreading malware or launching cyberattacks to create chaos
War
Cyber warfare to disrupt a country’s infrastructure, compromise national security, or cause economic damage
Internal vs. External Threat Actors
Internal threats: originate from within the organization
external threats: come from outside
Unskilled Attackers
Limited technical expertise, using readily available tools
Hacktivists
Motivated by ideological beliefs, using cyber techniques to promote causes
Organized Crime
Sophisticated groups executing cyberattacks for financial gain
Nation-state Actor
Government-sponsored, highly skilled attackers conducting cyber espionage or warfare
Insider Threats
Security threats from within the organization, potentially from disgruntled employees
Shadow IT
IT systems, devices, software, or services managed without explicit organizational approval
Message-based Attacks
Delivered via email, SMS, or instant messaging, often involving phishing
Image-based attacks
Malicious code embedded in image files
File-based attacks
Malicious files disguised as legitimate documents or software
Voice Calls attacks
Vishing attacks using voice calls to extract sensitive information
Removable Devices attacks
Baiting tactics involving malware-infected USB drives
Unsecured Networks attacks
Exploiting vulnerabilities in wireless, wired, or Bluetooth networks
Honeypots
Decoy systems to attract and deceive attackers
Honeynets
Network of decoy systems to observe complex attacks
Honeyfiles
Decoy files to detect unauthorized access or data breaches
Honeytokens
Fake data to alert administrators when accessed or used
Tactics, Techniques, and Procedures (TTPs)
Specific methods and behaviors associated with particular threat actors
Deceptive and Disruption Technologies
Tools designed to mislead and neutralize attackers