Threat Actor Types & Attributes Flashcards
What is a threat actor?
An individual, group, or entity that contributes to an incident or executes a given threat.
Assessing threat actors begins with identifying their relationship to the organization - internal or external.
The assets or goals of an organization relate to and influence the threat actor types that presents the most significant risk.
What are the threat actor attributes?
- Relationship (internal or external threats to organization)
- Motive (specific reason such as financial gain or ideology)
- Intent (malicious threat)
- Capability (tech ability, financial means, access, political & social support, and persistence)
Threat Actor: What is a script kiddie?
Script kiddies have few skills, but can run exploits that others have developed. They cannot write sophisticated code or might not be able to code at all. It easy to trace their attacks, which are often website defacements, DoS attacks, and planting Trojans within an organization.
Threat Actor: What is an insider?
An insider could simply be an employee that is unaware of an organization’s security policy or chooses to ignore it (with the right intentions). But they can also be malicious, such as a disgruntled employee. These actors may be motivated by financial gain, sabotage, and theft to gain a competitive advantage.
Threat Actor: What is a hacktivist?
Hacktivists use digital tools for malicious intent based on political, social, or ideological reasoning. They are often perceived as doing good because of their motives.
Threat Actor: What is organized crime?
Per the US Organized Crime Control Act from 1970, organized crime is defined as “a highly sophisticated, diversified, and widespread activity that annually drains billions if dollars from America’s economy by unlawful conduct and the illegal use of force, fraud, and corruption.”
Organized crime has its own economy and an underground system that affects information technology.
Threat Actor: What are competitors?
Competitive threat actors are looking for info to gain an edge, or even to pilfer trade secrets and other intellectual property.
Threat Actor: What is a nation state threat actor?
Nation state threat actors are government sponsored (the ties are not always acknowledged). They are the most sophisticated threat actors with the most resources. These attacks have become more prevalent in recent years.
What is open source intelligence (OSINT)?
OSINT is the overt gathering of intelligence.