Threat Actors

Question 1

What are all of the Threat Actor Motivations?

Answer 1

Data Exfiltration

Financial Gain

Blackmail

Service Disruption

Philosophical or Policitial Beliefs

Ethical Reasons

Revenge

Disruption or Chaos

Espionage

War

Question 2

What is an Unskilled Attacker?

Answer 2

Someone who lacks the technical knowledge to develop their own hacking tools or exploits. Less likely to be motivated by financial gain or political ideologies

Question 3

What is a Hacktivist?

Answer 3

Individuals or groups that use their technical skills to promote a cause or drive social change instead of for personal gain. Primarily motivated by their beliefs rather than trying to achieve financial gain.

Question 4

What is Organized Crime?

Answer 4

Sophisticated and well-structured entities that leverage resources and technical skills for illicit gain.

Question 5

What are Nation-State Actors?

Answer 5

Groups that are sponsored by a government to conduct cyber operations against other nations, organizations, or individuals. AKA (Advanced Persistent Threat) because of their long-term persistence and stealth.

Question 6

What are Insider Threats?

Answer 6

Cybersecurity threats that originate from within the organization. Varying levels of sophistication and damage.

Question 7

What is Shadow IT?

Answer 7

The use of information technology systems, devices, software, applications, and services without explicit organizational approval. Use of personal devices for work purposes, installation of unapproved software, etc.

Question 8

What is a Threat Vector?

Answer 8

The means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted action.

Question 9

What is an Attack Surface?

Answer 9

Encompasses all of the various points where an unauthorized user can try to enter or extract data from an environment.

Question 10

What are the types of Threat Vectors?

Answer 10

Messaging (emails, SMS, IM)

Images

Files

Voice calls

Removable Devices

Unsecured Networks

Question 11

What are TTPs?

Answer 11

Tactics, Techniques, and Procedures - Specific methods and patterns of activities or behaviours associated with a particular threat actor.

Question 11

What is a HoneyPot?

Answer 11

Designed to mislead, confuse, and divert attackers from critical assets while simultaneously detecting and neutralizing threats.

Question 11

What is a HoneyNet?

Answer 11

Network of Honeypots to create a more complex system designed to mimic an entire network of systems, including servers, routers, and switches.

Question 12

What is a HoneyToken?

Answer 12

A piece of data or a resource that has no legitimate value or use but it monitored for access or use. Useful for detecting insider threats.

Question 13

What are Disruption Technologies examples?

Answer 13

Bogus DNS - Fake DNS entries introduced into a system’s DNS server

Decoy Directories - Fake folders and files placed within a system’s storage

Dynamic Page Generation - Used in websites to prevent ever-changing content to web crawlers to confuse and slow down the threat actor

Port Triggering - Security mechanism where specific services or ports on a network device remain closed until a specific outbound traffic pattern is detected

Fake Telemetry Data - The system can respond to an attacker’s network scan attempt by sending out fake telemetry or network data