Threat Actors Flashcards
Threat actor intent
Specific objective or goal that a threat actor is aiming to achieve through
their attack
Threat actor motivation
Underlying reasons or driving forces that pushes a threat actor to carry
out their attack
Possible threat actor motivations
- Data exfiltration
- Financial gain
- Blackmail
- Service disruption
- Philosophical or political beliefs (hacktivism)
- Ehtical reasons
- Revenge
- Disruption or chaos
- Espionage
- Cyber warfare
Internal threat actors
Individuals or entities within an organization who pose a threat to its
security
External threat actors
Individuals or groups outside an organization who attempt to breach its
cybersecurity defenses
Unskilled attackers
Individual who lacks the technical knowledge to develop their own hacking tools or exploits
Hacktivists
Individuals or groups that use their technical skills to promote a cause or drive
social change instead of for personal gain
Organized crime
Organized cybercrime groups are groups or syndicates that have banded together to
conduct criminal activities in the digital world
- Sophisticated and well structured
- Use resources and technical skills for illicit gain
Nation-state Actor
Groups or individuals that are sponsored by a government to conduct cyber
operations against other nations, organizations, or individuals
APT
Advanced Persistent Threat
Often nation states or sponsored by nation states. Highly skilled and sophisticated.
Insider Threats
Cybersecurity threats that originate from within the organization
Shadow IT
Use of information technology systems, devices, software, applications, and
services without explicit organizational approval
IT-related projects that are managed outside of, and without the knowledge of,
the IT department
Threat Vector
Means or pathway by which an attacker can gain unauthorized access to a
computer or network to deliver a malicious payload or carry out an unwanted
action
Attack Surface
Encompasses all the various points where an unauthorized user can try to enter
data to or extract data from an environment
TTPs
Tactics, Techniques and Procedures
Specific methods and patterns of activities or behaviors associated with a
particular threat actor or group of threat actors
Honeypot
Decoy system or network set up to attract potential hackers
Honeynet
Network of honeypots to create a more complex system that is designed
to mimic an entire network of systems
Honeyfiles
Decoy file placed within a system to lure in potential attackers
Honeytokens
Piece of data or a resource that has no legitimate value or use but is
monitored for access or use
Port Triggering
Security mechanism where specific services or ports on a network
device remain closed until a specific outbound traffic pattern is
detected