Threat Actors Flashcards
Threat Actor
An individual/entity responsible for incidents that impact security and data protection
Threat Actor Attributes
- Internal vs External
- Differences in resources and funding
- Level of sophistication
Types of Threat Actors
Unskilled attackers - limited tech expertise, use readily available tools
Hacktivists - driven by political, social, or environmental ideologies
Organized crime - cyber attacks for financial gain
Nation-state actor - high skilled; sponsored by governments for cyber espionage or warfare
Insider threats - security threats from within an organization
Shadow IT
Use of information, technology systems, devices, software applications, and services without explicit organizational approval
-IT related projects that are managed outside of, and without knowledge of, the IT department
-exist because an organizations security posture is actually set too high, or is too complex for business operations to occur without being negatively affected
Threat Vectors and Attack Surfaces
- Message based
- image based
- file based
- voice calls
- removable devices (ex: baiting)
- unsecured networks
Tactics, Techniques, and Procedures (TTPs)
Specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors
Deception and Disruption Technologies (3)
Honeypots - Decoy systems to attract and deceive attackers
Honey nets - Network of decoy systems for observing complex attacks
Honey files - Decoy files to detect unauthorized access or data breaches
Honey tokens - Fake data to alert administrators when accessed or used (ex: fake user creds)
Disruption technologies and strategies to secure enterprise networks
- Bogus DNS entries = fake Domain Name System entries introduced into your systems DNS server
- Creating decoy directories = fake folders and files places within a system’s storage
- Dynamic page generation = effective against automated, scraping tools or bots, trying to index or steal content from your organizations website
- Port triggering to hide devices = security mechanism or specific services reports on the network remain closed until a specific outbound traffic pattern is detected.
- Spoofing fake telemetry data - stem detects a network scan > configured to respond by sending out fake telemetry or network data
Threat Actors Intent
Specific objective or goal the a threat actor is aiming to achieve through their attack
Threat Actors Motivation
Underlying reason or driving forces that pushes a threat actor to carry out their attack
Different motivations behind threat actors
- Data exfiltration
- Financial gain
- Blackmail
- Service disruption (ex: DDoS)
- Political/philosophical beliefs
- Ethical reasons (ethical actors/authorized hackers)
- Revenge
- Disruption or chaos - sophisticated attacks
- Espionage
- War
Script Kiddies
The lowest skilled threat actors;
- limited technical knowledge
- use pre-made software or scripts to exploit computer systems and networks
damage caused by:
- DDoS attack
- enter in the IP address of the system they want to target, then click a button to launch an attacker against that target
Hacktivists
Individuals or groups that use their technical skills to promote a cause or drive social change instead of for personal gain
Some methods of attack:
- Website defacement (electronic grafiti)
- DDoS attack
- Doxing
- Leak sensitive data
Most commonly known: Anonymous hacker group
Organized Crime
Groups or syndicates that have banded together to conduct criminal activities in the digital world
- sophisticated and well structured
- use resources for illicit gain
- high level technical capabilities
- may be hired by other entities like governments to conduct operations and attacks on their behalf
Techniques:
- Custom malware
- Ransomware
- Sophisticated phishing campaigns
Illicit activities:
- data breaches
- identify theft
- online fraud
- ransomware attacks
Nation-state Actor
Groups or individuals that are sponsored by a government to conduct cyber operations against other nations, organizations, or individuals
- advanced technical skills
- extensive resources
- complex and coordinated cyber operations
techniques:
- Creating custom malware
- using zero-day exploits
- becoming an advanced persistent threats
- false flag attacks
motivation: achieve long term strategic goals and not seeking financial gain
