Threat Actors Flashcards

1
Q

Threat Actor

A

An individual/entity responsible for incidents that impact security and data protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Threat Actor Attributes

A
  • Internal vs External
  • Differences in resources and funding
  • Level of sophistication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Types of Threat Actors

A

Unskilled attackers - limited tech expertise, use readily available tools

Hacktivists - driven by political, social, or environmental ideologies

Organized crime - cyber attacks for financial gain

Nation-state actor - high skilled; sponsored by governments for cyber espionage or warfare

Insider threats - security threats from within an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Shadow IT

A

Use of information, technology systems, devices, software applications, and services without explicit organizational approval
-IT related projects that are managed outside of, and without knowledge of, the IT department
-exist because an organizations security posture is actually set too high, or is too complex for business operations to occur without being negatively affected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Threat Vectors and Attack Surfaces

A
  • Message based
  • image based
  • file based
  • voice calls
  • removable devices (ex: baiting)
  • unsecured networks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Tactics, Techniques, and Procedures (TTPs)

A

Specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Deception and Disruption Technologies (3)

A

Honeypots - Decoy systems to attract and deceive attackers

Honey nets - Network of decoy systems for observing complex attacks

Honey files - Decoy files to detect unauthorized access or data breaches

Honey tokens - Fake data to alert administrators when accessed or used (ex: fake user creds)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Disruption technologies and strategies to secure enterprise networks

A
  • Bogus DNS entries = fake Domain Name System entries introduced into your systems DNS server
  • Creating decoy directories = fake folders and files places within a system’s storage
  • Dynamic page generation = effective against automated, scraping tools or bots, trying to index or steal content from your organizations website
  • Port triggering to hide devices = security mechanism or specific services reports on the network remain closed until a specific outbound traffic pattern is detected.
  • Spoofing fake telemetry data - stem detects a network scan > configured to respond by sending out fake telemetry or network data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Threat Actors Intent

A

Specific objective or goal the a threat actor is aiming to achieve through their attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Threat Actors Motivation

A

Underlying reason or driving forces that pushes a threat actor to carry out their attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Different motivations behind threat actors

A
  • Data exfiltration
  • Financial gain
  • Blackmail
  • Service disruption (ex: DDoS)
  • Political/philosophical beliefs
  • Ethical reasons (ethical actors/authorized hackers)
  • Revenge
  • Disruption or chaos - sophisticated attacks
  • Espionage
  • War
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Script Kiddies

A

The lowest skilled threat actors;
- limited technical knowledge
- use pre-made software or scripts to exploit computer systems and networks

damage caused by:
- DDoS attack
- enter in the IP address of the system they want to target, then click a button to launch an attacker against that target

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Hacktivists

A

Individuals or groups that use their technical skills to promote a cause or drive social change instead of for personal gain

Some methods of attack:
- Website defacement (electronic grafiti)
- DDoS attack
- Doxing
- Leak sensitive data

Most commonly known: Anonymous hacker group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Organized Crime

A

Groups or syndicates that have banded together to conduct criminal activities in the digital world
- sophisticated and well structured
- use resources for illicit gain
- high level technical capabilities
- may be hired by other entities like governments to conduct operations and attacks on their behalf

Techniques:
- Custom malware
- Ransomware
- Sophisticated phishing campaigns

Illicit activities:
- data breaches
- identify theft
- online fraud
- ransomware attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Nation-state Actor

A

Groups or individuals that are sponsored by a government to conduct cyber operations against other nations, organizations, or individuals
- advanced technical skills
- extensive resources
- complex and coordinated cyber operations

techniques:
- Creating custom malware
- using zero-day exploits
- becoming an advanced persistent threats
- false flag attacks

motivation: achieve long term strategic goals and not seeking financial gain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Advanced Persistent Threat (APT)

A

A prolonged and targeted cyber attack in which an intruder gains unauthorized access to a network and remains undetected for an extended period while trying to steal data or monitor network activities rather than cause immediate damage
- often sponsored by a nation-state or its proxies, like organized cybercrime groups

17
Q

Insider threats

A
  • cyber security threats that originate from within the organization
  • we have varying levels of capabilities

Different forms:
- Data theft
- sabotage
- misuse of access privileges

Motivations:
- Financial gain
- revenge
- carelessness or lack of awareness of best practices

Mitigate risk:
- Zero trust architecture
- robust access controls
- conduct regular audits
- provide effective employee security awareness programs

18
Q

Bring Your Own Devices (BYOD)

A

Involves the use of personal devices for work purposes

19
Q

Threat Vector - “how”

A

Means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload, or carry out an unwanted action

20
Q

Attack Surface - “where”

A

Encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment

mitigate:
- restricting access
- removing unnecessary software
-disabling unused protocols

21
Q

Vulnerabilities in Bluetooth protocol

A

BlueBorne - a set of vulnerabilities that can allow an attacker to take over devices, spread, malware, or even establish an on path attack to intercept communications without any inter user interaction

BlueSmack - type of denial of service attack that targets. Bluetooth enable devices by sending us specifically crafted Logical Link Control and Adaption Protocol packet to a target device.

22
Q
A