Threat Actors

Question 1

Threat Actor Motivations

Answer 1

■ Data Exfiltration
■ Blackmail
■ Espionage
■ Service Disruption
■ Financial Gain,
■ Philosophical/Political Beliefs
■ Ethical Reasons
■ Revenge
■ Disruption/Chaos
■ War

Question 2

Threat Actor Attributes

Answer 2

■ Internal vs. External Threat Actors
■ Differences in resources and funding
■ Level of sophistication

Question 3

Types of Threat Actors

Answer 3

Unskilled Attackers
Hacktivists
Organized Crime
Nation-state Actor
Insider Threats

Question 4

Limited technical expertise, use readily available tools

Answer 4

Unskilled Attackers

Question 5

Driven by political, social, or environmental ideologies

Answer 5

Hacktivists

Question 6

Execute cyberattacks for financial gain (e.g., ransomware, identity theft)

Answer 6

Organized Crime

Question 7

Highly skilled attackers sponsored by governments for cyber espionage or
warfare

Answer 7

Nation-state Actor

Question 8

Security threats originating from within the organization

Answer 8

Insider Threats

Question 9

IT systems, devices, software, or services managed without explicit organizational
approval

Answer 9

Shadow IT

Question 10

■ Message-based
■ Image-based
■ File-based
■ Voice Calls
■ Removable Devices
■ Unsecured Networks

Answer 10

Threat Vectors and Attack Surfaces

Question 11

Deception and Disruption Technologies

Answer 11

Honeypots
Honeynets
Honeyfiles
Honeytokens

Question 12

Decoy systems to attract and deceive attackers

Answer 12

Honeypots

Question 13

Network of decoy systems for observing complex attacks

Answer 13

Honeynets

Question 14

Decoy files to detect unauthorized access or data breaches

Answer 14

Honeyfiles

Question 15

Fake data to alert administrators when accessed or used

Answer 15

Honeytokens

Question 16

Specific objective or goal that a threat actor is aiming to achieve through
their attack

Answer 16

Threat Actors Intent

Question 17

Underlying reasons or driving forces that pushes a threat actor to carry
out their attack

Answer 17

Threat Actors Motivation

Question 18

Unauthorized transfer of data from a computer

Answer 18

Data Exfiltration

Question 19

Achieved through various means, such as ransomware attacks, or through
banking trojans that allow them to steal financial information in order to
gain unauthorized access into the victims’ bank accounts

Answer 19

Financial Gain

Question 20

Attacker obtains sensitive or compromising information about an
individual or an organization and threatens to release this information to
the public unless certain demands are met

Answer 20

Blackmail

Question 21

Some threat actors aim to disrupt the services of various organizations,
either to cause chaos, make a political statement, or to demand a ransom

Answer 21

Service Disruption

Question 22

● Attacks that are conducted due to the philosophical or political beliefs of
the attackers is known as hacktivism
● Common motivation for a specific type of threat actor known as a
hacktivist

Answer 22

Philosophical or Political Beliefs

Question 23

Contrary to malicious threat actors, ethical hackers, also known as
Authorized hackers, are motivated by a desire to improve security

Answer 23

Ethical Reasons

Question 24

It can also be a motivation for a threat actor that wants to target an entity
that they believe has wronged them in some way

Answer 24

Revenge

Question 25

Creating and spreading malware to launching sophisticated cyberattacks
against the critical infrastructure in a populated city

Answer 25

Disruption or Chaos

Question 26

Spying on individuals, organizations, or nations to gather sensitive or
classified information

Answer 26

Espionage

Question 27

Cyber warfare can be used to disrupt a country’s infrastructure,
compromise its national security, and to cause economic damage

Answer 27

War

Question 28

2 Most Basic Attributes of a Threat Actor

Answer 28

Internal Threat Actors
External Threat Actors

Question 29

Individuals or entities within an organization who pose a threat to its
security

Answer 29

Internal Threat Actors

Question 30

Individuals or groups outside an organization who attempt to breach its
cybersecurity defenses

Answer 30

External Threat Actors

Question 31

Tools, skills, and personnel at the disposal of a given threat actor

Answer 31

Resources and funding available to the specific threat actor

Question 32

Refers to their technical skill, the complexity of the tools and techniques they
use, and their ability to evade detection and countermeasures

Answer 32

Level of sophistication and capability of the specific threat actor

Question 33

○ Individual with limited technical knowledge
○ use pre-made software or scripts to exploit computer systems and
networks

Answer 33

Unskilled Attacker (Script Kiddie)

Question 34

Individuals or groups that use their technical skills to promote a cause or drive
social change instead of for personal gain

Answer 34

Hacktivists

Question 35

Organized cybercrime groups are groups or syndicates that have banded together to
conduct criminal activities in the digital world
■ Sophisticated and well structured
■ Use resources and technical skills for illicit gain

Answer 35

Organized Crime

Question 36

Groups or individuals that are sponsored by a government to conduct cyber
operations against other nations, organizations, or individuals

Answer 36

Nation-state Actor

Question 37

Attack that is orchestrated in such a way that it appears to originate from
a different source or group than the actual perpetrators, with the intent
to mislead investigators and attribute the attack to someone else

Answer 37

False Flag Attack

Question 38

A prolonged and targeted cyberattack in which an intruder gains unauthorized
access to a network and remains undetected for an extended period while trying
to steal data or monitor network activities rather than cause immediate damage

Answer 38

Advanced Persistent Threat (APT)

Question 39

■ Cybersecurity threats that originate from within the organization
■ Will have varying levels of capabilities

Answer 39

Insider Threats

Question 40

■ Use of information technology systems, devices, software, applications, and
services without explicit organizational approval
■ IT-related projects that are managed outside of, and without the knowledge of,
the IT department

Answer 40

Shadow IT

Question 40

Involves the use of personal devices for work purposes

Answer 40

Bring Your Own Devices (BYOD)

Question 41

Means or pathway by which an attacker can gain unauthorized access to a
computer or network to deliver a malicious payload or carry out an unwanted
action

Answer 41

Threat Vector

Question 42

Encompasses all the various points where an unauthorized user can try to enter
data to or extract data from an environment

Answer 42

Attack Surface

Question 43

Attack Surface can be minimized by:

Answer 43

Restricting Access
Removing unnecessary software
Disabling unused protocols

Question 44

Specific methods and patterns of activities or behaviors associated with a
particular threat actor or group of threat actors

Answer 44

Tactics, Techniques, and Procedures (TTP

Question 44

Use of voice calls to trick victims into revealing their sensitive
information to an attacker

Answer 44

Vishing

Question 45

Attacker might leave a malware-infected USB drive in a
location where their target might find it, such as in the
parking lot or the lobby of the targeted organization

Answer 45

Baiting

Question 45

Set of vulnerabilities in Bluetooth technology that can
allow an attacker to take over devices, spread malware, or
even establish an on-path attack to intercept
communications without any user interaction

Answer 45

BlueBorne

Question 46

Type of Denial of Service attack that targets
Bluetooth-enabled devices by sending a specially crafted
Logical Link Control and Adaptation Protocol packet to a
target device

Answer 46

BlueSmack

Question 47

Bogus DNS entries
Creating decoy directories
Dynamic page generation
Use of port triggering to hide services
Spoofing fake telemetry data

Answer 47

Some disruption technologies and strategies to help secure our enterprise networks

Question 47

Technologies designed to mislead, confuse, and divert attackers from critical
assets while simultaneously detecting and neutralizing threats

Answer 47

Deceptive and Disruption Technologies

Question 48

Fake Domain Name System entries introduced into your system’s DNS
server

Answer 48

Bogus DNS entries

Question 49

Fake folders and files placed within a system’s storage

Answer 49

Creating decoy directories

Question 50

Effective against automated scraping tools or bots trying to index or steal
content from your organization’s website

Answer 50

Dynamic page generation

Question 50

Port Triggering
○ Security mechanism where specific services or ports on a network
device remain closed until a specific outbound traffic pattern is
detected

Answer 50

Use of port triggering to hide services

Question 51

When a system detects a network scan is being attempted by an attacker,
it can be configured to respond by sending out fake telemetry or network
data

Answer 51

Spoofing fake telemetry data