Threat Actors Flashcards
Threat Actor
An individual or entity responsible for incidents that impact security and data protection. Lone actor, national security organizations, government funded organizations etc
What is the difference between the intent behind an attack and the motivation that fuels an attack?
Intent represents the objective to be completed
Motivation is the ideology for doing the attack in the first place
What are the different threat actor motivations?
Data Exfiltration
Blackmail/intimidation
Espionage
Service Disruption
Financial Gain
Philosophical or Political Beliefs
Ethical Reasons
Revenge
Disruption or Chaos
War
What are Attributes define a threat actor’s capabilities
Internal vs External Actor
Resources and Funding
Level of sophistication and ability
Internal Threat Actor
Individuals or entities within an organization who pose a threat to it security.
External Threat Actor
Individuals or entities outside the organization who attempt to breach security
What are unskilled attackers?
An individual who lacks the technical knowledge to develop their own hacking tools or exploits
What is a Hacktivist?
Individuals or groups that use their tech skills to promote a cause or drive social change. Think anonymous
Why are Hacktivists dangerous?
They tend demonstrate fairly high levels of sophistication. Primarily motivated by their ideological belief rather than financial gain. One mans hero is another mans terrorist.
What is organized crime?
The mafia dons of years gone by have moved operations online to keep up with the times. One example is FIN7
Why are Organized crime syndicates dangerous?
Lots of resources and funding and high levels of sophistication. Their motivation is almost always for financial gain and sometimes revenge.
What is a Nation State Actor?
Groups or individuals sponsored by a government against other nations, organizations, and independent actors. A “dog of the state” in the words of Edward Elric
Why are Nation State Actors dangerous?
Because they have resources and funding coming from a nation. High levels of sophistication and they usually operate in the shadows. The shadow of the nation
What are insider threats?
Harm that comes from within. Has the potential to be highly dangerous given pre-existing knowledge.
What is Shadow IT?
The usage of IT systems, devices, software, applications, and services without explicit organizational approval. These are managed outside the organization’s IT department