Threat Actors Flashcards

1
Q

Threat Actor

A

An individual or entity responsible for incidents that impact security and data protection. Lone actor, national security organizations, government funded organizations etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the difference between the intent behind an attack and the motivation that fuels an attack?

A

Intent represents the objective to be completed
Motivation is the ideology for doing the attack in the first place

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the different threat actor motivations?

A

Data Exfiltration
Blackmail/intimidation
Espionage
Service Disruption
Financial Gain
Philosophical or Political Beliefs
Ethical Reasons
Revenge
Disruption or Chaos
War

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are Attributes define a threat actor’s capabilities

A

Internal vs External Actor
Resources and Funding
Level of sophistication and ability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Internal Threat Actor

A

Individuals or entities within an organization who pose a threat to it security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

External Threat Actor

A

Individuals or entities outside the organization who attempt to breach security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are unskilled attackers?

A

An individual who lacks the technical knowledge to develop their own hacking tools or exploits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a Hacktivist?

A

Individuals or groups that use their tech skills to promote a cause or drive social change. Think anonymous

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Why are Hacktivists dangerous?

A

They tend demonstrate fairly high levels of sophistication. Primarily motivated by their ideological belief rather than financial gain. One mans hero is another mans terrorist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is organized crime?

A

The mafia dons of years gone by have moved operations online to keep up with the times. One example is FIN7

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why are Organized crime syndicates dangerous?

A

Lots of resources and funding and high levels of sophistication. Their motivation is almost always for financial gain and sometimes revenge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a Nation State Actor?

A

Groups or individuals sponsored by a government against other nations, organizations, and independent actors. A “dog of the state” in the words of Edward Elric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why are Nation State Actors dangerous?

A

Because they have resources and funding coming from a nation. High levels of sophistication and they usually operate in the shadows. The shadow of the nation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are insider threats?

A

Harm that comes from within. Has the potential to be highly dangerous given pre-existing knowledge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Shadow IT?

A

The usage of IT systems, devices, software, applications, and services without explicit organizational approval. These are managed outside the organization’s IT department

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What causes Shadow IT?

A

When security expectations are set way too high. Security is best when it tows the line between being secure and not cumbersome.

17
Q

What is a threat vector?

A

A way for attackers to enter a network or system

18
Q

What is an attack surface?

A

Encompasses all the various points in a system where a unauthorized user can try to carry out an attack.

19
Q

What are some ways to minimize an Attack Surface?

A
  • Restricting Access
  • Removing Unnecessary Software
  • Disabling Unused Ports
20
Q

What are some Threat Vectors?

A
  • Messaging: Phishing, smishing, IM, etc
  • Images: Malicious code in image files
  • Voice Calls: Vishing attacks
  • Files: Use of malicious files to deliver a threat
  • Unsecured Network
  • Removable Devices
21
Q

What is a honeypot?

A

Decoy Systems or networks setup to attract hackers.

22
Q

What is a honeynet?

A

Network of honeypots to create a more complex system.

23
Q

What is a honeyfile?

A

Decoy files placed within a system to lure in potential attackers.

24
Q

What are HoneyTokens?

A

A piece of data or resource that has no legit value or use but is monitored for access or use.

25
Q

Why do we use Honey traps i.e pots, nets, files, and tokens?

A

These allow us to study an attacker. Their intent and motivations. They can also be used as decoys.

26
Q

What are TTPs?

A

Tactics, Techniques, and Procedures. These are the specific methods and patterns of activities associated with a particular threat actor(s)