Threat Actors

Question 1

Threat Actor

Answer 1

An individual or entity responsible for incidents that impact security and data protection. Lone actor, national security organizations, government funded organizations etc

Question 2

What is the difference between the intent behind an attack and the motivation that fuels an attack?

Answer 2

Intent represents the objective to be completed
Motivation is the ideology for doing the attack in the first place

Question 3

What are the different threat actor motivations?

Answer 3

Data Exfiltration
Blackmail/intimidation
Espionage
Service Disruption
Financial Gain
Philosophical or Political Beliefs
Ethical Reasons
Revenge
Disruption or Chaos
War

Question 4

What are Attributes define a threat actor’s capabilities

Answer 4

Internal vs External Actor
Resources and Funding
Level of sophistication and ability

Question 5

Internal Threat Actor

Answer 5

Individuals or entities within an organization who pose a threat to it security.

Question 6

External Threat Actor

Answer 6

Individuals or entities outside the organization who attempt to breach security

Question 7

What are unskilled attackers?

Answer 7

An individual who lacks the technical knowledge to develop their own hacking tools or exploits

Question 8

What is a Hacktivist?

Answer 8

Individuals or groups that use their tech skills to promote a cause or drive social change. Think anonymous

Question 9

Why are Hacktivists dangerous?

Answer 9

They tend demonstrate fairly high levels of sophistication. Primarily motivated by their ideological belief rather than financial gain. One mans hero is another mans terrorist.

Question 10

What is organized crime?

Answer 10

The mafia dons of years gone by have moved operations online to keep up with the times. One example is FIN7

Question 11

Why are Organized crime syndicates dangerous?

Answer 11

Lots of resources and funding and high levels of sophistication. Their motivation is almost always for financial gain and sometimes revenge.

Question 12

What is a Nation State Actor?

Answer 12

Groups or individuals sponsored by a government against other nations, organizations, and independent actors. A “dog of the state” in the words of Edward Elric

Question 13

Why are Nation State Actors dangerous?

Answer 13

Because they have resources and funding coming from a nation. High levels of sophistication and they usually operate in the shadows. The shadow of the nation

Question 14

What are insider threats?

Answer 14

Harm that comes from within. Has the potential to be highly dangerous given pre-existing knowledge.

Question 15

What is Shadow IT?

Answer 15

The usage of IT systems, devices, software, applications, and services without explicit organizational approval. These are managed outside the organization’s IT department

Question 16

What causes Shadow IT?

Answer 16

When security expectations are set way too high. Security is best when it tows the line between being secure and not cumbersome.

Question 17

What is a threat vector?

Answer 17

A way for attackers to enter a network or system

Question 18

What is an attack surface?

Answer 18

Encompasses all the various points in a system where a unauthorized user can try to carry out an attack.

Question 19

What are some ways to minimize an Attack Surface?

Answer 19

• Restricting Access
• Removing Unnecessary Software
• Disabling Unused Ports

Question 20

What are some Threat Vectors?

Answer 20

• Messaging: Phishing, smishing, IM, etc
• Images: Malicious code in image files
• Voice Calls: Vishing attacks
• Files: Use of malicious files to deliver a threat
• Unsecured Network
• Removable Devices

Question 21

What is a honeypot?

Answer 21

Decoy Systems or networks setup to attract hackers.

Question 22

What is a honeynet?

Answer 22

Network of honeypots to create a more complex system.

Question 23

What is a honeyfile?

Answer 23

Decoy files placed within a system to lure in potential attackers.

Question 24

What are HoneyTokens?

Answer 24

A piece of data or resource that has no legit value or use but is monitored for access or use.

Question 25

Why do we use Honey traps i.e pots, nets, files, and tokens?

Answer 25

These allow us to study an attacker. Their intent and motivations. They can also be used as decoys.

Question 26

What are TTPs?

Answer 26

Tactics, Techniques, and Procedures. These are the specific methods and patterns of activities associated with a particular threat actor(s)