Threat Actors Flashcards
Threat Actor
An individual or entity responsible for incidents that impact security and data protection. Lone actor, national security organizations, government funded organizations etc
What is the difference between the intent behind an attack and the motivation that fuels an attack?
Intent represents the objective to be completed
Motivation is the ideology for doing the attack in the first place
What are the different threat actor motivations?
Data Exfiltration
Blackmail/intimidation
Espionage
Service Disruption
Financial Gain
Philosophical or Political Beliefs
Ethical Reasons
Revenge
Disruption or Chaos
War
What are Attributes define a threat actor’s capabilities
Internal vs External Actor
Resources and Funding
Level of sophistication and ability
Internal Threat Actor
Individuals or entities within an organization who pose a threat to it security.
External Threat Actor
Individuals or entities outside the organization who attempt to breach security
What are unskilled attackers?
An individual who lacks the technical knowledge to develop their own hacking tools or exploits
What is a Hacktivist?
Individuals or groups that use their tech skills to promote a cause or drive social change. Think anonymous
Why are Hacktivists dangerous?
They tend demonstrate fairly high levels of sophistication. Primarily motivated by their ideological belief rather than financial gain. One mans hero is another mans terrorist.
What is organized crime?
The mafia dons of years gone by have moved operations online to keep up with the times. One example is FIN7
Why are Organized crime syndicates dangerous?
Lots of resources and funding and high levels of sophistication. Their motivation is almost always for financial gain and sometimes revenge.
What is a Nation State Actor?
Groups or individuals sponsored by a government against other nations, organizations, and independent actors. A “dog of the state” in the words of Edward Elric
Why are Nation State Actors dangerous?
Because they have resources and funding coming from a nation. High levels of sophistication and they usually operate in the shadows. The shadow of the nation
What are insider threats?
Harm that comes from within. Has the potential to be highly dangerous given pre-existing knowledge.
What is Shadow IT?
The usage of IT systems, devices, software, applications, and services without explicit organizational approval. These are managed outside the organization’s IT department
What causes Shadow IT?
When security expectations are set way too high. Security is best when it tows the line between being secure and not cumbersome.
What is a threat vector?
A way for attackers to enter a network or system
What is an attack surface?
Encompasses all the various points in a system where a unauthorized user can try to carry out an attack.
What are some ways to minimize an Attack Surface?
- Restricting Access
- Removing Unnecessary Software
- Disabling Unused Ports
What are some Threat Vectors?
- Messaging: Phishing, smishing, IM, etc
- Images: Malicious code in image files
- Voice Calls: Vishing attacks
- Files: Use of malicious files to deliver a threat
- Unsecured Network
- Removable Devices
What is a honeypot?
Decoy Systems or networks setup to attract hackers.
What is a honeynet?
Network of honeypots to create a more complex system.
What is a honeyfile?
Decoy files placed within a system to lure in potential attackers.
What are HoneyTokens?
A piece of data or resource that has no legit value or use but is monitored for access or use.
Why do we use Honey traps i.e pots, nets, files, and tokens?
These allow us to study an attacker. Their intent and motivations. They can also be used as decoys.
What are TTPs?
Tactics, Techniques, and Procedures. These are the specific methods and patterns of activities associated with a particular threat actor(s)