Threat Actors Flashcards
An individual or entity responsible for incidents that impact security and data protection.
Threat Actor
Specific characteristics or properties that define and differentiate various threat actors from one another are known as:
Threat Actor Attributes
Individuals with limited technical expertise who use readily available tools like downloaded scripts or exploits to carry out attacks are known as:
Unskilled Attackers
Cyber Attackers who carry out their activities driven by political, social change, or environmental ideologies who often want to draw attention to a specific cause instead of personal gain are known as:
Hacktivists
Well structured groups that execute cyberattacks for financial gain, usually through methods like ransomware, identity theft or credit card fraud are known as:
Organized Crime
Highly skilled attackers that are sponsored by governments to carry out cyber espionage, sabotage, or cyber warfare against other nation states or specific targets in a variety of industries.
Nation State Attackers
Security threats that originate from within the organization
insider Threats
What is IT systems, devices, software, applications, and services called that are managed and utilized without explicit organizational approval?
Shadow IT ( Stealth IT or Client IT )
Decoy systems or servers designed to attract and deceive potential attackers, simulating real-world IT assets to study their techniques. They can be used against insider threats to detect internal fraud, snooping, and malpractice. Place it within a screened subnet or isolated segment that is easily accessed by potential attackers are called:
Honeypots
normally used by big organizations where these are a network of Honeypots used to create an entire network of systems like servers, routers, and switches of decoy systems to observe complex, multi-stage attacks logs all activities to provide a wealth of data about both successful and unsuccessful attacks:
Honeynets
Decoy files placed within systems to detect unauthorized access, lures attackers, or data breaches are known as
Honeyfiles
Fake pieces of data, like a fabricated user credential, great for insider threats and inserted into databases or systems to alert administrators when they are accessed or used are called:
Honeytokens
examples of Threat Actor Motivations include:
Data Exfiltration - unauthorized transfer of data from a PC
Blackmail
Espionage - committed by nation state actors
Service Disruption - Distributed Denial of Service (DDOS)
Financial Gain - ransomware attacks / Banking Trojans
Philosophical or Political Beliefs
Ethical Reasons
Revenge
Disruption or chaos
War
These refer to the tools, skills, and personnel at the disposal of a given threat actor
Resources and Funding
Internal vs. External
Resources and Funding
Level of sophistication and capability are examples of:
Threat Actor Attributes
Unskilled attackers who depend on other peoples scripts or hacking tools, who are motivated by a desire for recognition or the thrill are also known as:
Script Kiddies
Software tools like DDOS, low orbit ion cannon
Unskilled attackers
Hacktivists use the following:
Website Defacement -
DDOS Attacks - where the attack is to stop your organizations legitimate users to be able to access
Doxing - involves public release about an individual or org
Leaking of Sensitive Data -
Some Hacktivists groups include:
LulzSec - 50 Days of Lulz
Anonymous - Operation Payback
Sophisticated and well-structured entities that leverage resources and technical skills for illicit gain
Organizied Cyber Crime Groups
Organized Cyber Crime Groups employ advanced hacking techniques and tools like:
Custom malware
Ransomware
Sophisticated phishing campaigns
Organized Cyber Crime Groups also utilize the following to facilitate their activities and evade detection.
Cryptocurrencies
Dark Web
Cellular Collection Devices
Organizied Cyber Crime Groups are known to:
Data Breaches
Identity Theft
Online Fraud
Ransomware Attacks
A well known Organizied Cyber Crime Group that has been linked to numerous high-profile data breaches using phishing campaigns is known as:
FIN7
A well known Organizied Cyber Crime Group that has said to have stolen over 1 billion dollars from banks all around the world is know as:
Carbanak
Nation-state actors deploy this type of attack that is orchestrated in such a way that it appears to originate from a different source or group:
False Flag Attack
You will find that these type of actors are some of the most sophisticated, dangerous, and troublesome you will run across:
Nation-state actors
Advanced Persistent Threats
Nation-state actors
Creating Custom Malware
Using Zero-Day Exploits
Become an Advanced Persistent Threat - persistent and stealth
APT is a prolonged and targeted cyberattack is also known as:
Advanced Persistent Threat
__________ are not in it for financial gain, only to achieve their intended goals.
Nation-state actors
Nation-state actors objectives are to:
Gather Intelligence
Disrupt Critical Infrastructure
Influence Political Processes
in 2011 this sophisticated piece of malware was designed to sabotage the Iranian government’s nuclear program is:
Stuxnet Worm
Insider threats can include:
Data Theft
Sabotage
Misuse of Access Privileges
In 2013 __________ leaked a vast amount of info from a National Security Agency to the media
Edward Snowden
To mitigate an __________ __________from being successful, organizations should implement a zero trust, employ robust access controls, conduct regular audits, and provide effective employee security awareness programs.
Insider attack
Shadow IT could be one of the following:
Use of Personal Devices “BYOD” for Work Purposes - monitors, laptops, smart phones,
Installation of Unapproved Software - plugins extensions
Use of Cloud Services that have not been approved by org - using: DropBox, iDrive, amazon drive.
The means or Pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted action is known as a:
Threat Vector ( or how of the attack )
This encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment:
Attach surface ( or the aware of the attack )
to help significantly increase the security posture and minimize the attack surface you can:
Restricting access
Removing Unnecessary Software
Disabling Unused Protocols
Some examples of Threat Vectors include:
Messages - phishing
Images - embedding of malicious code inside the image
Files - downloaded from websites
Voice Calls
Removable Devices - baiting, like finding a USB lying around
Unsecure Networks - Mac Address cloning or VLAN hopping. By Bluetooth, like BlueBorne or the BlueSmack Exploits.
A set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices or spread malware is known as:
Blueborne
A type of Denial of Service attack that targets Bluetooth-enabled devices by sending a specially crafted Logical Link Control and Adaptation Protocol packet to a target device is known as:
BlueSmack
To help prevent threat actors from entering your network you should utilize deception technologies like:
Honeypots
Honeynets
Honeyfiles
Honeytokens
To help log, monitor, and track threat actors.
using, Honeypots, Honeynets, Honeyfiles, and Honeytokens we can learn threat actors:
( TTPs ) or Tactics, Techniques, and Procedures
What is specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors called?
( TTPs ) or Tactics, Techniques, and Procedures
Examples of disruption technologies include:
Using bogus DNS entries
Creating decoy directories
Generating dynamic page- Used in websites to present ever-changing content to web crawlers to confuse and slow down the threat actor
Using port triggering
Spoofing fake telemetry data - used normally when a system sees that a attacker’s trying to scan the network
