Threat Actors Flashcards
1.2 2.1 2.2
Give me the different between Threat Actors Intent vs Motivation
Intent - Specific objective or goal that a threat actor is aiming to achieve through their attack
Motivation - Underlying reasons or driving forces that pushes a threat actor to carry out their attack
List motivations behind threat actors
Data Exfiltration - Unauthorized transfers of data from a computer
Financial Gain - Achieved through various means, such as ransomware attack, or through banking trojans that allow them to steal financial information
Blackmail - Attacker obtains sensitive or compromising information about an individual or an organization and threatens to release this information to the public unless certain demands are met
Service disruption - Some threat actors aim to disrupt the services
Philosophical or Political Beliefs - Hacktivist
Ethical Reasons - Motivated by a desire to improve security
Revenge
Disruption or Chaos - Creating and spreading malware to launching sophisticated cyberattacks.
Espionage - Spying organizations to gather sensitive or classified information
War
Some ways that Hacktivists strategies
Website Defacement - form of eletronic graffiti and is usually treated as an act of vandalism
Distributed Denial of Service attacks
Doxing
Leaking of sensitive data
Organized Crime
Sophisticated and well structures that uses tools like custom malware
Ransomware
Sophisticated phishing campaigns
Nation state actors
Creating custom malware
Using zero day exploits
Becoming an advanced persistent threats
What is an advanced Persistent Threat (APT)
Term that used to be used synonymously with a nation state actor because of their long term persistence and stealth
A prolonged and targeted cyberattack in which an intruder gains unauthorized access to a network and remains undetected for an extended period while trying to steal data or monitor netwokr activities rather than cause immediate damage. These advanced persistent threats are often sponsored by a nation state or its proxies
IT shadow
the use of IT-related hardware or software by a department or individual without the knowledge of the IT or security group within the organization.
What does TTPS mean
Tactics, techniques, and Procedures
Specific methods
Specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors
Deceptive and Disruption Technologies
Technologies designed to mislead, confuse, and divert attackers from critical assets while simultaneously detecting and neutralizing threats
I’m describing a Deceptive and Disruption Technologies - Decoy system or network set up to attract potential hackers
Honeypots
I’m describing a Deceptive and Disruption Technologies - Network of honeypots to create a more complex system that is designed to mimic an entire network of systems - Servers - Routers - Switches
Honeynets
I’m describing a Deceptive and Disruption Technologies - Decoy files placed within a system to lure in potential attackers
Honey files
I’m describing a Deceptive and Disruption Technologies - Piece of data or a resource that has no legitimate value or use but is monitored for access or use
Honeytokens
Here are some disruption technologies and strategies to help secure our enterprise networks
