Threat Actors Flashcards
Objectives 1.2, 2.1, and 2.2
Informational
Threat Actor Motivations
Threat Actors
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
- Data Exfiltration
- Blackmail
- Espionage
- Service Disruption
- Financial Gain
- Philosophical / Politcal Beliefs
- Ethical Reasons
- Revenge
- Disruption / Chaos
- War
Threat Actors
Informational
Informational
Threat Actor Attributes
Threat Actors
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
- Internal vs. External Threat Actors
- Differences in resources and funding
- Level of sphistication
Threat Actors
Informational
Define / Explain
Unskilled Attackers
Threat Actors
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Limited technical expertise, use readily available tools
Threat Actors
Types of Threat Actors
Define / Explain
Hacktivists
Threat Actors
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Driven by political, social, or environmental ideologies
Threat Actors
Types of Threat Actors
Define / Explain
Organized Crime
Threat Actors
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Execute cyberattacks for financial gain (e.g., ransomeware, identity theft)
Threat Actors
Types of Threat Actors
Define / Explain
Nation-state Actor
Threat Actors
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Highly skilled attackers sponsored by governments for cyber espionage or warfare
Threat Actors
Types of Threat Actors
Define / Explain
Insider Threats
Threat Actors
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Security threats originating from within the organization
Threat Actors
Types of Threat Actors
Define / Explain
Shadow IT
Threat Actors
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
IT systems, devices, software, or services managed without explicit organizational approval
Threat Actors
Shadow IT
Informational
Threat Vectors and Attack Surfaces
Threat Actors
Obj. 2.2 - Explain common threat vectors and attack surfaces | Threat Actors
- Message-based
- Image-based
- File-based
- Voice Calls
- Removable Devices
- Unsecured Networks
Threat Actors
Informational
Define / Explain
Honeypots
Threat Actors
Deception and Disruption Technologies | Threat Actors
Decoy systems to attract and deceive attackers
Threat Actors
Define / Explain
Define / Explain
Honeynets
Threat Actors
Deception and Disruption Technologies | Threat Actors
Network of decoy systems for observing complex attacks
Threat Actors
Define / Explain
Define / Explain
Honeyfiles
Threat Actors
Deception and Disruption Technologies | Threat Actors
Decoy files to detect unauthorized access or data breaches
Threat Actors
Define / Explain
Define / Explain
Honeytokens
Threat Actors
Deception and Disruption Technologies | Threat Actors
Fake data to alert administrators when accessed or used
Threat Actors
Define / Explain
Define / Explain
Threat Actors Intent
Threat Actor Motivations
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Specific objective or goal that a threat actor is aiming to achieve through their attack
Threat Actor Motivations
Define / Explain
Define / Explain
Threat Actors Motiviation
Threat Actor Motivations
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Underlying reasons or driving forces that pushes a threat actor to carry out their attack
Threat Actor Motivations
Define / Explain
Define / Explain
Data Exfiltration
Threat Actor Motivations
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Unauthorized transfer of data from a computer
Threat Actor Motivations
Define / Explain
Define / Explain
Financial Gain
Threat Actor Motivations
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Achieved through various means, such as ransomware attacks, or through banking trojans that allow them to steal financial information in order to gain unauthorized access into the victims’ bank accounts
Threat Actor Motivations
Define / Explain
Define / Explain
Blackmail
Threat Actor Motivations
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Attacker obtains sensitive or compromising information about an individual or an organization and threatens to release this information to the public unless certain demands are met
Threat Actor Motivations
Define / Explain
Informational
Service Disruption
Threat Actor Motivations
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Some threat actors aim to disrupt the services of various organizations, either to cause chaos, make a political statement, or to demand a ransom
Threat Actor Motivations
Define / Explain
Informational
Philosophical / Political Beliefs
Threat Actor Motivations
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
- Attacks that are conducted due to the philosophical or political beliefs of the attackers is known as hacktivism
- Common motivation for a specific type of threat actor known as a hacktivist
Threat Actor Motivations
Informational
Informational
Ethical Reasons
Threat Actor Motivations
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Contrary to malicious threat actors, ethical hackers, also known as authorized hackers, are motivated by a desire to improve security
Threat Actor Motivations
Informational
Informational
Revenge
Threat Actor Motivations
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
It can also be a motivation for a threat actor that wants to target an entity that they believe has wronged them in some way
Threat Actor Motivations
Informational
Informational
Disruption / Chaos
Threat Actor Motivations
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Created and spreading malware to launching sophisticated cyberattacks against the critical infrastructure in a populated city
Threat Actor Motivations
Informational
Define / Explain
Espionage
Threat Actor Motivations
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Spying on individuals, organizations, or nations to gather sensitive or classified information
Threat Actor Motivations
Define / Explain
Informational
War
Threat Actor Motivations
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Cyber warfare can be used to disrupt a country’s infrastructure, compromise its national security, and to cause economic damage
Threat Actor Motivations
Informational
Define / Explain
Internal Threat Actors
Threat Actor Attributes
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Individuals or entities within an organization who pose a threat to its security
Threat Actor Attributes
Define / Explain
Define / Explain
External Threat Actors
Threat Actor Attributes
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Individuals or groups outside an organization who attempt to breach its cybersecurity defenses
Threat Actor Attributes
Define / Explain
Define / Explain
Script Kiddie
(Unskilled Attacker)
Threat Actor Attributes
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
- Individual with limited technical knowledge
- Use pre-made software or scripts to exploit computer systems and networks
Threat Actor Attributes
Define / Explain
Define / Explain
Hacktivists
Hacktivists
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Individuals or groups that use their technical skills to promote a cause or drive social change instead of for personal gain
Hacktivists
Define / Explain
Define / Explain
Hacktivism
Hacktivists
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Activities in which the use of hacking and other cyber techniques is used to promote or advance a political or social cause
Hacktivists
Define / Explain
Define / Explain
Website Defacement
Hacktivists
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Form of electronic graffiti and is usually treated as an act of vandalism
Hacktivists
Define / Explain
Define / Explain
Distributed Denial of Service Attacks
(DDoS)
Hacktivists
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Attempting to overwhelm the victim’s systems or networks so that they cannot be accessed by the organization’s legitimate users
Hacktivists
Define / Explain
Define / Explain
Doxing
Hacktivists
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Involves the public release of private information about an individual or organization
Hacktivists
Define / Explain
Define / Explain
Leaking of Sensitive Data
Hacktivists
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Releasing sensitive data to the public at large over the internet
Hacktivists
Define / Explain
Informational
Anonymous
(group)
Hacktivists
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Loosely affiliated collective that has been involved in numerous high-profile attacks over the years for targeting organizations that they perceive as acting unethically or against the public interest at large
Hacktivists
Informational
Informational
Organized Cyber Crime Groups
Organized Crime
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Sophisticated and well-structured entities that leverage resources and technical skills for illicit gain
Organized Crime
Informational
Define / Explain
Nation-State Actor
Nation-State Actor
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Groups or individuals that are sponsored by a government to conduct cyber operations against other nations, organizations, or individuals
Nation-State Actor
Define / Explain
Define / Explain
False Flag Attack
Nation-State Actor
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Attack that is orchestrated in such a way that it appears to originate from a different source or group than the actual perpetrators, with the intent to mislead investigators and attribute the attack to someone else
Nation-State Actor
Define / Explain
Define / Explain
Stuxnet Worm
Nation-State Actor
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Sophisticated piece of malware that was designed to sabotage the Iranian government’s nuclear program
Nation-State Actor
Define / Explain
Define / Explain
Advanced Persistent Threat
(APT)
Nation-State Actor
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Term that used to be used synonymously with a nation-state actor because of their long-term persistence and stealth
Nation-State Actor
Define / Explain
Informational
Advanced Persistent Threat
(APT)
Nation-State Actor
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
- A prolonged and targeted cyberattack in which an intruder gains unauthorized access to a network and remains undetected for an extended period while trying to steal data or monitor network activities rather than cause damage
- These advanced persistent threats are often sponsored by a nation-state or its proxies, like organized cybercrime groups
Nation-State Actor
Informational
Informational
What motivates a nation-state actor?
Nation-State Actor
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Nation-state actors are motivated to achieve their long-term strategic goals, and they are not seeking financial gain
Nation-State Actor
Informational
Define / Explain
Insider Threats
Insider Threats
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Cybersecurity threats that originate from within the organization, and will have varying levels of capabilities
Insider Threats
Define / Explain
Informational
Insider threats can take various forms…
Insider Threats
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
- Data theft
- Sabotage
- Misuse of access privileges
Insider Threats
Informational
Informational
Each insider threat is driven by different motivations…
Insider Threats
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
- Some are driven by financial gain and they want to profit from the sale of sensitive organizational data to others
- Some may be motivated by revenge and are aiming to harm the organization due to some kind of perceived wrong levied against the insider
- Some may take actions as a result of carelessness or a lack of awareness of cybersecurity best practices
Insider Threats
Informational
Informational
Insider Threat…
(Remember)
Insider Threats
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
refers to the potential risk posed by individuals within an organization who have access to sensitive information and systems, and who may misuse this access for malicious or unintended purposes
Insider Threats
Informational
Informational
To mitigate the risk of an insider threat being successful, organizations should implement the following
(Remember)
Insider Threats
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
- Zero-trust architecture
- Employ robust access controls
- Conduct regular audits
- Provide effective employee security awareness programs
Insider Threats
Informational
Define / Explain
Shadow IT
Shadow IT
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Use of information technology systems, devices, software, applications, and services without explicit organizational approval
Shadow IT
Define / Explain
Informational
Shadow IT
Shadow IT
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
IT-related projects that are managed outside of, and without the knowledge of, the IT department
Shadow IT
Informational
Informational
Why does Shadow IT exist?
Shadow IT
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
An organization’s security posture is set too complex/high for business operations to occur without being negatively affected
Shadow IT
Informational
Informational
Bring Your Own Devices (BYOD)
Shadow IT
Obj. 2.1 - Compare and contrast common threat actors and motivations | Threat Actors
Involves the use of personal devices for work purposes
Shadow IT
Informational
Define / Explain
Threat Vector
Threat Vectors and Attack Surfaces
Obj. 2.2 - Explain common threat vectors and attack surfaces
Means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted action
Threat Vectors and Attack Surfaces
Define / Explain
Define / Explain
Attack Surface
Threat Vectors and Attack Surfaces
Obj. 2.2 - Explain common threat vectors and attack surfaces
Encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment
Threat Vectors and Attack Surfaces
Define / Explain
Informational
Attack Surface can be minimized by…
Threat Vectors and Attack Surfaces
Obj. 2.2 - Explain common threat vectors and attack surfaces
- Restricting access
- Removing unnecessary software
- Disabling unused protocols
Threat Vectors and Attack Surfaces
Informational
Define / Explain
Think of threat vector as…
Threat Vectors and Attack Surfaces
Obj. 2.2 - Explain common threat vectors and attack surfaces
the “how” of an attack
Threat Vectors and Attack Surfaces
Define / Explain
Define / Explain
Think of attack surface as…
Threat Vectors and Attack Surfaces
Obj. 2.2 - Explain common threat vectors and attack surfaces
the “where” of an attack
Threat Vectors and Attack Surfaces
Define / Explain
Define / Explain
Messages
(Threat Vector Methods)
Threat Vectors and Attack Surfaces
Obj. 2.2 - Explain common threat vectors and attack surfaces
- Message-based threat vectors include threats delivered via email, simple message service (SMS text messaging), or other forms of instant messaging
- Phishing campaigns are commonly used as part of a message-based threat vector when an attacker impersonates a trusted entity to trick its victims into revealing their sensitive information to the attacker
Threat Vectors and Attack Surfaces
Define / Explain
Informational
Images
(Threat Vector Methods)
Threat Vectors and Attack Surfaces
Obj. 2.2 - Explain common threat vectors and attack surfaces
Image-based threat vectors involve the embedding of malicious code inside of an image file by the threat actor
Threat Vectors and Attack Surfaces
Informational
Informational
Files
(Threat Vector Methods)
Threat Vectors and Attack Surfaces
Obj. 2.2 - Explain common threat vectors and attack surfaces
The files, often disguised as legitimate documents or software, can be transferred as email attachments, through file-sharing services, or hosted on a malicous website
Threat Vectors and Attack Surfaces
Informational
Informational
Voice Calls / Vhishing
(Threat Vector Methods)
Threat Vectors and Attack Surfaces
Obj. 2.2 - Explain common threat vectors and attack surfaces
Use of voice calls to trick victims into revealing their sensitive information to an attacker
Threat Vectors and Attack Surfaces
Informational
Informational
Removable Devices / Baiting
(Threat Vector Methods)
Threat Vectors and Attack Surfaces
Obj. 2.2 - Explain common threat vectors and attack surfaces
Attacker might leave a malware-infected USB drive in a location where their target might find it, such as in the parking lot or the lobby of the targeted organization
Threat Vectors and Attack Surfaces
Informational
Informational
Unsecure Networks / Wireless
(Threat Vector Methods)
Threat Vectors and Attack Surfaces
Obj. 2.2 - Explain common threat vectors and attack surfaces
If wireless networks are not properly secured, unauthorized individuals can intercept the wireless communications or gain access to the network
Threat Vectors and Attack Surfaces
Informational
Informational
Unsecure Networks / Wired
(Threat Vector Methods)
Threat Vectors and Attack Surfaces
Obj. 2.2 - Explain common threat vectors and attack surfaces
Physical access to the network infrastructure can lead to various attacks such as:
* MAC Address Cloning
* VLAN Hopping
Threat Vectors and Attack Surfaces
Informational
Informational
Unsecure Networks / Bluetooth
(Threat Vector Methods)
Threat Vectors and Attack Surfaces
Obj. 2.2 - Explain common threat vectors and attack surfaces
BlueBorne
Set of vulnerabilities in bluetooth technology that can allow an attacker to take over devices, spread malware, or even establish an on-path attack to intercept communications without any user interaction
Threat Vectors and Attack Surfaces
Informational
Define / Explain
Unsecure Networks / Bluetooth
(Threat Vector Methods)
Threat Vectors and Attack Surfaces
Obj. 2.2 - Explain common threat vectors and attack surfaces
BlueSmack
Type of denial of service attack that targets bluetooth-enabled devices by sending a specially crafted logical link control and adaptation protocol packet to a target device
Threat Vectors and Attack Surfaces
Informational
Define / Explain
Tactics, Techniques, and Procedures (TTPs)
Outsmarting Threat Actors
Obj. 1.2 - Summarize fundamental security concepts
Specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors
Outsmarting Threat Actors
Define / Explain
Define / Explain
Deceptive / Disruption Technologies
Outsmarting Threat Actors
Obj. 1.2 - Summarize fundamental security concepts
Technologies designed to mislead, confuse, and divert attackers from critical assets while simultaneously detecting and neutralizing threats
Outsmarting Threat Actors
Define / Explain
Define / Explain
Honeypots
Outsmarting Threat Actors
Obj. 1.2 - Summarize fundamental security concepts`
Decoy system or network set up to attract potential hackers
Outsmarting Threat Actors
Define / Explain
Define / Explain
Honeynets
Outsmarting Threat Actors
Obj. 1.2 - Summarize fundamental security concepts
Network of honeypots to create a more complex system that is designed to mimic an entire network of systems
* Servers
* Routers
* Switches
Outsmarting Threat Actors
Define / Explain
Define / Explain
Honeyfiles
Outsmarting Threat Actors
Obj. 1.2 - Summarize fundamental security concepts
Decoy file placed within a system to lure in potential attackers
Outsmarting Threat Actors
Define / Explain
Define / Explain
Honeytokens
Outsmarting Threat Actors
Obj. 1.2 - Summarize fundamental security concepts
Piece of data or a resource that has no legitimate value or use but is monitored for access or use
Outsmarting Threat Actors
Define / Explain
Define / Explain
Bogus DNS entries
(Disruption technology/strategy)
Outsmarting Threat Actors
Obj. 1.2 - Summarize fundamental security concepts
Fake Domain Name System entries introduced into your system’s DNS server
Outsmarting Threat Actors
Define / Explain
Define / Explain
Creating decoy directories
(Disruption technology/strategy)
Outsmarting Threat Actors
Obj. 1.2 - Summarize fundamental security concepts
Fake folders and files placed wtihin a system’s storage
Outsmarting Threat Actors
Define / Explain
Define / Explain
Dynamic page generation
(Disruption technology/strategy)
Outsmarting Threat Actors
Obj. 1.2 - Summarize fundamental security concepts
Effective against automated scraping tools or bots trying to index or steal content from your organization’s website
Outsmarting Threat Actors
Define / Explain
Define / Explain
Port Triggering
(Disruption technology/strategy)
Outsmarting Threat Actors
Obj. 1.2 - Summarize fundamental security concepts
Security mechanism where specific services or ports on a network device remain closed until a specific outbound traffic pattern is detected (use of port triggering to hide services)
Outsmarting Threat Actors
Define / Explain
Define / Explain
Spoofing fake telemetry data
(Disruption technology/strategy)
Outsmarting Threat Actors
Obj. 1.2 - Summarize fundamental security concepts
When a system detects a network scan is being attempted by an attacker, it can be configured to respond by sending out fake telemetry or network data
Outsmarting Threat Actors
Define / Explain
