Threat Actors Flashcards
Seccion 3 CompTia
What are the different motivations behind threat actors?
Data Exfiltration: Unauthorized transfer of data.
Financial Gain: Ransomware, banking trojans.
Blackmail: Threatens to expose sensitive information.
Service Disruption: Disrupt services for chaos, politics, or ransom.
Philosophical/Political Beliefs: Hacktivism by hacktivists.
Ethical Reasons: Ethical hacking to improve security.
Revenge: Retaliation against perceived wrongs.
Disruption/Chaos: Malware or cyberattacks for chaos.
Espionage: Spying for classified information.
War: Cyber warfare to disrupt infrastructure or security.
What techniques do hacktivists commonly use to achieve their objectives?
Website Defacement, DDoS Attacks, Doxing, Data Leaks
What characterizes organized cybercrime groups?
They are sophisticated, well-structured syndicates using advanced technical skills for illicit gain.
What advanced hacking techniques do organized cybercrime groups commonly use?
Custom Malware
Ransomware
Sophisticated Phishing
What is a False Flag Attack?
An attack designed to deceive by appearing to come from a different source than the actual perpetrators.
What advanced techniques do nation-state actors employ in cyber operations?
Custom Malware
Zero-Day Exploits
Advanced Persistent Threats (APTs):
What is an Advanced Persistent Threat (APT)?
A long-term, targeted cyber intrusion focused on data theft or surveillance.
What strategies can organizations employ to mitigate insider threats?
Zero-Trust Architecture
Robust Access Controls
Regular Audits
Employee Security Awareness Programs
What is Shadow IT?
The use of IT systems, devices, software, applications, and services without explicit organizational approval.
Why does Shadow IT exist?
It exists when an organization’s security measures are overly stringent or complex, negatively impacting business operations and leading employees to seek alternative solutions.
What is a Threat Vector?
A means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted action.
What is an Attack Surface?
The total sum of vulnerabilities in a given system that is accessible to an attacker. It encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment.
What are some common threat vectors used to attack enterprise networks?
Messages, images, files, voice calls, removable devices, and unsecure networks
What is BlueBorne
A set of Bluetooth vulnerabilities that allow attackers to take over devices, spread malware, or intercept communications without user interaction.
What is BlueSmack?
A Denial of Service (DoS) attack targeting Bluetooth-enabled devices by sending specially crafted Logical Link Control and Adaptation Protocol (L2CAP) packets to overwhelm the device.
What are Tactics, Techniques, and Procedures (TTPs)?
Specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors.
What are Deceptive and Disruption Technologies?
Technologies designed to mislead, confuse, and divert attackers from critical assets while simultaneously detecting and neutralizing threats.
What is Port Triggering?
A security mechanism where specific services or ports on a network device remain closed until a specific outbound traffic pattern is detected.
What is spoofing fake telemetry data?
A technique where a system, upon detecting a network scan, sends deceptive information to mislead attackers and protect critical assets.
