Threat Actors

Question 1

List some threat actor motivations

Answer 1

Data Exfiltration, Blackmail, Espionage, Service Disruption, Financial Gain, Philosophical/Political Beliefs, Ethical Reasons, Revenge, Disruption/Chaos, War

Question 2

List the different types of threat actors
Explain their attributes

Answer 2

Unskilled Attackers: Limited technical expertise, use readily available tools

Hacktivists: Driven by political, social, or environmental ideologies

Organized Crime: Execute cyberattacks for financial gain (e.g., ransomware, identity theft)

Nation-state Actor: Highly skilled attackers sponsored by governments for cyber espionage or warfare

Insider Threats: Security threats originating from within the organization

Question 3

What is shadow IT?

Answer 3

IT systems, devices, software, or services managed without explicit organizational approval

Question 4

What are some threat vectors and attack surfaces?

Answer 4

Message-based, Image-based, File-based, Voice Calls, Removable Devices, and Unsecured networks

Question 5

List some deception and disruption technologies and explain what they do

Answer 5

Honeypots: Decoy systems to attract and deceive attackers

Honeynets: Network of decoy systems for observing complex attacks

Honeyfiles: Decoy files to detect unauthorized access or data breaches

Honeytokens: Fake data to alert administrators when accessed or used

Question 6

What is the difference between a threat actor’s intent and motivation?

Answer 6

Intent is the specific objective or goal that a threat actor aims to achieve through their attack, while motivation refers to the underlying reasons or driving forces that push a threat actor to carry out their attack.

Question 7

What is Data Exfiltration?

Answer 7

The unauthorized transfer of data from a computer

Question 8

How can Financial Gain be achieved by threat actors?

Answer 8

Through various means such as ransomware attacks or banking trojans that steal financial information to gain unauthorized access to victims’ bank accounts.

Question 9

What is Blackmail in the context of cyber threats?

Answer 9

When an attacker obtains sensitive or compromising information and threatens to release it unless certain demands are met.

Question 10

What is espionage in the context of cyber threats?

Answer 10

Spying on individuals, organizations, or nations to gather sensitive or classified information

Question 11

In the world of cybersecurity, we usually classify the lowest skilled threat actors as

Answer 11

script kiddies

Question 12

What is one way unskilled attackers cause damage?

Answer 12

launching DDoS attacks

Question 13

What is hacktivism?

Answer 13

Hacktivism refers to attacks conducted to promote a political or social cause, often associated with a specific type of threat actor known as a hacktivist

Question 14

What are some of the techniques hacktivists use to achieve their goals?

Answer 14

Website Defacement: Form of electronic graffiti and is usually treated as an act of vandalism

Distributed Denial of Service (DDoS) Attacks: Attempting to overwhelm the victim’s systems or networks so that they cannot be accessed by the organization’s legitimate users

Doxing: Involves the public release of private information about an individual or organization

Leaking of Sensitive Data: Releasing sensitive data to the public at large over the internet

Question 15

Most well-known hacktivist groups is?

Answer 15

Anonymous

Question 15

An attack that is orchestrated in such a way that it appears to originate from a different source or group than the actual perpetrators, with the intent to mislead investigators and attribute the attack to someone else is?

This technique is sometimes used by?

Answer 15

A False Flag Attack

Nation State Actors

Question 15

What are some ways to improve security within an organization and mitigate against insider threats?

Answer 15

Zero trust architecture, employing robust access controls, conducting regular audits, and providing effective employee security awareness programs.

Question 16

What is an attack surface?

Answer 16

An attack surface encompasses all the various points where an unauthorized user can try to enter or extract data from an environment. It can be minimized by restricting access, removing unnecessary software, and disabling unused protocols

Question 16

What is a threat vector?

Answer 16

A threat vector is a means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted action.

Question 16

A prolonged and targeted cyberattack in which an intruder gains unauthorized access to a network and remains undetected for an extended period while trying to steal data or monitor network activities rather than cause immediate damage is known as

Answer 16

Advanced Persistent Threat (APT)

(Used by Nation State Actors)

Question 17

What is BlueBorne?

Answer 17

BlueBorne is a set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices, spread malware, or establish an on-path attack to intercept communications without user interaction

Question 18

What is BlueSmack?

Answer 18

BlueSmack is a type of Denial of Service attack that targets Bluetooth-enabled devices by sending a specially crafted Logical Link Control and Adaptation Protocol packet to a target device.

Question 19

What are Tactics, Techniques, and Procedures (TTPs)?

Answer 19

TTPs refer to specific methods and patterns of activities or behaviors associated with a
particular threat actor or group of threat actors.

Question 20

What are deception and disruption technologies?

Answer 20

These are technologies designed to mislead, confuse, and divert attackers from critical
assets while simultaneously detecting and neutralizing threats.

Question 21

What are some disruption technologies and strategies to secure enterprise networks?

Answer 21

Bogus DNS entries: Fake Domain Name System entries introduced into the system’s
DNS server.

Creating decoy directories: Fake folders and files placed within a system’s storage.

Dynamic page generation: Effective against automated scraping tools or bots
attempting to index or steal content from the organization’s website.

Use of port triggering to hide services: A security mechanism where specific services
or ports remain closed until a specific outbound traffic pattern is detected

Spoofing fake telemetry data: Configuring a system to send out fake telemetry or
network data in response to detected network scans by an attacker