Threat Actors Flashcards
Threat Actor Motivations
What is the difference between threat actors’ intent and motivation?
Intent is the specific objective or goal that a threat actor aims to achieve, while motivation refers to the underlying reasons or driving forces behind the attack.
Threat Actor Motivations
What does the term ‘Data Exfiltration’ refer to?
Unauthorized transfer of data from a computer.
Threat Actor Motivations
How can threat actors achieve Financial Gain?
Through various means such as ransomware attacks or banking trojans that steal financial information.
Threat Actor Motivations
What is Blackmail in the context of cyber threats?
Threat Actor Motivations
Obtaining sensitive information and threatening to release it unless demands are met.
Threat Actor Motivations
What is the goal of Service Disruption by threat actors?
To disrupt the services of organizations, cause chaos, make political statements, or demand ransom.
Threat Actor Motivations
What is hacktivism?
Attacks conducted due to the philosophical or political beliefs of the attackers.
Threat Actor Motivations
What motivates ethical hackers?
A desire to improve security.
Threat Actor Motivations
What can be a motivation for a threat actor seeking Revenge?
Targeting an entity believed to have wronged them.
Threat Actor Motivations
What does the term ‘Disruption or Chaos’ imply in cyber threats?
Creating and spreading malware or launching cyberattacks against critical infrastructure.
Threat Actor Motivations
What is Espionage in the context of cyber threats?
Spying on individuals, organizations, or nations to gather sensitive or classified information.
Threat Actor Motivations
What is the impact of Cyber Warfare?
Disruption of a country’s infrastructure, compromise of national security, and economic damage.
Threat Actor Attributes
What are Internal Threat Actors?
Individuals or entities within an organization who pose a threat to its security
Internal threat actors can include employees, contractors, or anyone with access to organizational resources.
Threat Actor Attributes
What are External Threat Actors?
Individuals or groups outside an organization who attempt to breach its cybersecurity defenses
External threat actors often include hackers, cybercriminals, and competitors.
Threat Actor Attributes
What factors influence the capabilities of a threat actor?
Resources and funding available to the specific threat actor
* Tools, skills, and personnel at the disposal of a given threat actor
* Level of sophistication and capability of the specific threat actor
Resources can dictate the extent of attacks, while sophistication refers to their ability to bypass security measures.
Threat Actor Attributes
What does the level of sophistication refer to in cybersecurity?
Refers to their technical skill, the complexity of the tools and techniques they use, and their ability to evade detection and countermeasures
Sophisticated actors often employ advanced methods to achieve their objectives.
Threat Actor Attributes
What are script kiddies?
Individuals with limited technical knowledge who use pre-made software or scripts to exploit computer systems and networks
Script kiddies typically do not create their own tools.
Threat Actor Attributes
Who are considered high-level threat actors?
Nation-state actors, Advanced Persistent Threats (APTs), and others with high levels of sophistication and capabilities
These actors possess advanced technical skills and often target critical infrastructure.
Threat Actor Attributes
Fill in the blank: The lowest skilled threat actors are classified as _______.
script kiddies
What are hacktivists?
Individuals or groups that use their technical skills to promote a cause or drive social change instead of for personal gain
Hacktivists operate based on ideological beliefs.
Define hacktivism.
Activities in which the use of hacking and other cyber techniques is used to promote or advance a political or social cause
Hacktivism combines hacking with activism.
What motivates hacktivists?
Primarily motivated by their ideological beliefs rather than trying to achieve financial gains
This distinguishes them from traditional hackers.
What are organized cybercrime groups?
Groups or syndicates that conduct criminal activities in the digital world
They are sophisticated and well-structured, using resources and technical skills for illicit gain.
What is a key characteristic of the technical capabilities of organized crime groups?
They possess a very high level of technical capability and employ advanced hacking techniques and tools
Examples include custom malware, ransomware, and sophisticated phishing campaigns.
List some illicit activities organized cybercrime groups engage in to generate revenue.
- Data Breaches
- Identity Theft
- Online Fraud
- Ransomware Attacks
These activities are aimed at financial gain for their members.
True or False: Organized cybercrime groups are driven by ideological or political objectives.
False
Unlike hacktivists or nation-state actors, their main objective is money.
What may organized cybercrime groups be hired to do?
Conduct cyber operations and attacks on behalf of other entities, including governments
This can involve attacks that take place in the political sphere, but the motivation remains financial.
What is a Nation-state Actor?
Groups or individuals that are sponsored by a government to conduct cyber operations against other nations, organizations, or individuals
Nation-state actors may engage in various forms of cyber warfare, espionage, or sabotage.
What is a False Flag Attack?
An attack orchestrated to appear as if it originates from a different source or group than the actual perpetrators to mislead investigators
False flag attacks can be used to create confusion and misattribution in cyber conflicts.
What capabilities do Nation-state actors possess?
Advanced technical skills and extensive resources, capable of conducting complex, coordinated cyber operations
Techniques include creating custom malware, using zero-day exploits, and becoming advanced persistent threats.
Define Advanced Persistent Threat (APT).
A prolonged and targeted cyberattack where an intruder gains unauthorized access to a network and remains undetected to steal data or monitor activities
APTs are often sponsored by nation-states or their proxies, such as organized cybercrime groups.
What is the primary motivation of Nation-state actors?
To achieve their long-term strategic goals rather than seeking financial gain
This differentiates them from other cybercriminals who may be motivated by profit.
True or False: Advanced Persistent Threats are always financially motivated.
False
List techniques employed by Nation-state actors.
- Creating custom malware
- Using zero-day exploits
- Becoming advanced persistent threats
What are insider threats?
Cybersecurity threats that originate from within the organization.
What factors can vary among insider threats?
Levels of capabilities.
What are the different forms of insider threats?
- Data Theft
- Sabotage
- Misuse of access privileges
What is a common motivation for insiders who aim to harm the organization?
Revenge.
What is Shadow IT?
Use of information technology systems, devices, software, applications, and services without explicit organizational approval
Shadow IT can pose security risks and compliance issues for organizations.
What characterizes IT-related projects in Shadow IT?
IT-related projects that are managed outside of, and without the knowledge of, the IT department
This often leads to a lack of oversight and potential security vulnerabilities.
What is a Threat Vector?
Means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted action
Threat vectors can include various methods such as phishing, malware, and exploiting vulnerabilities.
What does Attack Surface refer to?
Encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment
A larger attack surface increases the risk of unauthorized access.
How can the Attack Surface be minimized?
By:
* Restricting Access
* Removing unnecessary software
* Disabling unused protocols
These measures help to reduce potential entry points for attackers.
What are the different threat vectors that could be used to attack enterprise networks?
Messages, Images, Files, Voice Calls, Removable Devices, Unsecure Networks
These vectors represent various methods through which cyber attacks can be executed.
What is a honeypot?
Decoy system or network set up to attract potential hackers
Used to gather information on attack methods and techniques.
What are honeynets?
Network of honeypots designed to mimic an entire network of systems
Includes components like servers, routers, and switches.
What are the components of a honeynet?
- Servers
- Routers
- Switches
These components create a complex environment for monitoring and studying attacks.
What is a honeyfile?
Decoy file placed within a system to lure in potential attackers
Used to detect unauthorized access and gather data on attack methods.
What are honeytokens?
Piece of data or a resource that has no legitimate value or use but is monitored for access or use
Helps in identifying unauthorized access and tracking attacker behavior.
What are some disruption technologies and strategies used to secure the enterprise network
- Bogus DNS entries
- Creating decoy directories
- Dynamic page generation
- Use of port triggering to hide services
- Spoofing fake telemetry data
