Threat Actors Flashcards
Define a Threat Vector
The means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted action. How an attack can be executed.
Define Attack Surface
The attack surface of a system or network is the sum of all the vulnerabilities and entry points that an attacker could exploit. Where an attack can be executed.
List of threat actors that can be used for an attack
Messages, images, files, voice calls, removable devices, and unsecured networks.
What are deceptive and disruptive technologies?
Refers to a set of tools designed to mislead potential attackers, and hinder their malicious activities within a system or network.
Name some deceptive and disruptive technologies
Honeypots, honeynets, honeyfiles, and honeytokens.
Define Honeypots
A honeypot is a decoy (trap) system setup to lure (attract, persuade) cyber attackers, allowing defenders to study their actions without real-world consequences.
Define honeynet
Is an entire network of such deceptive systems that mimic a real-world environment to attract and analyze attacker’s behaviors.
Define honeyfile
A honeyfile is a decoy file that appears to be genuine data but it’s really just a watermarked file that can be used to detect unauthorized access.
Define honeytoken
A honeytoken is a piece of information or a system entity that is created to serve as a decoy or alert mechanism. A honeytoken’s sole purpose is to be accessed or used illicitly, and any interaction with it is typically a clear sign of unauthorized activity, such as someone using a fake user account, a dummy email address, or a baited record in a database. It alerts the organization that someone has accessed the system. A honeytoken is a digital entity such as a fake password or user credential that when used triggers an alarm signaling a potential security breach.
Name some threat actor motivations
In cybersecurity, it is important to understand the motives behind different types of cyberattacks to help formulate an effective defense. Data exfiltration, blackmail, espionage, financial gain, revenge, war, service disruption, philosophical and political beliefs, ethical reasons, disruption, or chaos.
Name the attributes of a threat actor
Threat actors are classified based on their attributes. Their origin; internal or external. Resources and funding. Level of sophistication and capability.
Define ‘external actors’
Individuals or groups outside an organization who attempt to breach its cybersecurity defense. These external actors could be cybercriminals, hacktivists, competitors, or state-sponsored actors.
Which of the following is a primary motivation for a hacktivist threat actor?
Hacktivists are motivated by ideological, political, or philosophical beliefs and they use cybercrime as a means to promote a particular agenda or cause by seeking to bring attention to issues or to enact social change.
Which attribute of a threat actor indicates the amount of financial, technological, and human resources they can use for their operations?
Their resource level is an attribute that reflects the depth and breadth of resources (be it financial, technological, human, etc.) available to a threat actor for executing and supporting their malicious campaigns.
Which of the following threat actors primarily operates based primarily on financial motivations and is considered to be highly structured and sophisticated in their attacks?
Organized cybercrime consists of groups that are primarily motivated by financial gain who are involved in various cybercriminal activities like data breaches, ransomware attacks, and financial fraud.
Which type of threat actor describes a disgruntled employee who may exploit their legitimate access for malicious purposes?
An insider threat refers to potential or actual threats that come from individuals within the organization, such as employees, contractors, or business associates, who have inside information concerning the organization’s security practices, data, and computer systems. They may exploit their legitimate access to cause harm due to malicious intent. Insider threats can also cause damage accidentally, but in this case, the employee is disgruntled, so the damage is malicious.
