Threat Actors (Section 3) Flashcards
Shadow IT
- IT systems, devices, software, or services managed without explicit organizational approval
- IT-related projects that are managed outside of, and without the knowledge of, the IT department
Threat Actors and Attack Surfaces
Message-based / Image-based / File-based / Voice Calls / Removable Devices / Unsecured Networks
Deception and Disruption Technologies
Technologies designed to mislead, confuse, and divert attackers from critical assets while simultaneously detecting and neutralizing threats
Like - Honeypots / Honeynets / Honeyfiles / Honeytokens
Honeyspots / Honeynets / Honeyfiles / Honeytokens
Honeypots - Decoy systems to attract and deceive attackers
Honeynets - Network of honeypots to create a more complex system that is designed to mimic an entire network of systems - severs / routers / switches
Honeyfiles - Decoy files to detect unauthorized access or data breaches
Honeytokens - Piece of data or a resource that has no legitimate value or use but is monitored for access or use
Script Kiddie
- Individual with limited technical knowledge
- use pre-made software or scripts to exploit computer systems and networks
Hactivists / Hactivism
Hactivists - Individuals or groups that use their technical skills to promote a cause or drive
social change instead of for personal gain
Hactivism - Activities in which the use of hacking and other cyber techniques is used to
promote or advance a political or social cause
Hactivists Motivations
Hacktivists are primarily motivated by their ideological beliefs rather than trying to achieve financial gains
Techniques used by Hactivists
Website Defacement / DDoS / Doxing / Leaking of Sensitive Data
Doxing
Attempting to overwhelm the victim’s systems or networks so that they cannot be accessed by the organization’s legitimate users
Website Defacement
Form of electronic graffiti and is usually treated as an act of vandalism
Organized Cybercrime Group
organized crime groups possess a very high level
of technical capability and they often employ advanced hacking techniques and tools
- Custom Malware / Ransomware / Sophisticated Phishing Campaigns
Organized Cybercrime group
- Unlike hacktivists or nation state actors, organized cybercrime groups are not typically driven by ideological or political objectives
- These groups may be hired by other entities, including governments, to conduct cyber operations and attacks on their behalf
Nation-state Actor
- Groups or individuals that are sponsored by a government to conduct cyber operations against other nations, organizations, or individuals
- Nation-state actors possess advanced technical skills and extensive resources, and they are capable of conducting complex, coordinated cyber operations that employ a variety
of techniques such as - Use zero-day exploits / creating custom malware / Becoming an advanced persistent threats
False Flag Attack
Attack that is orchestrated in such a way that it appears to originate from a different source or group than the actual perpetrators, with the intent to mislead investigators and attribute the attack to someone else
Advanced Persistent Threat (APT)
- Term that used to be used synonymously with a nation-state actor because of their long-term persistence and stealth
- A prolonged and targeted cyberattack in which an intruder gains unauthorized access to a network and remains undetected for an extended period while trying to steal data or monitor network activities rather than cause immediate damage
- These advanced persistent threats are often sponsored by a nation-state or its proxies, like organized cybercrime groups
How to mitigate threat of an Insider threat?
- Zerot-trust architecture / Employ robust access controls / Conduct regular audits / Provide effective employee security awareness programs
Why does Shadow IT exists?
An organization’s security posture is actually set too high or is too complex for business operations to occur without be negatively affected eg. BYOD
Threat Vector
Means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted action
Attack Surface
Encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment.
Can be minimized by - Restricting access / Removing unnecessary software / Disabling unused protocols
Threat Vector and Attack Surface
Think of threat vector as the “how” of an attack, whereas the attack surface is the “where” of the attack
Bluetooth vulnerabilities used
BlueBorne - Set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices, spread malware, or even establish an on-path attack to intercept
communications without any user interaction
BlueSmack - Type of Denial of Service attack that targets
Bluetooth-enabled devices by sending a specially crafted
Logical Link Control and Adaptation Protocol packet to a
target device
Outsmarting Threat Actors
One of the most effective ways to learn from the different threat actors that are attacking your network is to set up and utilize deception and disruption technologies
TTPs - Outsmarting Threat Actors
Specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors
Disruption technologies and strategies to help secure networks
Bogus DNS entries / Creating decoy directories / Dynamic page generation / Use of port triggering to hide services / Spoofing fake telemetry data /
