Threat Actors Vectors and Intelligence Sources. Flashcards
Actors and Threats:
Advanced Persistent Treat (API):
Actor: Typically state-sponsored groups or highly organized cybercriminals.
Threat: Long-term, targeted attacks with advanced techniques aimed at stealing sensitive data or disrupting critical systems.
Actors and Threats:
Insider Threats:
Actor: Individuals within an organization.
Threat: Employees, contractors, or business partners with access to internal systems may intentionally or unintentionally harm the organization.
Actors and Threats:
State Actors:
Actor: Government-sponsored entities.
Threat: Engage in cyber espionage, cyber warfare, or political influence campaigns on behalf of a nation-state.
Actors and Threats
Hacktivists:
Actor: Social or political activists.
Threat: Conduct cyberattacks to promote a specific cause or raise awareness, often defacing websites or disrupting services.
Actors and Threats
Script Kiddies:
Actor: Inexperienced individuals.
Threat: Use readily available hacking tools and scripts to launch unsophisticated attacks for fun or personal gain.
Actors and Threats
Criminal Syndicates:
Actor: Organized criminal groups.
Threat: Engage in cybercrime activities such as ransomware attacks, financial fraud, and identity theft.
Actors and Threats
Hackers (Authorized, Unauthorized, Semi-Authorized):
Authorized Hackers: Security professionals hired to test and improve an organization’s security.
Unauthorized Hackers: Individuals or groups conducting illegal activities.
Semi-Authorized Hackers: Employees who may exploit their access for personal gain or curiosity.
Actors and Threats
Shadow IT:
Actor: Employees or departments within an organization.
Threat: The use of unauthorized software or services that can introduce security vulnerabilities.
Actors and Threats
Competitors:
Actor: Rival organizations.
Threat: Engage in corporate espionage or cyberattacks to gain a competitive advantage.
Attributes of Actors
Internal/External:
Whether the threat actor is affiliated with the organization (internal) or an external entity (external).
Attributes of Actors
Level of Sophistication/Capability:
The actor’s skill level and the complexity of their attacks.
Attributes of Actors
Resources/Funding:
The financial and technological resources available to the actor.
Attributes of Actors
Intent/Motivation:
The actor’s goals and motivations, which can range from financial gain to political objectives.
Vectors
Direct Access:
Physical or remote access to a system or network.
Vectors
Wireless:
Exploiting vulnerabilities in wireless networks or devices.
Vectors
Email:
Phishing, spear-phishing, or email-based attacks.
Vectors
Supply Chain:
Targeting vulnerabilities in the supply chain to compromise products or services.
Vectors
Social Media:
Leveraging social engineering or malware through social media platforms.
Vectors
Removable Media:
Attacks through USB drives or external storage devices.
Vectors
Cloud:
Exploiting cloud service misconfigurations or vulnerabilities.
Threat Intelligence Sources
Open-Source Intelligence (OSINT):
Publicly available information from sources like news, forums, and social media.
Threat Intelligence Sources
Closed/Proprietary:
Non-public information shared within organizations or industry groups.
Threat Intelligence Sources
Vulnerability Databases:
Repositories of known software vulnerabilities.
Threat Intelligence Sources
Public/Private Information Sharing Centers:
Organizations and government agencies that share threat information.
Threat Intelligence Sources
Dark Web:
Monitoring illicit online communities and forums.
Threat Intelligence Sources
Indicators of Compromise (IoC):
Data points that indicate a security incident.
Threat Intelligence Sources
Automated Indicator Sharing (AIS):
Systems for sharing IoCs among organizations.
Threat Intelligence Sources
Structured Threat Information eXpression (STIX)/Trusted Automated eXchange of Intelligence Information (TAXII):
Standards for sharing threat intelligence.
Threat Intelligence Sources
Predictive Analysis:
Using data analytics to predict future threats.
Threat Intelligence Sources
Threat Maps:
Visual representations of real-time threat activity.
Threat Intelligence Sources
File/Code Repositories:
Analyzing malware samples and code repositories.
Research Sources
Vendor Websites:
Security updates and patches from software and hardware vendors.
Research Sources
Vulnerability Feeds:
Real-time feeds of newly discovered vulnerabilities.
Research Sources
Conferences:
Security conferences where experts share research and insights.
Research Sources
Academic Journals:
Scholarly research on cybersecurity.
Research Sources
Request for Comments (RFC):
Technical standards and protocols.
Research Sources
Local Industry Groups:
Regional organizations focused on cybersecurity.
Research Sources
Social Media:
Monitoring discussions and trends in the security community.
Research Sources:
Threat Feeds:
Real-time threat data from various sources.
Research Sources
Adversary Tactics, Techniques, and Procedures (TTP):
Analyzing known methods used by threat actors to infiltrate systems.