Threat Actors Vectors and Intelligence Sources. Flashcards
Actors and Threats:
Advanced Persistent Treat (API):
Actor: Typically state-sponsored groups or highly organized cybercriminals.
Threat: Long-term, targeted attacks with advanced techniques aimed at stealing sensitive data or disrupting critical systems.
Actors and Threats:
Insider Threats:
Actor: Individuals within an organization.
Threat: Employees, contractors, or business partners with access to internal systems may intentionally or unintentionally harm the organization.
Actors and Threats:
State Actors:
Actor: Government-sponsored entities.
Threat: Engage in cyber espionage, cyber warfare, or political influence campaigns on behalf of a nation-state.
Actors and Threats
Hacktivists:
Actor: Social or political activists.
Threat: Conduct cyberattacks to promote a specific cause or raise awareness, often defacing websites or disrupting services.
Actors and Threats
Script Kiddies:
Actor: Inexperienced individuals.
Threat: Use readily available hacking tools and scripts to launch unsophisticated attacks for fun or personal gain.
Actors and Threats
Criminal Syndicates:
Actor: Organized criminal groups.
Threat: Engage in cybercrime activities such as ransomware attacks, financial fraud, and identity theft.
Actors and Threats
Hackers (Authorized, Unauthorized, Semi-Authorized):
Authorized Hackers: Security professionals hired to test and improve an organization’s security.
Unauthorized Hackers: Individuals or groups conducting illegal activities.
Semi-Authorized Hackers: Employees who may exploit their access for personal gain or curiosity.
Actors and Threats
Shadow IT:
Actor: Employees or departments within an organization.
Threat: The use of unauthorized software or services that can introduce security vulnerabilities.
Actors and Threats
Competitors:
Actor: Rival organizations.
Threat: Engage in corporate espionage or cyberattacks to gain a competitive advantage.
Attributes of Actors
Internal/External:
Whether the threat actor is affiliated with the organization (internal) or an external entity (external).
Attributes of Actors
Level of Sophistication/Capability:
The actor’s skill level and the complexity of their attacks.
Attributes of Actors
Resources/Funding:
The financial and technological resources available to the actor.
Attributes of Actors
Intent/Motivation:
The actor’s goals and motivations, which can range from financial gain to political objectives.
Vectors
Direct Access:
Physical or remote access to a system or network.
Vectors
Wireless:
Exploiting vulnerabilities in wireless networks or devices.
Vectors
Email:
Phishing, spear-phishing, or email-based attacks.
Vectors
Supply Chain:
Targeting vulnerabilities in the supply chain to compromise products or services.
Vectors
Social Media:
Leveraging social engineering or malware through social media platforms.
Vectors
Removable Media:
Attacks through USB drives or external storage devices.
Vectors
Cloud:
Exploiting cloud service misconfigurations or vulnerabilities.
Threat Intelligence Sources
Open-Source Intelligence (OSINT):
Publicly available information from sources like news, forums, and social media.
Threat Intelligence Sources
Closed/Proprietary:
Non-public information shared within organizations or industry groups.
Threat Intelligence Sources
Vulnerability Databases:
Repositories of known software vulnerabilities.
Threat Intelligence Sources
Public/Private Information Sharing Centers:
Organizations and government agencies that share threat information.
