Threat, Vulnerabilities and Mitigations: Threat Actors Flashcards
What are Unskilled attackers?
Often referred to as script kiddies, these malicious users typically have the lowest level of sophistication and capabilities. They tend to lean heavily on open-source hacking tools and proof of concept (PoC) attacks, and they don’t usually develop their own tools because they don’t possess the skills to do so. They tend to use social engineering and phishing schemes. Their motivations typically include:
Financial gain.
Data exfiltration (exfil), and they then typically sell it on the dark web.
Service disruptions.
General disruption and chaos.
Fame.
Thrills.
Example: Lapsus$
What are the types of malicious actors?
People or groups that try to intentionally cause harm in the cyber world, to computers, devices, systems, and networks, are threat actors. They’re often referred to as malicious actors, and there are a lot of different types, including:
Unskilled attackers
Nation states
Hacktivists
Insider threats
Unintentional threats
Organized crime
What are Nation States attackers?
These are typically state-sponsored bad actors, and because they’re government funded, they tend to have lots of backing. They’re usually highly sophisticated and capable bad actors.
Their motivations typically include:
Financial Gain.
Data exfil.
Espionage.
Blackmail.
Political reasons, either ethically based or because of war.
What is APT28 describe as?
APT28: Fancy Bear (Russia): https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108.
What is APT29 describe as?
APT29:Cozy Bear (Russia): https://socradar.io/apt-profile-cozy-bear-apt29/.
What is Lazarus describe as?
Lazarus Group (North Korea): https://www.justice.gov/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and.
What APT41 describe as?
APT41:Double Dragon (China).
What is APT33 described as?
APT33:Elfin (Iran).
What is Equation Group described as?
Equation Group (USA).
What are Hacktivist?
Hacktivists are usually skilled threat actors who launch cyberattacks so they can further their social or political agendas. They have varying levels of sophistication and capabilities, and often are self-funded or crowd-funded, and they share resources.
Their motiviations typically include:
Philosophical or political beliefs.
Ethical concerns.
Social justice agendas.
Examples of hacktivists include Anonymous and LulzSec.
What are Insiderthreats?
These are malicious, but then sometimes unintentional, attacks typically posed by people with authorized access to, and knowledge of, an organization.
Here’s an example of a malicious insider threat: https://www.bankinfosecurity.com/ubiquiti-insider-hacker-sentenced-to-6-years-in-prison-a-22043.
Unintentional threats
What are unintentional threats?
These types of “insider attacks” are typically not malicious but rather accidental and result from the actions or behaviors of a person or people who are authorized to access an organization’s data, networks, systems, and physical locations but then accidentally or negligently compromise security. Examples include:
Emailing sensitive data to the wrong email address.
Selecting a phishing link accidentally.
Ignoring updates and patches.
Ignoring relevant security threats and vulnerabilities.
What is Shadow IT?
Shadow IT
Shadow IT isn’t necessarily always malicious but it’s still typically harmful to an organization’s security, as someone who’s performing Shadow IT will use systems, devices, software, applications, and services without their organization’s IT department’s approval. Examples include installing and using devices and/or software that’s not approved by your IT department, including Wi-Fi, cloud solutions, apps, and personal devices.
There can be myriad motivations for Shadow IT, including people simply trying to be more productive by using apps or software with which they’re familiar, but which aren’t approved by the organization’s IT department. However, the reasons can also be the more malicious ones previously detailed, as well as revenge and blackmail.
What is Organized crime? attackers?
Well funded and often sophisticated, organized crime cyberattacks often include phishing schemes, ransomeware proliferation, and distributed denial of service (DDOS) attacks against websites. They’re all often accompanied by extortion. Examples of ransomware gangs are REvil, DarkSide, and Conti.