Threat, Vulnerabilities and Mitigations: Threat Actors Flashcards

1
Q

What are Unskilled attackers?

A

Often referred to as script kiddies, these malicious users typically have the lowest level of sophistication and capabilities. They tend to lean heavily on open-source hacking tools and proof of concept (PoC) attacks, and they don’t usually develop their own tools because they don’t possess the skills to do so. They tend to use social engineering and phishing schemes. Their motivations typically include:

Financial gain.

Data exfiltration (exfil), and they then typically sell it on the dark web.

Service disruptions.

General disruption and chaos.

Fame.

Thrills.

Example: Lapsus$

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

What are the types of malicious actors?

A

People or groups that try to intentionally cause harm in the cyber world, to computers, devices, systems, and networks, are threat actors. They’re often referred to as malicious actors, and there are a lot of different types, including:

Unskilled attackers

Nation states

Hacktivists

Insider threats

Unintentional threats

Organized crime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are Nation States attackers?

A

These are typically state-sponsored bad actors, and because they’re government funded, they tend to have lots of backing. They’re usually highly sophisticated and capable bad actors.

Their motivations typically include:

Financial Gain.

Data exfil.

Espionage.

Blackmail.

Political reasons, either ethically based or because of war.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is APT28 describe as?

A

APT28: Fancy Bear (Russia): https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is APT29 describe as?

A

APT29:Cozy Bear (Russia): https://socradar.io/apt-profile-cozy-bear-apt29/.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Lazarus describe as?

A

Lazarus Group (North Korea): https://www.justice.gov/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What APT41 describe as?

A

APT41:Double Dragon (China).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is APT33 described as?

A

APT33:Elfin (Iran).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Equation Group described as?

A

Equation Group (USA).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are Hacktivist?

A

Hacktivists are usually skilled threat actors who launch cyberattacks so they can further their social or political agendas. They have varying levels of sophistication and capabilities, and often are self-funded or crowd-funded, and they share resources.

Their motiviations typically include:

Philosophical or political beliefs.

Ethical concerns.

Social justice agendas.

Examples of hacktivists include Anonymous and LulzSec.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are Insiderthreats?

A

These are malicious, but then sometimes unintentional, attacks typically posed by people with authorized access to, and knowledge of, an organization.

Here’s an example of a malicious insider threat: https://www.bankinfosecurity.com/ubiquiti-insider-hacker-sentenced-to-6-years-in-prison-a-22043.

Unintentional threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are unintentional threats?

A

These types of “insider attacks” are typically not malicious but rather accidental and result from the actions or behaviors of a person or people who are authorized to access an organization’s data, networks, systems, and physical locations but then accidentally or negligently compromise security. Examples include:

Emailing sensitive data to the wrong email address.

Selecting a phishing link accidentally.

Ignoring updates and patches.

Ignoring relevant security threats and vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Shadow IT?

A

Shadow IT

Shadow IT isn’t necessarily always malicious but it’s still typically harmful to an organization’s security, as someone who’s performing Shadow IT will use systems, devices, software, applications, and services without their organization’s IT department’s approval. Examples include installing and using devices and/or software that’s not approved by your IT department, including Wi-Fi, cloud solutions, apps, and personal devices.

There can be myriad motivations for Shadow IT, including people simply trying to be more productive by using apps or software with which they’re familiar, but which aren’t approved by the organization’s IT department. However, the reasons can also be the more malicious ones previously detailed, as well as revenge and blackmail.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Organized crime? attackers?

A

Well funded and often sophisticated, organized crime cyberattacks often include phishing schemes, ransomeware proliferation, and distributed denial of service (DDOS) attacks against websites. They’re all often accompanied by extortion. Examples of ransomware gangs are REvil, DarkSide, and Conti.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly