Threats Flashcards
What is a threat actor?
The act responsible for an event that has an impact on the safety of another entity.
Also called a malicious actor.
What are threat actor attributes?
Characteristics of the attacker that help categorize their motivation.
What are the two categories of threat actor attributes?
Internal/external and resources/funding.
What does ‘internal’ mean in the context of threat actors?
The attacker is inside the organization.
What does ‘external’ mean in the context of threat actors?
The attacker is outside and trying to get in.
What are the two extremes of resources/funding for threat actors?
No money and extensive funding.
What are the levels of sophistication/capability for threat actors?
Blindly runs scripts or automated vulnerability scans, or can write their own attack malware and scripts.
What motivates threat actors?
There is a purpose to the attack.
What are some common motivations of threat actors?
Data exfiltration, espionage, service disruption, blackmail, financial gain, philosophical/political beliefs, ethical reasons, revenge, disruption/chaos, and war.
What defines nation state threat actors?
External entities such as government and national security with many possible motivations.
What is an Advanced Persistent Threat (APT)?
Constant attacks with the highest sophistication, often involving military control, utilities, and financial control.
What is an example of a sophisticated attack by a nation state?
The United States and Israel destroyed 1,000 nuclear centrifuges with the Stuxnet worm.
What characterizes unskilled attackers?
They run pre-made scripts without any knowledge of what’s really happening.
What motivates unskilled attackers?
The hunt, which may include disruption, data exfiltration, or sometimes philosophical reasons.
What defines a hacktivist?
Motivated by philosophy, revenge, disruption, etc., often an external entity but can infiltrate as an insider threat.
What is the sophistication level of hacktivists?
They can be remarkably sophisticated with very specific hacks.
What defines insider threats?
Internal entities using the organization’s resources against themselves.
What is the sophistication level of insider threats?
Medium level, as insiders have institutional knowledge and know what systems to target.
What characterizes organized crime in the context of threat actors?
Professional criminals motivated by money, almost always external entities with high sophistication.
What is shadow IT?
Going rogue by working around the internal IT organization and building their own infrastructure.
What is the sophistication level of shadow IT?
Medium sophistication, as they may not have IT training or knowledge.
