Types of Bad Threat Actors Terms Flashcards
Cybercriminal
A person who engages in criminal activity by means of computers or the internet.
-Cyber activity for criminal purposes.
-Mafia and gangs converted to this in recent years.
Insider
A malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data and computer systems.
-Own organizations employees, contractors, teammates.
-Biggest threat outside APT or bigger
-Doesn’t always mean intentional, but accidental or unintentional mistake, clicking on the link.
-Phishing, insider training
Hacktivist
The use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change
Script Kiddies
A relatively unskilled individual who uses scripts or programs, such as a web shell, developed by others to attack computer systems and networks and deface websites, according to the programming and hacking cultures
-Unsophisticated in their hacking skill set and not a lot of code development, but free downloads vulnerabilities that are easy to take advantage of. Toolkits to download to hack.
Phishing
A type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware.
Spear Phishing
A targeted attack campaigns to gain access to an individual’s account or impersonate a specific individual , such as a ranking official or those involved in confidential operations within the company
Whaling
A highly targeted phishing attack - aimed at senior executives -
masquerading as a legitimate email. Whaling is digitally enabled fraud through social engineering, designed to encourage victims to perform a secondary action, such as initiating a wire transfer of funds.
Botnets
A group of Internet-connected devices, each of which runs one or more bots.
Botnets can be used to perform Distributed Denial-of-Service
attacks, steal data, send spam, and allow the attacker to access the device and its connection. The owner can control the botnet using command and control software.
-Application or automated app that is running to a certain thing.
-Multiple deployment amongst multiple places
-Security scorecard will report these things.
Man-in-the Middle
A form of eavesdropping where communication between two users is monitored and modified by an unauthorized party. Generally, the attacker actively eavesdrops by intercepting a public key message exchange and retransmits the message while replacing the requested key with his own.
-Eavesdropping
-Sitting between two communication points by listening to the data or altering the data in the middle
Distributed Denial of Service
Distributed and/or Denial of Service: is a cyber-attack in which the
perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network
-The perp will flood the points so there’s so much data coming in that the network cannot handle it, flooded, the network just stops.
Brute-force attack
Consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found.
- After typing a password so many time it locks you out
Malware
A file or code, typically delivered over a network, that infects, explores, steals or conducts virtually any behavior an attacker wants.
And because malware comes in so many variants, there are numerous methods to infect computer systems.
-Infects, explores, or steals. Software that has a bad intent. Many forms.
Worm
A standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers
-Standalone malware that replicates itself to spread to other computers
Ransomware
A type of malware from cryptovirology that threatens to publish the victim’s personal data or permanently block access to it unless a ransom is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion.
-Malware that encrypts someone’s system and until they pay the ransomware they cannot unlock.
-They get the ransom to unlock the data and the data is stolen so they pay the ransom so they won’t spread your data
Virus
A type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. If this replication succeeds, the affected areas are then said to be “infected” with a computer virus, a metaphor derived from biological viruses
