Threat Actors (Section 3) Flashcards
Shadow IT
- IT systems, devices, software, or services managed without explicit organizational approval
- IT-related projects that are managed outside of, and without the knowledge of, the IT department
Threat Actors and Attack Surfaces
Message-based / Image-based / File-based / Voice Calls / Removable Devices / Unsecured Networks
Deception and Disruption Technologies
Technologies designed to mislead, confuse, and divert attackers from critical assets while simultaneously detecting and neutralizing threats
Like - Honeypots / Honeynets / Honeyfiles / Honeytokens
Honeyspots / Honeynets / Honeyfiles / Honeytokens
Honeypots - Decoy systems to attract and deceive attackers
Honeynets - Network of honeypots to create a more complex system that is designed to mimic an entire network of systems - severs / routers / switches
Honeyfiles - Decoy files to detect unauthorized access or data breaches
Honeytokens - Piece of data or a resource that has no legitimate value or use but is monitored for access or use
Script Kiddie
- Individual with limited technical knowledge
- use pre-made software or scripts to exploit computer systems and networks
Hactivists / Hactivism
Hactivists - Individuals or groups that use their technical skills to promote a cause or drive
social change instead of for personal gain
Hactivism - Activities in which the use of hacking and other cyber techniques is used to
promote or advance a political or social cause
Hactivists Motivations
Hacktivists are primarily motivated by their ideological beliefs rather than trying to achieve financial gains
Techniques used by Hactivists
Website Defacement / DDoS / Doxing / Leaking of Sensitive Data
Doxing
Attempting to overwhelm the victim’s systems or networks so that they cannot be accessed by the organization’s legitimate users
Website Defacement
Form of electronic graffiti and is usually treated as an act of vandalism
Organized Cybercrime Group
organized crime groups possess a very high level
of technical capability and they often employ advanced hacking techniques and tools
- Custom Malware / Ransomware / Sophisticated Phishing Campaigns
Organized Cybercrime group
- Unlike hacktivists or nation state actors, organized cybercrime groups are not typically driven by ideological or political objectives
- These groups may be hired by other entities, including governments, to conduct cyber operations and attacks on their behalf
Nation-state Actor
- Groups or individuals that are sponsored by a government to conduct cyber operations against other nations, organizations, or individuals
- Nation-state actors possess advanced technical skills and extensive resources, and they are capable of conducting complex, coordinated cyber operations that employ a variety
of techniques such as - Use zero-day exploits / creating custom malware / Becoming an advanced persistent threats
False Flag Attack
Attack that is orchestrated in such a way that it appears to originate from a different source or group than the actual perpetrators, with the intent to mislead investigators and attribute the attack to someone else
Advanced Persistent Threat (APT)
- Term that used to be used synonymously with a nation-state actor because of their long-term persistence and stealth
- A prolonged and targeted cyberattack in which an intruder gains unauthorized access to a network and remains undetected for an extended period while trying to steal data or monitor network activities rather than cause immediate damage
- These advanced persistent threats are often sponsored by a nation-state or its proxies, like organized cybercrime groups