Objetive 2.1

Question 1

An individual or entity responsible for incidents that impact security and data protection.

Answer 1

Threat Actor

Question 2

Specific characteristics or properties that define and differentiate various threat actors from one another.

Answer 2

Threat Actor Attributes

Question 3

Types of Threat Actors

Answer 3

• Unskilled Attackers
• Hacktivists
• Organized Crime
• Nation-state Actors
• Insider Threats

Question 4

[Threat Actors] Individuals with limited technical expertise who use readily available tools like downloaded scripts or exploits to carry out attacks.

Answer 4

Unskilled Attackers

Question 5

[Threat Actors] Well-structured groups that execute cyberattacks for financial gain, usually through methods like ransomware, identity theft, or credit card fraud.

Answer 5

Organized Crime

Question 6

[Threat Actors] Cyber attackers who carry out their activities driven by political, social, or environmental ideologies who often want to draw attention to a specific cause.

Answer 6

Hacktivists

Question 7

[Threat Actors] Highly skilled attackers that are sponsored by governments to carry out cyber espionage, sabotage, or cyber warfare against other nation states or specific targets in a variety of industries.

Answer 7

Nation-state Actors

Question 8

[Threat Actors] Security threats that originate from within the organization.

Answer 8

Insider Threats

Question 9

IT systems, devices, software, applications, and services that are managed and utilized without explicit organizational approval.

Answer 9

Shadow IT

Question 10

Refers to the specific objective or goal that a threat actor is aiming to achieve.

Answer 10

Threat Actor Intent

Question 11

Underlying reasons or driving forces that pushes a threat actor ot carry out the attack.

Answer 11

Threat Actor Motivation

Question 12

These below are types of threat actor… ?

• Data Exfiltration
• Philosophical or Political Beliefs
• Blackmail
• Ethical Reasons
• Espionage
• Revenge
• Service Disruption
• Disruption or Chaos
• Financial Gain
• War

Answer 12

Threat Actor Motivations

Question 13

Unauthorized transfer of data from a computer.

Answer 13

Data Exfiltration

Question 14

Examples of data exfiltration purposes

Answer 14

• Selling it on the dark web
• Using it for identity theft
• Levaraging it for a competitive advantage

Question 15

One of the most common motivations for cyberriminals.

Answer 15

Financial Gain

Question 16

E

Examples of Financial Gains motivation attacks

Answer 16

• Ransomware Attacks
• Banking Trojans

Question 17

The attacker obtain sensitive or compromising information about an individual or an organization and threatens to release this information to the public unless certain demands are met.

Answer 17

Blackmail

Question 18

Examples of cyber blackmail motivation attacks

Answer 18

• Ransomware
• Doxxing
• Sextortion

Question 19

Often achieved by conducting a Distributed Denial of Service (DDoS) attack to overwhelm a network, service, or server with excessive amounts of traffic so that it becomes unavailable to its normal users.

Answer 19

Service Disruption

Question 20

Individuals or groups use hacking to promote a political agenda, social change, or to protest against organizations they perceive as unethical.

Answer 20

Philosophical or Political Beliefs

Question 21

Also known as Authorized hackers, are motivated by a desire to improve security.

Answer 21

Ethical Reasons

Question 22

Examples of Ethical Reasons attack Actors

Answer 22

• Pentesters
• Bounty hunters

Question 23

An employee who is disgrunted, or one who has recently been fired or laid off, might want to harm their current or former employer by causing a data breach, disrupting services, or leaking sensitive information.

Answer 23

Revenge

Question 24

These actors, often referred to as Unauthorized hackers, engage in malicious activities for the thrill of it, to challenge their skills, or simply to cause harm.

Answer 24

Disruption or Chaos

Question 25

Involves spying on individuals, organizations, or nations, to gather sensitive or classified information.

Answer 25

Espionage

Question 26

Cyber espionage motivations

Answer 26

* National security interests (conducted by a nation-state) * Gain competitive business intelligence (conducted by a rival company) * Gain political stratefic advantage (conducted by hackitivists or nation state actors)

Question 27

Cyberattacks have increasingly become a tool for nations to attack each other both on and off the battlefield.

Answer 27

War

Question 28

Why is it important to understand the motivations behind the different types of threat actor?

Answer 28

To help formulate an effective defense against them.

Question 29

[Threat Actor Attributes] Individuals or entities within an organization who pose a threat to its security.

Answer 29

Internal Threat Actors

Question 30

[Threat Actor Attributes] Internal threat actors motivations

Answer 30

* Revenge * Financial gain * Coercion by external entities

Question 31

[Threat Actor Attributes] Individuals or groups outside an organization who attempt to breach its cybersecurity defenses.

Answer 31

External Threat Actors

Question 32

[Threat Actor Attributes] Refers to the tools, skills, and personnel at the disposal of a given threat actor.

Answer 32

Resources and Funding

Question 33

[Threat Actor Attributes] Refers to their technical skill, the complexity of the tools and techniques they use, their ability to evade detection and countermeasures.

Answer 33

Level of sophistication and capability

Question 34

We usualy classify lowest skilled threat actors as a .......... ?

Answer 34

Script Kiddies

Question 35

A threat actor that uses pre-made software or sripts to exploit computer systems and networks often without understanding the underlying principles.

Answer 35

Script Kiddies

Question 36

Threat actors with high level of sophistication and capabilities possess advanced technical skills and use sophisticated tools and techniques.

Answer 36

Usually are: * Nation-state actors * Groups * Advanced Persistent Threats (APT Groups)

Question 37

[Threat Actor Attributes] **Threat actors are classified based on their** ....

Answer 37

**ATTRIBUTES**

Question 38

[Threat Actor Attributes] Attibutes

Answer 38

* Internal vs External * Resorces and Funding * Level of sophistication and capability

Question 39

An individual who lacks the technical knowledge to develop their own hacking tools or exploits.

Answer 39

Unskilled Attacker

Question 40

Can still cause significant damage using readily available tools and exploits to victimize systems with unpatched, known vulnerabilities.

Answer 40

Unskilled Attackers

Question 41

Unskilled attackers are motivated by

Answer 41

A desire for recognition or the thrill of causing disruption o an organization's network.

Question 42

Unskilled attackers are less likely to be motivated by

Answer 42

Financial gain or political ideologies.

Question 43

This threat actor focus on easier targets instead of higher value ones.

Answer 43

Unskilled attackers

Question 44

An individual who lacks the technical knowledge to develop their own hacking tools or exploits.

Answer 44

Unskilled attacker

Question 45

Individuals or groups that use their technical skills to promote a cause or drive social change instead of for personal gain.

Answer 45

Hacktivists

Question 46

Hacktivism/Hacktivists use cyberattacks to achieve their ............ or ............ beliefs.

Answer 46

Hacktivism/Hacktivists use cyberattacks to achieve their ideological or political beliefs.

Question 47

Hicktivists uses techniques like

Answer 47

* Website Defacement * DDoS Attacks * Doxing * Leaking of Sensitive Data

Question 48

A form of electronic graffiti, an act of vandalism.

Answer 48

Website Defacement

Question 49

An attempt to overwhealm the victim's systems or networks so that they cannot be accessed by the organization's legitimate users.

Answer 49

Distributed Denial of Service Attack

Question 50

Public release of private information about an individual or organization such as their name, home address, phone number, or email in hopes that someone will take the real-world action against the victim.

Answer 50

Doxxing

Question 51

Tend to demonstrate fairly high level of sophistication.

Answer 51

Hacktivists

Question 52

Are primarily motivated by their ideological beliefs rather than trying to achieve financial gains.

Answer 52

Hacktivists

Question 53

Target organizations or individuals that they perceive as acting out against their cause.

Answer 53

Hacktivists

Question 54

Anonymous and LulzSec is an example of which type of threat actor?

Answer 54

Hacktivist

Question 55

The act of hacking or breaking into computer systems for a politically or socially motivated purpose. Often to promote, repeat, or protest against specific issues or actions.

Answer 55

Hacktivism

Question 56

Is an indvidual who engages in hacktivism, using cyber tools and techniques to promote a social or political cause.

Answer 56

Hacktivist

Question 57

........................ conducts .................. to advance their own ideological agendas.

Answer 57

**Hacktivists** conducts **hacktivism** to advance their own ideological agendas.

Question 58

Shophisticated and well-structured entities that leverage resources and technical skills for illicit gain. Their operations are usually well-planned and coordinated based on the criminal ring structured nature and strategic approach to conducting attacks.

Answer 58

Organized Cyber Crime Groups

Question 59

They are operating across national borders, these transnational .......................... organizations can create increased complexity for law enforcement when they attempt to prosecute these attackers.

Answer 59

Organized Cyber Crime

Question 60

Tehnical Capability Level of an Organized Cyber Crime Group?

Answer 60

**Very High** Often employ advanced hacking techniques and tools, like: * **Custom Malware** * **Ransomware** * **Sophisticated Phishing Campaings**

Question 61

Exploit emerging technologies such as cryptocurrencies, Dark Web and the use of Cellular Collection Devices to facilitate their activities and evade detection.

Answer 61

Organized Cyber Crime Groups

Question 62

Motivation for Organized Cyber Crime Groups

Answer 62

**Financial Gain**

Question 63

Common illicit ativities linked to cyber crime groups are...

Answer 63

* Data Breaches * Indentity Theft * Online Fraud * Ransomware Attacks

Question 64

Common organized crime targets are...

Answer 64

* Small or medium-sized business * High net worth individuals who have substantial financial resources or valuable data.

Question 65

This threat actor is no typically driven by ideological or political objectives. However, these groups may be hired by other entities, including governments, to conduct cyber operations and attacks on their behalf.

Answer 65

Cyber Crime Groups

Question 66

May operate in the political spectrum but only do so to generate financial gains for themselves. Essentially, when conducting these types of attacks, this threat actor is acting as a hired gun or mercenary for the political organization or government that hires them.

Answer 66

Organized Cyber Crime Groups

Question 67

FIN7 and Carbanak is an example of which type of threat actor?

Answer 67

Organized Cyber Crime Group

Question 68

Groups that are sponsored by a government to conduct cyber operations against other nations, organizations, or individuals.

Answer 68

Nation-State Actors

Question 69

Kind of attack that is orchestrated in such a way that it appears to originate from a different source or group.

Answer 69

False Flag Attack

Question 70

Term that used to be used synonymously with a nation-state actor because of their long-term persistence and stealth.

Answer 70

Advanced Persistent Threat

Question 71

Motivations of a nation-state actor

Answer 71

Gathering Intelligence Disrupting Critical Infrastructure Influencing Political Processes Cyber espionage

Question 72

Cybersecurity threats that originate from within the organization

Answer 72

Insider Threat

Question 73

The use of information technology systems, devices, software, applications, and services without explicit organizational approval.

Answer 73

Shadow IT