CompTIA Security+ Gathering Intelligence on Threat Actors and Vectors Exercise 1 - Actors and Threats

Hacktivists

A hacktivist is a hacker who performs hacking for either a political reason or wants to bring in a social change. A hacktivist may perform a hacking due to the ideological difference with the government or a political party. The hacktivist performed the attacks to gain attention towards their ideology or highlight their intention of social change. In most basic terms, you can call them the Internet version of activists. A hacktivist can also be part of a group that acts as a team. They often use simple methods of attacks. Distributed Denial of Service or DDoS or DoS is often a key method of attacking the government's Web infrastructure, such as government portals. Most famous hacktivist groups: Anonymous: Known for famous attacks, such as the Fine Gael website, Operation Tunisia, Operation Egypt, Operation Syria, Operation DarkNet, AntiSec Leak, and CIA attack. LulzSec: Known for famous attacks, such as the Sony data breach and Sony PlayStation Network hack.

Pure Insider

A pure insider is a person who is part of the organization and is a legitimate user. The pure insider has permissions and privileges to the internal network and the resources utilized by the organization. Hence, they are able to connect to the network and access the resources in the organization. This gives them the capability to cause maximum damage.

Script kiddies

A script kiddie is someone who does not have a hacker's expertise and relies on ready-made tools to write the code. Due to a lack of expertise, their attacks are generally not sophisticated.

Insider Affiliate

An insider affiliate is someone who can be a spouse, friend, or acquaintance of an employee. This person can obtain the information, such as user credentials or a security badge from the employee and access the network or even the facility.

Insider Associate

An insider associate is someone who is not directly part of the organization, but he or she is a third-party vendor or a contractor. The insider associate can also be the security guard or even a receptionist who can be a contractual resource. They can have limited access to the network resources or even the facility where your organization has the office. For example, a security guard may simply have access to the papers that are left out, unattended on the employees' desk. Some of the papers may contain confidential information. This information can now be passed on to a malicious entity.

Hackers

By default, when you hear the term 'Hacker', you think of a shady person who is usually involved in breaking computers. This is a popular perception however, this perception of hackers is not completely true. A hacker can be good or bad, depending on the tasks they perform and the intentions he or she has. Broadly, the hackers are categorized into three different types: -White Hat Hackers -Black Hat Hackers -Grey Hat Hackers

Shadow IT

Consider a scenario in which your organization has several strict security controls implemented. Being a developer, you need to frequently test your applications, which the network does not allow due to security controls. You set up a small network of multiple desktops and a switch, and continue with the application testing. The IT team is unaware of this setup. You have now performed the role of shadow IT. Shadow IT works to circumvent or work around the bottlenecks that they face on the network. As in the given example, you could not find a way to test your applications and, therefore, set up your network. So, to circumvent the network's security controls, you set up your network to test applications. In a way, you have used the IT resources to beat their security controls.

Criminal syndicates

Criminal syndicates are also known as organized crime leaders. Organized crime turns out to be one of the biggest threats on the Internet. Unlike some hackers, who are into hacking for either fun or causing some level of damage, the organized crime hackers are serious criminals. They have moved away from the traditional crimes to hacking in cyberspace. Organized criminals are individuals who are multi-skilled and have sophisticated methods in conducting their attacks. The hackers conducting organized crime are no novices with basic tools in conducting the attacks. Rather, these guys are into causing serious damage to the organizations, such as: -Extorting money using ransomware -Stealing intellectual property -Stealing industrial secrets and confidential organizational information They use sophisticated tools, such as: -Botnets -Automated exploit kits

Grey Hat Hackers

Grey Hat Hackers are a combination of Black and White Hat Hackers. The Black Hat Hacker qualities consist of breaking into systems without the owner's permission. The White Hat Hacker qualities consist of finding the vulnerabilities and informing the owner. They are usually on the lookout for some type of monetary reward. If the owner does not pay the reward, they may sell the vulnerabilities to other hackers or even put them online.

White Hat Hackers

Have deep technical skills in which they use to prevent the system from breaking rather than breaking them. This means that they find the flaws in the systems and help the organization fix these flaws. White Hat Hackers, also known as Ethical Hackers, are either consultants or on the organization's payroll. They are responsible for performing penetration testing and vulnerability assessment. They limit themselves with only finding the vulnerabilities and flaws but not exploit them. They are supposed to inform the organization of any vulnerabilities found. One of the key points about White Hat Hackers is that they perform the tests with the organization's permissions.

Black Hat Hackers

Just like the White Hat Hackers, the Black Hat Hackers also have deep technical expertise. They are not people with good intentions, but they break into the systems for personal or financial gain. These hackers are breaking and damaging systems, which could be stealing valuable information, erasing data, stealing intellectual property and harassing or stalking someone. Black Hat Hackers do not work with the commercial tools. They would either write their malware or security tools or use other hackers' tools. For example, a hacker may simply rent an exploit kit or purchase a license. Serenity exploit kit can be purchased. Hacking Tools is another exploit kit that is easily available on GitHub.

State Actors

Nation-states are known for their cyber espionage against the nations. They are hired by one nations government to conduct an attack against the government of another nation. These are hackers who have sophisticated methods and techniques that they use to conduct the attacks and can target some of the following: -Government agencies -Critical infrastructure -Industries with sensitive data or property

Competitors

Often competitors of an organization hire hackers to penetrate its network. For example, organization 1 might pay a hacker to penetrate the organization 2 networks and steal valuable information. Alternatively, the competitor organization may also get hold of an insider to provide confidential information. Assume that there is a frustrated employee, but he has a good amount of confidential information. The possibility is that he will approach the competitor to sell the information, or if the competitor finds out about such an employee, they might approach him. It is easy to get the information from an insider rather than hire a hacker who may or may not get the information you need.

Outsider Affiliate

Outside affiliates are external entities, which are not employees or do not have a connection with an employee. The outsider affiliate can attempt to find entry into the facility or the network using different methods. It could be through obtaining credentials of an individual or breaking into a wireless network and gaining access to the network. There can be two types of insider threats: -Intentional -Unintentional

Intentional

These can be insiders who have access to the internal network and its resources. They are the entities who have the opportunity to conduct malicious intent. In some cases, these entities have access to confidential and restricted information. An example can be a personal assistant to the organization's CEO, who would have access to various resources, such as their Email or budgets etc. If the secretary decided to sell the CEO/company's confidential information, or someone simply triggers them to share the information, then this would be an intentional insider threat. These insiders could be driven by motivations such as anger, revenge, ideology, divided loyalty, or even the work that they are doing. Another motive could be for personal gains, such as monetary. They may steal the information and sell it to outsiders, for instance competitors. In this scenario, if the secretary steals and shares the information to a malicious entity, the entire set of security controls within the organization network or on its perimeter network becomes useless

Unintentional

Unintentional insiders are the ones who do not have any malicious intentions but accidentally become a threat to the network and its resources. It is important to understand that even though it is unintentional their activities can be malicious, having dire consequences. Some of the unintentional activities they may perform are: -Accidental data deletion -Accidental data modification -Incorrect usage of privileges The consequences of an unintentional act can be as dangerous as intentional ones. For example, if a healthcare professional makes incorrect modifications to various patients' data, it is considered a serious mistake. The doctor may end up giving the wrong medication to the patient based on the data shown on the system. This kind of unintentional attack may occur due to lack of attention, but the consequences can be detrimental.