Module 2: Threat Actor Types

hackers

- access protected information - seek attention and thrills - seek financial, political, or social rewards.

Nation States

The days of protecting systems from a lone attacker or small group are gone. In today's world, we have to deal with attacks from other countries. And these are some of the most dangerous external attacks you will face. - execute highly targeted attacks - extremely motivated attackers - use the most sophisticated techniques - have many resources - cannot be stopped, but you can recognize attacks

do damage--for example, leak sensitive information or destroy important data. Targeted attacks almost always use unknown exploits and go to great lengths to cover their tracks and hide their presence. Targeted attacks also use completely new programs written from the ground up that are specifically designed for the target.

The main goal of a targeted attack is to

internal and external

There are two tactics used in corporate espionage.

external

This is where the competitor hires a spy to attack a company from the outside by exploiting any vulnerabilities that exist and, again, returns the information to their client.

targeted attack

is much more dangerous and, to be completely honest, impossible to defend against. is extremely methodical and often carried out by multiple entities that have substantial resources.

opportunistic attack

is typically automated and involves scanning a wide range of systems for known vulnerabilities, such as old software, exposed ports, poorly secured networks, default configurations, and so on. When one is found, the attacker will exploit the vulnerability, steal what they need, and get out. (Automated attack that scans for vulnerabilities)

Opportunistic Attack

the threat actor is almost always trying to make money as fast as possible and with minimal effort. And because hiding your tracks and presence is very time-consuming, the attacker usually won't bother. They simply want to get in, grab the goods, and get out--think of it as the smash-and-grab of cyber attacks. (Easily make money) (Get in and out quickly)

competitor

this threat actor carries out attacks on behalf of an organization and targets competing companies. For example, a payment processing company could hire someone to carry out a DDoS attack on a competing payment processing company to force users to choose the attacker's product. The motive behind such attacks could be financial gain, competitor defamation, or even stealing industry secrets.

white hat hacker

this threat agent is actually, a good guy who tries to help a company see the vulnerabilities that exist in their security.

ransomware. An attacker will gain access to a system, plant a virus that encrypts all user data, and demand a payment for decrypting the data.

A common example of an opportunistic attack is

internal

In this case, a competitor hires a spy that gets a job at your company. This new--œemployee--then exploits any vulnerabilities and steals information for their client.

a customer, a janitor, or even a security guard. But most of the time, we are talking about an employee. And employees pose one of the biggest threats to any organization.

Now, when we say insider, we can be talking about

It's still beneficial to protect your network and minimize your attack surface as much as possible to make it that much harder for an attacker to succeed.

Even though targeted attacks are next to impossible to protect against, it doesn't mean you should throw in the towel.

Insiders

are one of the most dangerous types of threat actors. And often, they are the most overlooked.

script kiddie

aren't hackers in the traditional sense. they are kind of like the kids of the hacking world. will use applications or scripts written by much more talented individuals to attack systems or compromise devices.

to follow security best practices: keep systems up to date, close all unused ports, disable unused services, et cetera.

best way to protect against opportunistic attacks

unintentional threat actor

sometimes, an employee can become a threat actor without them even knowing. They create security breaches doing what they think is harmless day-to-day work. And an unintentional threat actor is the most common insider threat.

Cybercriminals

there's actually a subcategory of hacker threat agents, and they could even be grouped with corporate spies. , and they have some unique aspects that differentiate them from an average hacker. - take ricks and use extreme tactics - sell and use information - sometimes seek revenge often associated with large criminal organizations

hackers

this threat agent term is kind of a broad, generic term that tends to be applied to many different categories of threat agents. But generally speaking, and for our purposes here, it is any threat agent who uses their technical knowledge to bypass security, exploit a vulnerability, and gain access to protected information.