Threat Actors

Cybersecurity Forensics Lesson 2.1.1

What are threat actors?

  • Groups of people who pose a threat to the security of software

What are script kiddies, and what is their typical skill level?

  • The term “Script kiddie” is usually a negative label used by more sophisticated hackers to belittle one another or dismiss someone for not being knowledgeable

How do hacktivists differ from other threat actor groups, and what motivates them?

  • Medium skilled professionals who perform exploits and attacks for a cause
  • Driven by their political, commercial, or economic message
  • End goal is to spread their message to a wider audience to raise awareness for their cause

What distinguishes organized crime groups in terms of their motivations and activities?

  • The are fueled by money and the desire to gain power to continue their influence
  • Organized criminals, or criminal syndicates, use exploits to continue their organized crime business

Describe the characteristics of nation states and advanced persistent threats (APTs) in the context of cybersecurity.

  • Also known as state actors or advanced persistent threats
  • Very advanced government or military organisations
  • Argued that Stuxnet malware was carried out by a nation state because of its sophistication

What defines insider threats, and why are they considered particularly dangerous?

  • Work within an organization to expose business secrets and data
  • Usually carry out low-level attacks
  • May act out of vengeance or spite due to an even that happened to them at work that they feel is unfair

What is the difference between black hat (unauthorized user), white hat (authorized user), and grey hat (semi-authorized) hackers?

  • Black Hat; Malicious users who intend to cause damage and harm to their targets
  • White Hat; Find vulnerabilities and exploits in a system with the intent to patch them
  • Grey Hat: Breaking the law but usually nor with malicious purposes

Explain the concept of shadow IT and its potential impact on organizations.

  • Part of a larger organization that do not follow the IT department rules and attempt to work around them
  • Find a way to work around security utilize locked features without the IT Departments consent

Attributes of Actors

  • Internal - Trusted insiders that have permission to be in the organizations network
  • External - Do not have access or special privileges to the network
  • Resources and Funding - How well the threat actor can support their attack
  • Capability - One of the most important factors to determine of a threat actor’s attack is successful
  • Level of sophistication - Highly sophisticated threat actors are more likely to be successful