Explain threat actor type and attributes.
- Types of actors
- Script kiddies
- Hacktivist
- Organized crime
- Nation states/APT
- Insiders
- Competitors
- Attributes of actors
- Internal/external
- Level of sophistication
- Resources/funding
- Intent/motivation
And will see hot use Use of Open-Source Intelligence
Threat/Threat Actor
A potential occurrence that can result in an undesirable outcome.
A person or thing likely to cause damage or danger.
A threat actor is a person or entity that is responsible for an event or incident that impacts, or has the potential to impact, the safety or security of another entity.
Types of Threat Actors
Script kiddies: A derogatory term for people who use hacking techniques but have limited skills. Often such attackers may rely almost entirely on automated tools they download from the Internet.
Hacktivist: Person who uses hacking techniques to accomplish some activist or political goal. Usually seeking to deface websites.
Insiders: Internal employees seeking to cause damage to their organization.
Organized crime: Organized groups seeking to steal money, identities, or corporate secrets.
Competitors: Outside organizations seeking to commit corporate espionage for financial or market gain.
Nation states: Countries sponsoring illegal or fraudulent actions.
APT — Advanced Persistent Threat: an attack in which unauthorized persons gain access to a network using advanced exploitation techniques and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organization.
Deep Web/ Dark Web
Deep Web is anything on the Internet that a search engine can’t find.
Dark Web is a part of the Deep Web Internet that is only accessible by means of special software (TOR), allowing users and website operators to remain anonymous or untraceable.
Dark Web Market: A part of the Dark Web often illegally selling goods, merchandise, data/information, or services.
Open-Source Intelligence (OSINT)
Open-Source: Any information that is readily available to anyone (e.g., Newspapers / News sites).
Intelligence: the collection of information of military, political, organizational, or financial value.
Websites and tools that allow you to gather informationon current threats or specific security issues.
ThreatCrowd, OpenPhish, OSINT Framework, Shodan
Attributes of Threat Actors
Internal/external
- Access
Level of sophistication
- Knowledge
Intent/motivation
Resources/funding
Fraud = Resources[Knowledge + Intent + Access]
