Lesson 5: Compare and Contrast Common Threat Actors and Motivations

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/30

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 10:13 AM on 5/26/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

31 Terms

1
New cards

Threat

A threat is a category of objects, persons, processes, or events that represent a potential danger to an asset.

2
New cards

Vulnerability

A vulnerability is a weakness in a system, process, or person that can be exploited by a threat.

3
New cards

Exploit

An exploit is when a threat actor successfully takes advantage of a vulnerability.

4
New cards

Threat Actor (Agent)

An adversary is an opponent. A threat actor is an adversary with malicious intent.

5
New cards

Targeted Attack

A targeted attack is when a threat actor chooses a target for a specific objective.

- The choice of target is generally influenced by perceived value of outcome.

6
New cards

Opportunistic Attack

An opportunistic attack is when a threat actor takes advantage of a vulnerable target (not previously known to them).

- The choice of target is generally influenced by work factor.

7
New cards

Cyber Threat Actors

Lone Skilled | Unskilled Attacker
Hacktivist
Organized Crime (cyber-criminals)
Nation-State
Insiders | Shadow IT
Competitors

8
New cards

Script Kiddies

  • Bragging rights, notoriety.
    - Low level of sophistication
9
New cards

Hackers

  • Financial gain, notoriety
    - Generally talented
10
New cards

Hacktivist

  • Political statement
    - Generally talented
    - Funding variable
11
New cards

Cyber-criminal

  • Financial gain
    - Well-organized
    - Sophisticated
    - Well-funded
12
New cards

Nation-States

  • Surveillance, espionage, disruption, war
    - Well-organized
    - Sophisticated
    - Well-funded
    - Stealthy
    - Luxury of time
13
New cards

Insiders

  • Grievance, revenge perceived morality, duress, blackmail
    - Variable level of sophistication and funding
14
New cards

Shadow IT

  • Accomplish a task (no malice), circumvent controls
15
New cards

Competitors

  • Espionage, IP theft, service disruption, reputation damage
    - Sophisticated
    - Well-funded
16
New cards

Non-adversarial Threats

Natural
Operational
Human

17
New cards

Natural (Threats)

  • Natural occurrences e.g., earthquakes, storms and floods.
    - Environmental events e.g., pollution and sea rise.
    - Public health emergencies e.g., pandemic.
18
New cards

Operational (Threats)

  • Loss of services e.g., electricity, HVAC.
    - Technical issues e.g., equipment or communications failure.
19
New cards

Human (Threats)

  • Accidents
    - Civil disturbances
    - Work stoppages
20
New cards

Threat Modeling

Threat modeling is a structured process by which potential threats and threat actors can be identified, enumerated, and prioritized.

- Motivation, talent, work factor, patience, evasion capabilities, and sometimes luck, all contribute to a successful attack.
- Work factor is the time, effort, and resources necessary for the attacker to successfully achieve their objective.

21
New cards

Threat Modeling Approaches

Asset-centric
Architecture-centric
Attacker-centric

22
New cards

Asset-centric

  • What/Why: Identifies valued assets and motivation
    - How: Identifies system design component strength and weaknesses.
23
New cards

Architecture-centric

  • Who: Identifies adversaries.
24
New cards

Attacker-centric

  • Who: Identifies adversaries.
25
New cards

Threat Intelligence

Threat intelligence is evidence-based knowledge about emerging threats that can be used to inform control decisions.

- Useful threat intelligence is aggregated, analyzed, assessed, and actionable.
- Aggregated from reliable sources and cross-correlated for accuracy.
- Analyzed by trained specialists.
- Assessed for relevancy.
- Actionable. Often includes context, mechanisms, indicators, implications and response / remediation advice.

26
New cards

Threat Intelligence Sources

Technology Vendors
Cybersecurity Companies
Journalists, Researchers & Thought Leaders
Government Agencies

27
New cards

Technology Vendors

Subscription and/or public feeds provided by vendors such as Microsoft, Cisco, or Apple.

28
New cards

Cybersecurity Companies

Subscription and/or public feeds provided by cybersecurity vendors such as TylerDetect, AlienVault, FireEye, RSA, and Secureworks.

29
New cards

Journalists, Researchers & Thought Leaders

Bruce Schneier, Jeremiah Grossman, Brian Krebs, Mark Russinovich, Kim Zetter, Nicole Perlroth, Andy Greenberg, Ellen Nakashima, etc.

30
New cards

Government Agencies

Data provided by agencies such as NIST, FBI, US-CERT, NVD, MITRE and the Cybersecurity & Infrastructure Agency.

31
New cards

Open-Source Intelligence (OSINT)

Open-Source Intelligence (OSINT) is a term used to refer to the data collected from publicly available sources to be used in an intelligence context.

- OSINT Framework a structured collection of OSINT tools.
- OSINT Framework is organized by topics and goals.
- It presents in a tree-form that allows you to browse different OSINT tools filtered by categories.
- FMI: http://osintframework.com/