2A: Threat Actor Types and Attack Vectors

Vulnerability

A weakness that could be triggered accidentally or exploited intentionally to cause a security breach.

Threat

the potential to exploit a vulnerability. May be intentional or unintentional.

Risk

likelihood and impact/consequence of a threat actor exploiting a vulnerability.
Vulnerability + Threat = Risk
Impact x Likelihood = Risk

Attributes of Threat Actors

1. Location: external vs internal
2. Intent: what the attacker hopes to achieve from the attack. Should also take into account motivation (reason for perpetrating the attack). Threats can be categorized as structured or unstructured aka targeted or opportunistic.
3. Capability: Threat actor's ability to craft exploit techniques and tools. Includes level of sophistication, resources, and funding.

Hacker

an individual who has the skills to gain access to computer systems through unauthorized or unapproved means.

Black vs White vs Gray Hat Hacker

Black - unauthorized
White - authorized
Gray - semi-authorized, may try to find vulnerabilities without owner permission but does not exploit any they find. Might seek voluntary compensation.

Script Kiddie

someone who uses hacker tools without necessarily understanding how they work or having the ability to craft new attacks.

Hacktivist

group or individual that uses cyber weapons to promote a political agenda. May attempt to obtain and release confidential information, perform DoS attacks, or deface websites.

Advanced Persistent Threat (APT)

the ongoing ability of an adversary to compromise network security - to obtain and maintain access - using a variety of tools and techniques.

State Actors

individual/group sponsored by a national government, military, or security service that protects them by allowing them to maintain "plausible deniability". Goals are primarily espionage and strategic analysis. Known to target energy and health network systems.

Criminal Syndicate

A type of threat actor that uses hacking and computer fraud for commercial gain. Can operate across the internet from different jurisdictions than its victims, increasingly the complexity of prosecution.

Insider Threat

An actor from within an organization that already has some sort of access. Can often be unintentional or inadvertent due to lack of awareness or from carelessness.

Shadow IT

Users purchase or introduce computer hardware or software to the workplace without the sanction of the IT department and without going through a procurement or security analysis process.

Attack Surface

all the points at which a malicious threat actor could try to exploit a vulnerability. Can be considered for a network as a whole or individual applications. Attack surface for an external actor is far smaller than an internal.

Attack Vector

the path that a threat actor uses to gain access to a secure system. Sophisticated threat actors will use multiple attack vectors (multi-stage campaign vs smash and grab).

Types of Attack Vectors

1. Direct access - physical or local attack
2. Removable media - malware contained in a USD/memory card
3. Email - phishing
4. Remote and wireless - obtains credentials for remote access or wireless connection to network, cracks security protocols for authentication
5. Supply chain - attacks target indirectly through supply chain partners
6. Web and social media - compromised sites and concealed downloadable malware
7. Cloud - only one account/service/host is needed to access entire cloud