Chapter 2: Threat Actors, Attack Vectors, and Impacts

Threat Actors

an individual or entity responsible for cyber incidents against the technology equipment of enterprises and users

Individual Users

[Cybercrime Targets] stealing personal data to make profit

Enterprises

[Cybercrime Targets] stealing research/design documents of a product and selling them to customers

Governments

[Cybercrime Targets] spying on governments to steal defense plans or publishing secret information to embarrass them

Hacker

a person with high computer skills

Black Hat Hackers

[Hacker Types] violate computer security and may cause damage for personal gain

White Hat Hackers

[Hacker Types] take permission to probe an organization's system for weaknesses and report the findings

Gray Hat Hackers

[Hacker Types] attackers who attempt to break into a system without permission (an illegal activity) and disclose the results to cause embarrassment and push for action, not for their own advantage

Script kiddies

[Attacker Types] individuals who want to perform attacks yet lack technical knowledge and use freely available attack tools to carry them out.

Hacktivists

[Attacker Types] are strongly motivated by ideology (for the sake of their principles or beliefs). They often want to make a political statement or push for a change.

Insiders

[Attacker Types] often a trusted employee, contractor, or business partner who may cause damage.

Industrial espionage

[Attacker Types] competitors launching attacks against their opponents.

Criminal syndicates

[Attacker Types] groups of hackers, developers, and other tech outlaws who collaborate to perform massive crimes such as heists, blackmail, cyber terrorism, etc.

State actors

[Attacker Types] are sponsored by states/governments for launching cyberattacks against their enemies.

Attack Vector

a pathway used by a threat actor to penetrate a system

Email

[Attack Vectors] trick the recipient to click a malicious link or open an attachment.

Wireless

[Attack Vectors] data carried through airwaves can be easily intercepted in unsecured wireless networks.

Removable media

[Attack Vectors] USB drives can be infected with malware and intentionally given/left to users who pick them up.

Direct access

[Attack Vectors] physical access to computers or network devices poses the most dangerous threat. Direct access to a device makes it a lot easier to hack it than remote access.

Social media

[Attack Vectors] information posted on social media may help the attacker determine the right time and method of attack (e.g., when an employee is on vacation).

Supply chain

[Attack Vectors] a network that moves a product from the supplier to the customer and is made up of vendors, manufacturers, warehouses, distribution centers, and retailers.

Cloud

[Attack Vectors] as enterprises move their computing resources to remote cloud servers and storage devices, threat actors take advantage of the complexity of these systems to find security weaknesses.

Data loss

[Impact on Data] destroying data beyond recovery, e.g., erasing students' records from a university system.

Data exfiltration

[Impact on Data] stealing data to distribute it to other parties, e.g., stealing the list of customers and selling it to a competitor.

Data breach

[Impact on Data] stealing data to disclose without authorization, e.g., stealing account information of a social media platform and dumping it on the public internet.

Identity theft

[Impact on Data] taking personally identifiable information (PII) to impersonate someone, e.g., getting social security number of someone to apply for credit card under their name.

Availability

[Effects on Enterprise] an attack could make the system of an enterprise unavailable.

Reputation

[Effects on Enterprise] customers could lose trust or change their perception of the enterprise.

Financial loss

[Effects on Enterprise] an enterprise may have to pay for the repairs and may suffer from drop in sales & revenue due to customer loss.

Social engineering

is a means of gathering data by relying on the weaknesses of individuals.

Impersonation

[Psychological Approaches] the attacker may pretend to be an employee calling the IT support for help.

Redirection

[Psychological Approaches] the attacker directs a user to a fake site that looks like the original site but is filled with ads so the attacker can make money from the generated traffic (amozon.com instead of amazon.com).

Spam

[Psychological Approaches] the attacker sends an unsolicited email to a large number of recipients. Usually, the attacker advertises a fake or overpriced product, if few recipients respond, the profit is huge.

Hoax

[Psychological Approaches] the attacker sends a false warning (e.g., a malware was found in your system) and asks the user to act (delete files or change configurations).

Watering hole

[Psychological Approaches] the attacker targets a smaller group such as managers who visit a common website (e.g., a supplier website) and infects it with a malware that will make its way up to their computers.

Phishing

[Psychological Approaches] the attacker sends an email to trick the user into providing private information such as passwords, bank account numbers, etc.

Spear phishing

[Phishing] targets specific users.

Whaling

[Phishing] targets wealthy individuals or executives in higher positions.

Vishing

[Phishing] uses phone calls instead of emails.

Smishing

[Phishing] uses texting or short message services (SMS).

Dumpster diving

[Physical Approaches] the attacker looks in trash to find information that can be useful in an attack.

Tailgating

[Physical Approaches] the attacker follows an employee who is authorized to enter a building and enters directly behind them when the gate is open.

Shoulder surfing

[Physical Approaches] the attacker observes someone entering secret information, such as a password to log in or the PIN number on an ATM keypad.