Notes on Competitors, Threats, and Threat Intelligence

Script Kiddie:
- Motivation: Messing around; no malicious intent per se.
- Threat: Can accidentally cause damage due to lack of skill and using readily available freeware tools.
Crime Syndicate:
- Motivation: Primarily financial gain ($$.
Nation State:
- Motivation: Political objectives, intellectual property (IP) theft.
Hacktivist:
- Motivation: Political; disagree with company policies or broader sociopolitical issues.
- Capabilities: Generally skilled, with resources to execute targeted attacks.
General Classification: Threat actors are classified based on their resources, capabilities, and skill levels to understand their likely objectives and methods.

Motivation: Primarily financial (money), holding data/systems hostage.
Payment Method: Usually demands payment in cryptocurrencies like Bitcoin due to their unregulated nature, making transactions difficult to trace.
Blackmail Tactic: Threatens to release compromised data on the dark web if ransom is not paid.
Dark Web: A dangerous part of the internet; security teams must implement firewalls and Intrusion Prevention Systems (IPS) to prevent accidental or intentional access by personnel and align IP addresses to avoid association with these sites.

Denial of Service (DoS) / Distributed Denial of Service (DDoS):
- Objective: To disrupt services, falling under the Availability principle of the CIA triad and representing the Disruption aspect of the DAD (Disruption, Alteration, Disclosure) threat model.
- Impact: Can severely disrupt critical infrastructure such as SCADA (Supervisory Control and Data Acquisition) systems, electric grids, or power distribution plants. Modern attackers leverage malware across networks, potentially causing widespread and serious damage without physical presence.

Definition: The means or methods (media) that attackers use to gain access to a system or network.
Examples: Wi-Fi, cloud services, removable media (USB drives), third-party services, email, social media.
Vulnerability Principle: All mediums used for information exchange are inherently vulnerable. Security professionals must think like an intruder: if access is possible through a vector, an attacker can also exploit it.
Mitigation Strategies:
- Provide employees with necessary access for their jobs but avoid granting excessive, unrestricted access.
- Implement robust procedures, policies, and intrusion protection systems to enhance network security posture.
- For employees in classified environments, strict restrictions on social media use are critical due to increased targeting risks.

Email: Prone to exploits and phishing attacks, where malicious links or attachments trick users into compromising their systems.
Social Media: A significant source of vulnerability due to the constant sharing of information, making employees and organizations potential targets.
Wireless Networks: Lack a direct physical connection, creating 'air gaps' that can be exploited. Mitigating these vulnerabilities requires proper patching and robust security configurations.
Files and Images: Can be embedded with malicious code. If such a file is placed on a server (e.g., email server) that users traverse, it can impact everyone on that network.
White Hat Hackers: These authorized ethical hackers are crucial for identifying vulnerabilities in operating systems, applications, and device connections through penetration testing to improve the security posture.

Risk: Devices (routers, switches, workstations, servers, software) can be compromised with malicious code or backdoors during manufacturing, shipping, or distribution before reaching the organization.
Mitigation:
- Ensure all equipment meets specifications upon receipt.
- Thoroughly inventory and check all components.
- Conduct penetration testing by white hat hackers before connecting new equipment to the network.
- Security teams must assume responsibility for every piece of equipment on the network, adhering to a