DACS 2201 - Threat Actors, Attack Vectors, and Impacts
Learning Objectives
Discriminate between various threat actors based on their specific attributes and motivations.
Identify and categorize common attack vectors used to penetrate systems.
Explain the relationship between the security of individual system components and the overall security of the system.
Describe and differentiate between various types of social engineering attacks.
Introduction to Threat Actors
Definition of a Threat Actor: A threat actor, also commonly referred to as an attacker, is an individual or entity responsible for a cyber incident targeting the technology equipment, networks, or data of enterprises and individual users.
Categories of Cybercrime Based on Targets: Cybercrime is typically divided into three primary categories depending on the intended target: * Individual Users: The primary motivation is profit. This involves stealing personal data such as credit card numbers and financial information. * Enterprises: The goal is often strategic or competitive gain. This includes stealing research and design documents for products to sell them to competitors. * Governments: The focus is on espionage or political damage. This involves spying on government entities to steal defense plans or publishing sensitive, secret information to cause national or international embarrassment.
Classifications of Hackers
Definition of a Hacker: A term used to describe an individual possessing high-level computer and technical skills.
Classification by Intent and Legality: * Black Hat Hackers: These individuals violate computer security protocols and may cause significant damage or disruption for the purpose of personal gain. * White Hat Hackers: These individuals are security professionals who obtain explicit permission to probe an organization's systems. Their goal is to identify weaknesses and report findings to the owner to improve security. * Gray Hat Hackers: These attackers attempt to break into systems without permission, which constitutes an illegal activity. However, they usually do not act for personal advantage; instead, they disclose their results publicly to cause embarrassment to the organization and push them toward taking corrective action.
Modern Categories of Threat Actors
Script Kiddies: Individuals who desire to perform cyberattacks but lack the necessary technical knowledge or coding skills. They rely on freely available, pre-written attack tools to carry out their activities.
Hacktivists: Attackers strongly motivated by ideology, principles, or specific beliefs. They aim to make political statements or force social/political change.
Insiders: These are trusted individuals within an organization, such as employees, contractors, or business partners, who use their access to cause damage or steal data.
Industrial Espionage: This involves competitors who launch cyberattacks specifically against their opponents to gain a market advantage.
Criminal Syndicates: Organized groups consisting of hackers, developers, and other tech-focused criminals. They collaborate to perform large-scale crimes, including massive financial heists, blackmail, and cyber terrorism.
State Actors: Governments or states that sponsor cyberattacks against their enemies. Attributes include: * Access to and use of state-of-the-art technology. * Active involvement in multi-year intrusion campaigns. * Targeting of highly sensitive economic data, proprietary information, or national security secrets. * Association with the most lethal form of attack, known as the Advanced Persistent Threat (APT). * Reference Material: Video (duration ): "The Secret Lives of Hackers".
Questions & Discussion (Part 1)
Scenario Question: A group of threat actors launched an attack against a system belonging to a bank that froze some accounts belonging to their supporters. Which category could these attackers be classified into? * Script Kiddies. * Industrial espionage groups. * Criminal syndicate group. * State actors. * Hacktivists (Correct Answer).
Overview of Attack Vectors
Definition of an Attack Vector: A pathway or means used by a threat actor to penetrate a system or network.
Common Attack Vectors: * Email: Attackers use deception to trick recipients into clicking malicious links or opening infected attachments. * Wireless: Unsecured wireless networks allow data carried through airwaves to be easily intercepted by unauthorized parties. * Removable Media: Devices like USB drives can be infected with malware. Attackers may intentionally leave these in public spaces or give them to users to compromise their systems upon insertion. * Direct Access: This involves physical access to computers or network hardware. Direct physical access is considered the most dangerous threat, as it makes hacking significantly easier compared to remote access attempts. * Social Media: Attackers gather information from public posts to determine optimal timing and methods (e.g., tracking when an employee is away on vacation). Reference Material: Video (duration ): "A Cyber Privacy Parable". * Supply Chain: This refers to the entire network moving a product from supplier to customer, involving vendors, manufacturers, warehouses, distribution centers, and retailers. Attackers target the "weakest link" in this chain, allowing the compromise to propagate through the entire network. Reference Material: Video (duration ): "What is a Supply Chain Attack?". * Cloud: As enterprises migrate resources to remote cloud servers, the inherent complexity of these systems provides threat actors with opportunities to find and exploit security weaknesses.
Impacts of Successful Cyberattacks
Data Impacts: While systems may be damaged, data is increasingly the primary target of attacks. Forms of data impact include: * Data Loss: Rendering data unrecoverable, such as erasing student records from a university database. * Data Exfiltration: Stealing data for the purpose of distribution to third parties, such as selling a customer list to a competitor. * Data Breach: Stealing data to disclose it publicly or without authorization, such as dumping social media account info on the internet. * Identity Theft: Stealing Personally Identifiable Information (PII) to impersonate an individual, like using a social security number to open a fraudulent credit card account.
Enterprise Effects: * Availability: Attacks can render an enterprise's system completely unavailable to users. * Reputation: A loss of customer trust and a negative shift in public perception following a security failure. * Financial Loss: Costs associated with repairing systems, alongside drops in sales and revenue resulting from the loss of customers.
Social Engineering: Psychological Approaches
Definition of Social Engineering: A method of gathering data by exploiting the inherent psychological weaknesses or tendencies of individuals.
Psychological Triggers Used by Attackers: * Exhibiting Authority: Claiming to be a high-ranking official like a CEO. * Intimidating: Using threats, such as threatening to contact a manager if a demand (like unblocking a website) isn't met. * Giving Urgency: Forcing quick decisions by claiming a transaction must be completed immediately. * Showing Trust: Exploiting personal rapport or goodwill.
Influence Campaigns: Used to sway public sympathy or attention in specific directions. Reference Material: Video (duration ): "How Cambridge Analytica Exploited the Facebook Data of Millions | NYT".
Specific Psychological Approaches: * Impersonation: Pretending to be someone else, such as an employee calling IT support for assistance. Reference Material: Video (duration ): "Watch this hacker break into a company". * Phishing: Sending emails to trick users into revealing private data like passwords or bank accounts. * Spear Phishing: Phishing that targets specific, identified users. * Whaling: Targeting high-net-worth individuals or senior executives in high positions. * Vishing: Phishing conducted via phone calls. * Smishing: Phishing conducted via SMS or text messaging. * Additional Reference: Video (duration ): "Hacking challenge at DEFCON". * Redirection: Directing users to fake websites (e.g., amozon.com instead of amazon.com) to generate ad traffic and profit. * Spam: Mass sending unsolicited emails, often promoting fake or overpriced products for profit. * Hoax: Sending false warnings about system infections to trick users into deleting files or changing system configurations. * Watering Hole: Targeting a specific small group (like managers) by infecting a common website they visit (like a supplier's site) to eventually compromise their professional computers.
Social Engineering: Physical Approaches
Dumpster Diving: Searching through discarded trash to find documents or information that can facilitate an attack.
Tailgating: Following an authorized person through a secured entrance immediately after they open the gate or door.
Shoulder Surfing: Physically observing a person as they enter sensitive information, such as login passwords or ATM PIN numbers.
Questions & Discussion (Part 2)
Scenario Question: An attacker crafts a phishing email targeting the employees in the accounting department. It tells the employee that their account was breached, and they need to change their password by following a link in the email. Which of the following is the best to describe this email? * Spear phishing (Correct Answer - because it targets a specific department/group). * Smishing. * Spam. * Watering hole. * Whaling.