Domain 2 Threat Landscape - Threats
Risk Analysis Overview
Definition and purpose of risk analysis.
Understanding risks involves identifying assets within an organization.
Analyzing vulnerabilities and threats to these assets.
Assessing the impact of these threats and the frequency of occurrence.
Definition of Threat
Threat: Any potential danger.
Intentionally broad definition to encompass various types of threats:
Malicious insiders.
Natural disasters like floods or hurricanes.
Power outages or malfunctions, e.g., power plant failures.
Importance of recognizing all potential dangers that can exploit vulnerabilities and damage assets.
Classification of Threats
Internal Threats: Originating within the organization.
Examples include:
Accidental information disclosure.
Misconfigured systems.
Actions of malicious insiders.
External Threats: Originating outside the organization.
Examples include:
Natural disasters (force majeure).
Threat actors such as hacktivists and cybercriminals.
Malware like worms and viruses.
Threat Actors and Their Characteristics
Identification of various threat actors and their motivations.
Script Kiddies:
Typically young individuals with limited skills.
Use automated tools to conduct attacks (hacking scripts).
Despite their limited skills, they can inadvertently cause significant damage due to misconfiguration of tools.
Hacktivists:
Individuals motivated by political or social causes.
Aim to make a statement or gain media attention through their activities.
Cybercriminals:
Primarily motivated by financial gain.
Engage in activities like ransomware attacks that can be highly profitable.
Notably, global revenues from cybercrime may surpass the global drug trade, indicating substantial financial incentives.
Cyberterrorism:
Often backed by nation-states.
Involves attacks on organizations or other states to advance political agendas or interests.
Advanced Persistent Threats (APTs):
Skilled attackers focusing on long-term infiltration and minimal detection.
Characterized by a "low and slow" approach to maintain a persistent presence in target systems.
Key characteristics: advanced techniques, stealthy movement, long-lasting campaigns.
APTs can remain undetected in the target environment for years.
Advanced Persistent Threat Life Cycle
Key stages of APT attacks:
Initial Compromise:
Gaining access typically through social engineering (e.g., spear phishing) or exploiting zero-day vulnerabilities.
Establishing Foothold:
Attackers install backdoors to maintain access even if initial vulnerabilities are secured.
Privilege Escalation:
Gaining higher-level access, such as admin rights, to further infiltrate the network.
Reconnaissance:
Actively exploring the network to map out resources, often using passive methods (e.g., packet sniffing with tools like Wireshark).
Interestingly, attackers may sometimes have more accurate network maps than the organizations themselves.
Lateral Movement:
Moving within the network to access additional systems.
Maintaining Persistence:
Implementing measures to ensure continued access.
Covering Tracks:
Erasing or obfuscating evidence of their activities to evade detection.
Common Attack Vectors
Various methods through which attackers may gain unauthorized access:
Social Engineering:
Different forms include phishing, spear phishing, whaling, vishing (voice phishing), and smishing (SMS phishing).
Social Media Exploitation:
Utilizing quizzes or personal data to gather information that aids account compromise.
Unprotected Wi-Fi Networks:
Third-Party Compromise:
Attacking service providers with weaker security to gain access to the target organization.
Other methods include baiting, leading keyloggers, and various forms of malicious software.
Conclusion
Awareness of threats and understanding the methods utilized by attackers is crucial for effective risk assessment and mitigation in organizational environments.