Threat Actor Attributes

(OBJ 2.1)

2 Most Basic Attributes of a Threat Actor

• Internal Threat Actors
  • Individuals or entities within an organization who pose a threat to its security
  • Angry employees, contractors or business associates
  • Intimate knowledge of internal architecture
• External Threat Actors
  • Individuals or groups outside an organization who attempt to breach its cybersecurity defenses
  • Cybercriminals, activists, competitors, or state sponsored actors

Resource level (resources and funding)

• Resources and funding available to the specific threat actor
  • Tools, skills, and personnel at the disposal of a given threat actor
  • Computer power, budget, personnel, etc.

Level of sophistication and capability

Level of sophistication and capability of the specific threat actor

• Refers to their technical skill, the complexity of the tools and techniques they use, and their ability to evade detection and countermeasures

• Usually rated on a scale from low to high

• In the world of cybersecurity, we usually classify the lowest skilled threat actors as "script kiddies"

• Script Kiddie

  • Individual with limited technical knowledge
  • use pre-made software or scripts to exploit computer systems and networks
  • Often without understanding underlying principles

• High level threat actors

  • Nation-state actors, Advanced Persistent Threats and others have high levels of sophistication and capabilities and possess advanced technical skills and tools
  • Use sophisticated tools and techniques