Threat Actors (OBJ 1.2, 2.1, 2.2)

Threat Actor

• An individual or entity responsible for incidents that impact security and data protection

Threat Actor Motivations

• Data Exfiltration
• Blackmail
• Espionage
• Service Disruption
• Financial Gain,
• Philosophical/Political Beliefs
• Ethical Reasons
• Revenge
• Disruption/Chaos
• War

Threat Actor Attributes

Specific characteristics or properties that define and differentiate various threat actors from one another

• Internal vs. External Threat Actors
• Differences in resources and funding
• Level of sophistication

Types of Threat Actors

• Unskilled Attackers
  • Limited technical expertise, use readily available tools
• Hacktivists
  • Driven by political, social, or environmental ideologies
• Organized Crime
  • Execute cyberattacks for financial gain (e.g., ransomware, identity theft)
• Nation-state Actor
  • Highly skilled attackers sponsored by governments for cyber espionage or warfare
• Insider Threats
  • Security threats originating from within the organization

Shadow IT

• IT systems, devices, software, or services managed without explicit organizational approval

Threat Vectors and Attack Surfaces

• Message-based
• Image-based
• File-based
• Voice Calls
• Removable Devices
• Unsecured Networks

Deception and Disruption Technologies

• Honeypots
  • Decoy systems to attract and deceive attackers, simulating real-world IT assets to study their techniques
• Honeynets
  • Network of decoy systems for observing complex multi-stage attacks
• Honeyfiles
  • Decoy files to detect unauthorized access or data breaches
• Honeytokens
  • Fake data to alert administrators when accessed or used (e.g. fabricated user credentials)