adam's notes

Types of Threat Actors

Hacker

Hacker describes an individual who has the skills to gain access to computer systems through unauthorized or unapproved means.

  • uses various techniques to exploit vulnerabilities in computer systems or networks
  • can be authorized or unauthorized
  • kinds:
    • white hat/authorized
      • aka ethical hacker
      • is non-malicious and tasked by a system owner to identify the system’s vulnerabilities
      • operate with permission and good intent
    • grey hat/semi-authorized
      • is a non-malicious actor who attempts to find a system’s vulnerabilities without the knowledge of the system owner and for the purpose of informing the system’s owner about the threats to the system
      • operate without permission, but with good intent
    • black hat/unauthorized
      • is a malicious actor who identifies and exploits a system’s vulnerabilities without the knowledge or consent of the system’s owner
      • operate illegally with malicious intent

Unskilled Attackers

A unskilled attacker is an inexperienced, unskilled attacker that typically uses tools or scripts created by others.

  • aka script kiddie
  • uses hacker tools without necessarily understanding how they work or having the ability to craft new attacks.
  • attacks might have no specific target or any reasonable goal other than gaining attention or proving technical abilities

Hacker Teams and Hacktivists

An activist is a person who believes in social or political change and participates in activities such as public protests to support a cause.

A hacktivist is a threat actor that is motivated by a social issue or political cause.

  • hacktivist group uses cyber weapons to promote a political agenda
  • might attempt to:
    • use data exfiltration to obtain and release confidential information to the public domain
    • perform service disruption attacks
    • or deface websites to spread disinformation
  • political, media, and financial groups and companies are most at risk of becoming a target for hacktivists
  • environmental and animal advocacy groups may target companies in a wide range of industries

Nation-State Actors

Advanced persistent threat (APT) is a threat actor who gains unauthorized access to a high-value target for an extended period of time.

  • refers to an attacker’s ability to obtain, maintain, and diversify access to network systems using exploits and malware
  • coined to understand the behavior underpinning modern types of cyber adversaries

A nation-state actor is a type of threat actor that is supported by the resources of its host country’s military and security services.

  • goals:
    • primarily disinformation and espionage for strategic advantage
    • target companies for financial gain
  • typically work independently from the national government
    • to maintain plausible deniability
    • pose as independent groups or hacktivists
  • may wage false flag to implicate other states

Organized Crime

Organized crime is a type of threat actor that uses hacking and computer fraud for commercial gain.

  • seek any opportunity for profit
  • rogue business might use cyber espionage against its competitors

Cyber syndicate is a criminal syndicate which uses the Internet to engage in criminal conduct.

  • activities include:
    • fraud
    • extortion
    • ransom
    • identity theft
  • are organized and well-funded
  • capable of conducting sophisticated attacks against a wide range of targets

Insider Threat

An internal threat actor is an type of threat actor who is assigned privileges on the system that cause an intentional or unintentional incident.

  • aka insider threat
  • 2 kinds:
    1. employees - insiders with permanent privileges
    2. contractors and guests - insiders with temporary privileges
  • can be unintentional/inadvertent
    • e.g., shadow IT

Graph View

Backlinks