🔐
CompTIA Security+
  • Introduction
  • Threats, Vulnerabilities, and Attacks
    • Threats
      • Threat Actors
      • Malware
    • Vulnerabilities
      • Vulnerability Research
      • Vulnerability Discovery
    • Attacks
      • Social Engineering
      • Password Guessing
      • Services & Applications
      • Wireless Communications
  • Technologies and Tools
    • Devices
      • Network Devices
      • Mobile Devices
    • Tools
    • Analysis
    • Troubleshooting
  • Architecture and Design
    • Frameworks & Guides
    • Cloud & Virtualization
    • Physical Security
    • Network Design
    • System Design
      • System Development
      • Application Security
      • Automation
    • Embedded Systems
  • Identity and Access Management
    • Concepts
    • Services
    • Controls
    • Procedures
  • Risk Management
    • Policy
    • Business Impact Analysis
    • Security Controls
    • Information Security
      • Data Security
      • Privacy
    • Contingency Planning
      • Incident Response
      • Disaster Recovery
      • Continuity of Operations
  • Cryptography and PKI
    • Concepts
    • Algorithms
    • Protocols
      • Authentication Protocols
      • Encryption Protocols
      • Network Service Protocols
    • Public Key Infrastructure
      • Concepts
      • Components
      • Certificates
Powered by GitBook
On this page
  • Attributes
  • Motivation & Intent
  • Internal vs External
  • Resources & Funding
  • Level of Sophistication
  • Types
  • Script Kiddies
  • Hacktivists
  • Insiders
  • Competitors
  • Organized Crime
  • Nation States & APTs

Was this helpful?

  1. Threats, Vulnerabilities, and Attacks
  2. Threats

Threat Actors

Explain threat actor types and attributes.

Throughout your career, leadership will ask you to communicate the probability and impact of something bad happening on the network (i.e. an incident). Your success in doing so will largely depend on your ability to accurately describe Threat Actors using their attributes and types.

Threat Actors are people who want to exploit the security flaws in your organization.

Attributes

Attributes are what set people apart. For example, consider the following: reasons why someone might become a cybersecurity professional, the kind organization they might dream of joining, how much support they have in obtaining the goal, and the effectiveness of their skills. Maybe they think the organization has cool jobs and that'll pay well. What if they want to share their identity as a globally respected company? Maybe they have only a laptop they bought from Walmart or maybe they have their own data center. What if they are incredibly capable or just know enough to show-off? These are the kind of attributes we will use to distinguish one Threat Actor from another.

Motivation & Intent

Threat Actors are motivated by fame, politics, revenge, competition, money, or national security. In my mind, I like to discern between the words Motivation and Intent. To me, Motivation represents what causes you to get off the couch. Intent represents where you plan to go. For example, you might be motivated to get up because you're hungry. Yet, your intent (goal) is to get a sandwich. I highly doubt CompTIA will ever expect you to make this distinction but this helps me in the way I think about a Threat Actor's "why, reason, etc." So maybe it'll help you.

Internal vs External

Threat Actors are oriented as either inside or outside of your organization. This attribute is important because people "on the inside" will the knowledge necessary to cause the greatest damage. Imagine someone who is expected to have administrator access versus a stranger. Your security operations might be focused on finding the abnormality yet, what if the source of an incident is the very person investigating it?

Resources & Funding

Threat Actors need equipment and the means to sustain their operations. Knowing or understanding these details about an adversary will allow you to gauge the duration/effect of the attack they planned. It will also help leadership decide which risk mitigation strategy they want to invoke. If it's a short-term attack by a Threat Actor with limited resources, you might recommend something superficial to mitigate it (ex: new firewall rule blocking the source IP address of the attack). Yet, if the organization falls victim to the corporate espionage you might recommend something significant like revamping the entire employee on-boarding and off-boarding process.

Level of Sophistication

The word sophistication means "not simple" and can be used as a spectrum to describe how creative and capable Threat Actors are. For example, a very sophisticated Threat Actor might spend months performing online and in-person reconnaissance against their target before striking. Meanwhile, the kid next door to the same Threat Actor might randomly execute code they found on social media. They don't know exactly what it'll do, but they're interested because it looks like something Elliot Alderson does.

If you've never heard of Elliot Alderson, do a web search for the television show "Mr. Robot." There's also a French hacker of the same pseudo name on Twitter who specializes in Application Security. He goes by the handle "fs0c131y."

Types

Think of Threat Actor attributes like ingredients to food and Types as the different dishes one might make. What I explained above goes into every Threat Actor. The terms below represent the different kinds of Threat Actors you will encounter.

Script Kiddies

Script Kiddies are people with very limited skills/support who are normally outside your organization and wish to cause an incident for fame or bragging rights.

Hacktivists

Hacktivists are activists with an above-average set of IT skills who hack for political reasons. Therefore, they could be part of your organization or outside of it. Their real power comes from their ability to crowd-source support. In my opinion, this is the reason why "hackers" in general are now depicted with Guy Fawkes masks. There's a movie called "V for Vendetta" where the main protagonist (wearing the infamous mask) says "ideas are bulletproof." To me, this means even if you defeat or thwart one Hacktivist, as long as their political beliefs are in opposition of your organization, they will never stop.

Insiders

Insiders, or Insider Threats, are disgruntled people who currently work or use to work for your organization. They are mostly motivated by revenge and having varying levels of sophistication/support.

Competitors

Competitors are external people who seek to out-perform your organization. They normally conduct what is called Corporate or Cyber Espionage to collect intelligence on how your business operates and what they have planned.

Organized Crime

Organized criminals are groups of people who are motivated by financial gain. Their activities include identity theft and money laundering.

Nation States & APTs

Advanced Persistent Threats (APTs) are the most sophisticated kind of Threat Actor external to your organization. They are government resourced/funded groups who attack via cyberspace to ensure the survivability of their Nation State. A Nation State is a self-governing country who's politics align with it's culture. China and APT 1 are perfect examples.

PreviousThreatsNextMalware

Last updated 4 years ago

Was this helpful?