Threat Actors

We need to create profiles of the different types of attacks we see.

Historically, cybersecurity techniques relied on the identification of static known threats, like viruses, rootkits, trojans, botnets, and other software-specific exploits. However, we also need to know the different types of people that might execute these attacks against organizations (along with their possible motives).

Attribute	Description
Internal External	Refers to the level of access the actor has prior to executing the attack.
Sophistication Capability	Refers to the level of skill the actor has, and their ability to use complex networking tools to execute their attack.
Resources Funding	Refers to the level of organization the threat actor has. Are they working in a group? Do they have specialized tools, or are they funded by a nation-state or organized crime group?

Actor Type	Description
Hacker	A single individual with the capability to execute an attack using networking tools.
Unskilled Attacker	A single individual that tries to use networking tool without the knowledge to execute new or complex attacks.
Hacker Teams and Hacktivists	A single person or a team of people that use their networking skills to promote a political agenda. They might attempt data exfiltration to obtain and release private or classified data to the public as part of that agenda.
Nation-state Actors	A nation that executes attacks as part of a political, military, or commercial goals. They have been implicated on attacks against energy, health, and electoral systems.
Organized Crime and Competitors	A group of criminals that use networking tools to make money, using methods like blackmail, ransomware, extortion, fraud, and others.
Internal Threat Actors	An individual that has already been granted access to several organization resources in the internal network.

Motivations

More often than not are security incidents simply an unintentional mistake made by an imperfect employee or contractor. If there is a motivation behind it, it can usually fall into three main categories:

Service Disruption
Data Exfiltration
Disinformation

Chaotic Motivations

Internet gangsters like to bring companies to a standstill just for the fun of it. For the sake of being able to say "we did that" and taking credit for the hack.

Financial Motivations

As hacking and malware became more complex, people found ways to monetize cybercrime, including using:

Blackmail
Extortion
Fraud

Political Motivations

Whistleblowing (call out an organization for unethical behavior)
Campaign of Disruption
Corporate or Nation-state Espionage

Sophisticated Attacks

Proliferation of Attack Software

Attack Scale and Velocity

Threat Actors

General Attack Strategies

General Defense Strategies

Attack Surfaces

Social Engineering

Malware

Overview of Cryptography

Asymmetric Encryption

Stream Ciphers

Block Ciphers

Blockchain

Cryptographic Attacks

GNU Privacy Guard

Smart Card Authentication

Linux Group Commands

Network Federation

NAC Agents

NAC Process

Implementing Switch Security

Physical Security

Reconnaissance

Vulnerability Types

Vulnerability Scanning

Threat Actors

We need to create profiles of the different types of attacks we see.

Motivations

Chaotic Motivations

Financial Motivations

Political Motivations