Threat Classification and Threat Actors

Unknown Threats
- Look for behavior instead of signatures
- Very advanced
- Very new: zero-day or 0-day. Vulnerability without a patch
- https://portswigger.net/daily-swig
The Johari Window
- What WE know
- vs What OTHERS know.
Bug Bounties - Rewards for finding and reporting vulnerabilities
- https://www.bugcrowd.com/
Bad Actors
- Advanced Persistent Threat (APT)
  - Advanced tools, coordinated group
  - Persistent, undetected
  - Threat, malicious actors
  - https://www.mandiant.com/resources/insights/apt-groups
  - Exam tip: APT's are well funded. Sometimes government supported.
- Organized Crime - financial gain. Cyber terrorism = just destruction
- Hactivists - digital protest. Deface websites. DDoS.
- Nation States - Governments. Usually fund APTs.
- Script kiddies - beginner hackers. Low skills.
- Recreational Hackers - CTF. Hacking for fun.
- Professional Hackers - Ethical hackers. Penetration testers.
- Suicide Hackers - Don't care if they get caught. Desperate hackers.
- Insider threat - Somebody internal to the organization.
  - Intentional or unintentional
  - Dangerous, access already granted
  - Anger, financial gain, bribes, threats
  - Shadow IT
- Commodity Malware - available for everyone! Most common.
  - Malware samples: https://github.com/andreiciorba/theZoo/tree/master/malware/Binaries
  - Make your own malware: Empire project: https://github.com/EmpireProject/Empire/wiki/Quickstart
  - Darkweb

Last updated 2 years ago