Threat Classification and Threat Actors

Unknown Threats

• Look for behavior instead of signatures

• Very advanced

• Very new: zero-day or 0-day. Vulnerability without a patch

• https://portswigger.net/daily-swig

The Johari Window

• What WE know

• vs What OTHERS know.

Bug Bounties - Rewards for finding and reporting vulnerabilities

• https://www.bugcrowd.com/

Bad Actors

• Advanced Persistent Threat (APT)

  • Advanced tools, coordinated group

  • Persistent, undetected

  • Threat, malicious actors

  • https://www.mandiant.com/resources/insights/apt-groups

  • Exam tip: APT's are well funded. Sometimes government supported.

• Organized Crime - financial gain. Cyber terrorism = just destruction

• Hactivists - digital protest. Deface websites. DDoS.

• Nation States - Governments. Usually fund APTs.

• Script kiddies - beginner hackers. Low skills.

• Recreational Hackers - CTF. Hacking for fun.

• Professional Hackers - Ethical hackers. Penetration testers.

• Suicide Hackers - Don't care if they get caught. Desperate hackers.

• Insider threat - Somebody internal to the organization.

  • Intentional or unintentional

  • Dangerous, access already granted

  • Anger, financial gain, bribes, threats

  • Shadow IT

• Commodity Malware - available for everyone! Most common.

  • Malware samples: https://github.com/andreiciorba/theZoo/tree/master/malware/Binaries

  • Make your own malware: Empire project: https://github.com/EmpireProject/Empire/wiki/Quickstart

  • Darkweb

  •