CySA+ Lesson 2A PDF
Document Details
Uploaded by NiftyConcreteArt6078
Tags
Related
- Certified Cybersecurity Technician Information Security Threats and Vulnerabilities PDF
- Chapter 1 - 02 - Define Threat Actors_Agents - 03_ocred.pdf
- Chapter 02 - Cybersecurity Threat Landscape PDF
- Week 1 Introduction: The Danger (CS 6353) Network and System Security PDF
- 21 Compare and Contrast Common Cyberthreat Actors (PDF)
- Common Threat Actors and Motivations (PDF)
Summary
This document is a lesson on cybersecurity, focusing on threat classification, threat actors, and related concepts. It explores different types of actors like nation-states, organized crime, and hacktivists. The lesson also covers important concepts like zero-day threats and advanced persistent threats (APTs).
Full Transcript
CySA+ Lesson 2A Objectives Classifying threats and threat actor types Utilize attack frameworks and indicator management Utilize threat modeling and hunting methodologies Threat classification Known threats Malware Documented exploits against software vulnerabilities Unknown threats Zero-day explo...
CySA+ Lesson 2A Objectives Classifying threats and threat actor types Utilize attack frameworks and indicator management Utilize threat modeling and hunting methodologies Threat classification Known threats Malware Documented exploits against software vulnerabilities Unknown threats Zero-day exploits Obfuscated malware code Threat actor Types Threat intelligence must involve developing insight into the behavior of types of adversary groups based on their behavior. It is not enough to identify malware signatures and technical attack vectors only. Organized crime groups, hacktivist groups, and various other forms of threat entities can be monitored to determine who poses relevant threats to your organization It is important to identify the level of resources and funding that different adversaries might poses and whether they can develop malware that can evade basic security controls. We will delve into the the specific identifying factors of the following threat actor types: Nation-State Organized Crime Hacktivist Nation-State Groups with cybersecurity expertise, backed by governments to achieve either military or commercial goals Nation-States have the financial backing and technological skills that fall under the category of APTs An APT (Advanced Persistent Threat) refers to the ongoing ability of an adversary to compromise network security to obtain and maintain access (usually without notice for quite some time) using a variety of tools and techniques Nation-State (cont.) Nation-State actors have been implicated in attacks relating to energy and electoral systems. Goals of nation-state actors are primarily espionage and strategic advantage Some states may sponsor multiple adversary groups and these groups may have different objectives, resources, and degrees of collaboration with one another. Organized Crime In some countries cybercrime has far surpassed physical crime in terms of incident and in monetary losses. Organized crime groups don't even have to reside within the same country of those that they target. Typical activities of these groups include fraud and blackmail Hacktivists A hacktivist group will usually use their skills to promote a political agenda or ideology that they are affiliated with. They may attempt to obtain and release confidential information to the public, as well as perform DoS attacks or deface websites.. These groups mostly target political adversaries, media station, financial groups and companies. Examples of Hacktivist groups include: Anonymous Wikileaks Lulzsec Cyber Partisans https://en.wikipedia.org/wiki/Anonymous_(hacker_group) https://en.wikipedia.org/wiki/WikiLeaks https://en.wikipedia.org/wiki/LulzSec https://en.wikipedia.org/wiki/Cyber_Partisans Insider Threat Types Many threats operate outside of an organization, having to work their way inside to perform their malicious activities. An insider threat is an actor who already has inside access to the organization that it is targetting, such as employees or contractors. An insider threat may not always be malicious. Insider threats can fall under two categories: Intentional (someone who is purposely executing an attack from within the organization) Unintentional: (someone who through neglect, or an active mistake leads to a vulnerability or data leak within the organization. They can also unwittingly leave attack vectors open for actual malicious actors) One example of an unintentional insider threat is Shadow IT Commodity Malware Code that can be used in general circumstances. These are usually prepackaged and are up for sale on the internet for people to purchase and use. Examples of commodity malware include: RATs DDoS tools Commodity malware is usually not designed with a specific target in mind. Zero-Day Threats A vulnerability that is discovered or exploited before a vendor can issue a patch to fix it In some cases the vendor may not even know that this vulnerability exists in the first place Zero-days are mainly discovered and exploited by adversary groups as they continually look for vulnerabilities that can be exploited. Security researchers also discover these vulnerabilities and inform the vendors privately so that they can fix them. Zero-day vulnerabilities have significant financial value. A zero-day exploit for a mobile OS can be worth millions of dollars. Due to this an adversary will only use a zero-day vulnerability for high value attacks Advanced Persistent Threat (APT) An APT can either be a group of attackers or a method of attack that a group uses. APTs are highly organized and highly capable groups who has the time and ability to discover exploits for high value targets and maintains persistence in their system. With an APT the adversary is going to remove evidence of their attack while still having a backdoor into the system to allow for them to reconnect and exfiltrate the data that they want at the right time for them.
