Chapter 1 - 02 - Define Threat Actors_Agents - 01_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Module Exam 212-82 Flow Define Threats Sources Define Threat Actors/ Agents Define Malware and its Types @ Define Vulnerabilities Understand Different Types of Vulnerabilities Copyright © by EC L. All Rights Reserved. Reproduction i Strictly Prohibited Define Threat Actors/Agents A security professional must know different types of threat actors/agents to understand the attacker’s perspective in hacking attempts. This section helps understand the different types of threat actors. Further, this section discusses the attributes of threat actors and threat vectors. Module 01 Page 11 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 Threat Actors/Agents & R & Black Hats White Hats Gray Hats Hachoas Individuals with ; they resort to malicious or destructive Individuals who use their professed hacking skills for defensive purposes and are also known Individuals who work both and at various times activities and are also known as crackers A Suicide Script Kiddies Individuals who aim to bring down the critical infrastructure for a "cause" and are not worried about facing jail An unskilled hacker who compromises a system by as security terms or any were developed analysts other kind of punishment by real hackers , and software that Threat Actors/Agents (Cont’d) Individuals with a wide range of skills who are motivated by religious or political beliefs to create the fear through the large-scale disruption of computer networks 1' / \ Sfah;Sz::soxed Individuals employed by the government to penetrate and gain top-secret information from, and damage the information systems of other governments Individuals who promote a political agenda by hacking, especially by using hacking to deface or disable website Hacker Teams A consortium of skilled hackers having their own resources and funding. They work together in synergy for researching the state-of- the-art technologies Industrial Spies Individuals who perform corporate espionage by illegally spying on competitor organizations and focus on stealing information suchas blueprintsand formulas Module 01 Page 12 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 Threat Actors/Agents?—?C'J—ont’d') Insider Criminal Syndicates ' Organized Hackers Any employee (trusted person) who Groups of individuals that are Miscreants or hardened has access to critical assets of an organization. They use privileged access to violate rules or intentionally cause harm to the involved in organized, planned, and prolonged criminal activities. They illegally embezzle money by performing sophisticated cyber- criminals who use rented devices or botnets to perform various cyber-attacks to pilfer money from victims organization’s information system attacks L ANl Rights Reserved. Reproduction is Strictly Prohibited Threat Actors/Agents Threat actors usually fall into one of the following categories, according to their activities: = Black Hats: Black hats are individuals who use their extraordinary computing skills for illegal or malicious purposes. This category of hacker is often involved in criminal activities. They are also known as crackers. = White Hats: White hats or penetration testers are individuals who use their hacking skills for defensive purposes. These days, almost every organization has security analysts who are knowledgeable about hacking countermeasures, which can secure its network and information systems against malicious attacks. They have permission from the system owner. = Gray Hats: Gray hats are the individuals who work various times. Gray hats might help hackers to find network and, at the same time, help vendors hardware) by checking limitations and making them both offensively and defensively at various vulnerabilities in a system or to improve products (software or more secure. = Suicide Hackers: Suicide hackers are individuals who aim to bring down critical infrastructure for a “cause” and are not worried about facing jail terms or any other kind of punishment. Suicide hackers are similar to suicide bombers who sacrifice their life for an attack and are thus not concerned with the consequences of their actions. = Script Kiddies: Script kiddies are unskilled scripts, tools, and software developed quantity, rather than the quality, of the specific target or goal in performing the hackers who compromise systems by running by real hackers. They usually focus on the attacks that they initiate. They do not have a attack and simply aim to gain popularity or prove their technical skills. Module 01 Page 13 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities = Exam 212-82 Cyber Terrorists: Cyber terrorists are individuals with a wide range of skills who are motivated by religious or political beliefs to create the fear of large-scale disruption of computer networks. = State-Sponsored Hackers: State-sponsored hackers are skilled individuals having expertise in hacking and are employed by the government to penetrate, gain top-secret information from, and damage the information systems of other government or military organizations. The main aim of these threat actors is to detect vulnerabilities in and exploit a nation’s infrastructure and gather intelligence or sensitive information. = Hacktivist: Hacktivism is a form of activism in which hackers break into government or corporate computer systems as an act of protest. Hacktivists use hacking to increase awareness of their social or political agendas, as well as to boost their own reputations in both online and offline arenas. They promote a political agenda especially by using hacking to deface or disable websites. In some incidents, hacktivists may also obtain and reveal confidential information to the public. Common hacktivist targets include government agencies, financial institutions, multinational corporations, and any other entity that they perceive as a threat. Irrespective of hacktivists’ intentions, the gaining of unauthorized access is a crime. = Hacker Teams: A hacker team is a consortium of skilled hackers having their own resources and funding. They work together in synergy for researching state-of-the-art technologies. These threat actors can also detect vulnerabilities, develop advanced tools, and execute attacks with proper planning. * Industrial Spies: Industrial spies are individuals who perform corporate espionage by illegally spying on competitor organizations. They focus on stealing critical information such as blueprints, formulas, product designs, and trade secrets. These threat actors use advanced persistent threats (APTs) to penetrate a network and can also stay undetected for years. In some cases, they may use social engineering techniques to steal sensitive information such as development plans and marketing strategies of the target company, which can result in financial loss to that company. * Insiders: An insider is any employee (trusted person) who has access to critical assets of an organization. An insider threat involves the use of privileged access to violate rules or intentionally cause harm to the organization’s information or information systems. Insiders can easily bypass security rules, corrupt valuable resources, and access sensitive information. Generally, insider threats arise from disgruntled employees, terminated employees, and undertrained staff members. = Criminal Syndicates: Criminal syndicates are groups of individuals or communities that are involved in organized, planned, and prolonged criminal activities. They exploit victims from distinct jurisdictions on the Internet, making them difficult to locate. The main aim of these threat actors is to illegally embezzle money by performing sophisticated cyber-attacks and money-laundering activities. = Organized Hackers: Organized hackers are a group of hackers working together in criminal activities. Such groups are well organized in a hierarchical structure consisting Module 01 Page 14 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 of leaders and workers. The group can also have multiple layers of management. These hackers are miscreants or hardened criminals who do not use their own devices; rather, they use rented devices or botnets and crimeware services to perform various cyberattacks to pilfer money from victims and sell their information to the highest bidder. They can also swindle intellectual property, trade secrets, and marketing plans; covertly penetrate the target network; and remain undetected for long periods. Module 01 Page 15 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.