Threat Actors

6 minutes
Share the link to this page
You need to purchase the class to view this lesson.
One-time Purchase
List Price:  $139.99
You save:  $40
List Price:  د.إ514.18
You save:  د.إ146.92
List Price:  A$182.11
You save:  A$52.03
List Price:  ৳11,901.15
You save:  ৳3,400.57
List Price:  CA$177.84
You save:  CA$50.81
CHF 89.14
List Price:  CHF 124.80
You save:  CHF 35.66
List Price:  kr862.01
You save:  kr246.30
List Price:  €115.89
You save:  €33.11
List Price:  £103.02
You save:  £29.43
List Price:  HK$1,085.42
You save:  HK$310.14
List Price:  ₹10,242.01
You save:  ₹2,926.50
List Price:  RM565.06
You save:  RM161.46
List Price:  ₦55,462.88
You save:  ₦15,847.67
List Price:  kr1,199.74
You save:  kr342.80
List Price:  NZ$195.88
You save:  NZ$55.97
List Price:  ₱6,726.63
You save:  ₱1,922.03
List Price:  ₨22,557.45
You save:  ₨6,445.44
List Price:  S$186.18
You save:  S$53.20
List Price:  ฿4,211.81
You save:  ฿1,203.46
List Price:  ₺1,046.46
You save:  ₺299.01
List Price:  B$741.01
You save:  B$211.73
List Price:  R2,131.70
You save:  R609.10
List Price:  Лв226.90
You save:  Лв64.83
List Price:  ₩154,585.35
You save:  ₩44,170.40
List Price:  ₪460.36
You save:  ₪131.54
Already have an account? Log In


If we want to talk about evil, we need to talk about who are the people, the organizations that are actually doing the evil that are doing the attacks to our infrastructures. And that's what this episode is all about. I want to talk about what we call threat actors. These are the people in organizations that actually do the types of attacks. Now, for the exam, we're going to go through a number of different types of threat actors. But what's important is that we understand what the attributes of all these actors are.

So before we go through the actors, let's talk about what would be some types of attributes that you might see. First one is that, are they going to be internal? Are they going to be external? Are they going to be people inside your infrastructure within your organization? Or are they going to be somebody in a far off country, second is level of sophistication. It's surprising how much evil a person who is not terribly sophisticated it, computing and networking can do to assist them.

And of course, they're also very, very sophisticated people out there who could do a lot more Have evil, along with that is going to be resources and more importantly, funding. In order to do a lot of evil, it requires a lot of resources, lots of computers, lots of people with lots of skills. And a lot of times it takes a tremendous amount of money. So that also becomes a very strong attribute of different types of threat actors. The next one is going to be what their intent is, what's their motivation? We need to think about what type of attribute that threat actor might have in terms of why are they actually doing this?

And more importantly, what is their intention to what are they trying to go for? What's their goal? And then the last one is, and this to me, I think it's funny the way come to put this into the objectives. But the last one is going to be use of open source intelligence. Now, it wasn't that long ago to Mike Myers. Coming out old again, that open source intelligence and we're talking about social media, public records, that type of stuff was not that easy to get to today.

It's ridiculously easy. I do a lot of work here in the United States with the Department of Justice and also the Department of Defense. And one of the things that amazes me is that when the good guys are looking to find the bad guy, you know, one of the first places they turn to Facebook. So open source intelligence is also a really, really big issue. Okay, so now that we know what our attributes are, let's talk about the type of threat actors that you're going to be seeing on the exam. The first one are script kiddies.

Script kiddies is a great day because these are people with just a trivial amount of attack knowledge, and they use scripts and pre made tools. They don't really have a lot of sophistication. They're often not very evil, they don't have a any intent other than they like to pick locks, and they'll come into a system and they'll try to make some attacks. Most cases script kiddies are the types of people who are easily blocked and good firewalling and good basic system controls are always going to keep these people of your hair. The next one is a hacktivist. Now a hacktivist is someone who has some form of activism that they want to pursue.

So intent really comes into play with these guys. A hacktivist is going to be, oh, I'll come up with a theoretical, somebody who wants to save the whales. So they're going to go against the fishing industry or something like that. So hacktivist the big thing we want to keep in there is, what their intent and their motivation is. Next one is organized crime. And this is a huge problem out there today, when we're talking about organized crime we're talking about, I know, we like to think about the mafia and things like that.

But really what we're talking about is very smart groups of people who are working together in order to mainly more than anything else, make money, and they can make money in a lot of different ways. And organized crime is a big issue. Probably the biggest single threat these days, our nation states where an entire country has a job and their job is to have tremendous resources, and tremendous sophistication in order to get more often than not intelligence. And while I don't want to name any countries here, that is a huge problem today with a lot of countries that have extremely sophisticated tool sets to be able to gather intelligence. What are the big things that these types of organizations go for is what we call advanced persistent threat. And a PT is nothing more than some form of threat.

They get into a system and they stay there. They're always there. It's persistent. And that's their big goal. They want to hack into a cable and get Naval Intelligence or they want to connect into a wireless network and get State Department information. So a PT is a big issue that really comes into play with nation states.

Next is going to be insiders. insiders is somebody who's inside the company. Now be careful with this term. Because when we hear the word insiders you want to think employee, it doesn't always have to be an employee. It could be somebody who is within In the infrastructure, it could be the cleaning people, it could be a vendor who's working inside your infrastructure. Basically, when we say the word infrastructure, we're talking about the actual organization itself.

And there's a lot of people who may not be employees who are within that infrastructure. Also, keep in mind when we're talking about insiders think in terms of, do they have usernames and passwords for some amount of resource, and if they do, you should treat them as an insider. The last one is going to be competitors. Now, this may have been a bigger issue, maybe 10, or even 15 years ago, and it still happens, but it's not nearly as much as it used to be, mainly because the laws are so onerous today that to have a private organization, do some form of threat actor job against another organization, is people are going to be walking away in handcuffs. So the old adage of you know, worrying about the competition, while it's still there, and I'm not going to say it doesn't exist at all can be Big problem.

Okay, so we went through the different attributes of actors, and we went through all the different types of threat actors that are actually listed on the exam itself. For the exam. Just keep in mind as we talk about these different types of threat actors, what are the attributes that you would apply to each one of them

Sign Up


Share with friends, get 20% off
Invite your friends to TabletWise learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.