Lecture Notes: Understanding Threat Actors

Introduction to Threat Actors

• Definition: A threat actor is an entity causing an event impacting others' security, often referred to as malicious actors.
• Importance: Understanding threat actors helps in identifying why an attack is happening and what the attacker's goals are.

Characteristics of Threat Actors

• Origin: Can be internal (within organization) or external (outside organization).
• Resources: Vary from limited to extensive financial funding or resources.
• Sophistication Level: Can be unsophisticated (e.g., script kiddies) to highly sophisticated (e.g., government-backed).

Motivations of Threat Actors

• Data Exfiltration: Gaining unauthorized access to information.
• Service Disruption: Disrupting services to affect the organization or its customers.
• Espionage: Competitors seeking strategic advantage.

Types of Threat Actors

1. Nation-State Actors

• Characteristics: Usually external, backed by government resources.
• Motivations: Data exfiltration, philosophical or political reasons, service disruption, or initiating conflicts.
• Example: Advanced Persistent Threats (APTs), Stuxnet worm by the USA and Israel.

2. Unskilled Attackers

• Characteristics: Run scripts without understanding the underlying technology.
• Motivations: Disruption for pleasure, data exfiltration, political/philosophical reasons.
• Resources: Limited; use readily available scripts.

3. Hacktivists

• Characteristics: Technologically sophisticated, often outside the organization.
• Motivations: Political/philosophical disruption, denial of service, website defacement.
• Resources: Limited, but can raise funds for activism.

4. Insider Threats

• Characteristics: Internal actors, difficult to detect and prevent.
• Motivations: Revenge, financial gain, or organizational damage.
• Sophistication: Medium; exploit internal knowledge of data and security controls.

5. Organized Crime

• Characteristics: Motivated by profit, sophisticated with structured operations.
• Motivations: Financial profit through attacks like ransomware.
• Resources: Extensive, with organized roles and customer support.

6. Shadow IT

• Characteristics: Internal departments bypassing IT protocols.
• Motivations: Efficiency, autonomy, frustration with existing IT policies.
• Resources: Limited budget but can build infrastructure via cloud services.

Summary of Threat Actors

• External Threats: Nation states, unskilled attackers, hacktivists, organized crime.
• Internal Threats: Insider threats, Shadow IT.
• Resource Availability: Varies from extensive (nation states, organized crime) to limited (unskilled, Shadow IT).
• Sophistication Level: High (nation states, organized crime) to low (unskilled, Shadow IT).
• Motivations: Include political aims, financial gain, service disruption, and data theft.

Conclusion

• Understanding motivations and resources of threat actors helps in tailoring security measures to prevent attacks.