Lecture on Threat Actors

What is a Threat Actor?

• A threat actor is an entity that causes events affecting the security of others.
• Often known as malicious actors due to their negative impact on security.
• Understanding threat actors helps identify attack motivations and goals.

Characteristics of Threat Actors

• Origin: Inside or outside the organization.
• Resources: Financial capability affecting the scale and sophistication of attacks.
• Sophistication: Varies from using simple scripts to developing advanced tools.
• Motivation: Can include espionage, disruption, revenge, financial gain, etc.

Types of Threat Actors

1. Nation States

• Typically external, representing government or military interests.
• Motivations: Data exfiltration, political/philosophical reasons, service disruption.
• Resources: Extensive, allowing for Advanced Persistent Threats (APTs).
• Example: Stuxnet worm by US and Israel targeting nuclear facilities.

2. Unskilled Attackers

• Known as script kiddies, they use pre-written scripts without understanding them.
• Motivations: Disruption, data theft, often philosophical or political.
• Resources: Limited, usually lack sophistication.

3. Hacktivists

• Politically or philosophically motivated hackers.
• Can be internal or external to the organization.
• Methods: Denial of service, website defacement, data leaks.
• Resources: Limited, though they may fundraise.

4. Insider Threats

• Internal actors with potential access to sensitive information.
• Motivations: Revenge, financial gain.
• Advantage: Familiarity with the organization’s systems.

5. Organized Crime

• Motivated by financial gain.
• Structure: Often corporate, with distinct roles (hackers, data sellers, etc.).
• Resources: Significant funding, often involved in ransomware.

6. Shadow IT

• Internal, bypassing existing IT policies.
• Actions: Unapproved infrastructure and applications.
• Risks: Lack of security awareness and budget misuse.

Summary Table

• Nation State: External, extensive resources, high sophistication.
• Unskilled: External, limited resources, low sophistication.
• Hacktivist: External, moderate resources, political motivations.
• Insider Threat: Internal, medium resources, driven by revenge/financial gain.
• Organized Crime: External, substantial resources, money-driven.
• Shadow IT: Internal, varies in resources, low sophistication.

Conclusion

• Understanding different threat actors helps in adjusting security measures.
• Recognizing motivations aids in tailoring defenses to prevent unauthorized access.