Security+ Module 2 Threat Actor Types and Strategies

Overview

This lecture covers the comparison of threat actor types, their motivations, common threat vectors, and attack surfaces, with a focus on how attackers exploit human and technical weaknesses in cybersecurity.

Threat Actors: Concepts & Types

Vulnerability is a weakness that can be accidentally triggered or intentionally exploited.
Threat is the potential for someone or something to exploit a vulnerability.
Risk is the hazard posed when threat and vulnerability combine.
Threat actors can be internal (employees, contractors) or external (hackers outside the organization).
Internal threats already have some authorized access, making them risky.
External threats must bypass security measures to gain access.
Threat actors are categorized by capability: low (using common tools), high (creating new tools), and organized groups.
Nation-state actors work for governments, often in military or espionage roles.
Organized crime groups target for financial gain, often spanning jurisdictions.
Competitors might engage in cyber espionage for business advantage.

Motivations & Strategies of Threat Actors

Motivations include greed, curiosity, revenge, political change, or chaos.
Attacks may aim for service disruption, data exfiltration, or spreading disinformation.
Financial motives lead to blackmail, extortion, and fraud.
Politically motivated acts can be for activism, espionage, or destabilization.

Threat Vectors & Attack Surface

Attack surface includes all possible points a threat actor can target (users, apps, networks).
Reducing attack surface involves limiting access points and patching vulnerabilities.
Threat vectors are the paths used to execute attacks, such as software faults, outdated systems, insecure networks, and open service ports.
Vulnerable software and networks are common entry points.
Lure-based vectors trick users into running malicious files or opening attachments.
Message-based vectors use email, SMS, instant messaging, and social media.

Attack Surface in the Supply Chain

Supply chain attacks target organizations via their partners, vendors, or service providers.
Risk grows with each link in the chain, including hardware, software, delivery, and outsourced services.

Social Engineering & Human Vectors

Social engineering manipulates people into giving up information or access.
Techniques include impersonation, pretexting, phishing (email), vishing (voice), and smishing (SMS).
Pretexting uses carefully crafted stories to build trust or urgency.
Dumpster diving (examining trash for information) supports social engineering.

Advanced Threats & Email Compromise

Business Email Compromise (BEC) targets executives to impersonate them internally.
Targeted phishing (spear phishing, whaling) focuses on high-value individuals.
Watering hole attacks compromise third-party sites visited by targets.

Key Terms & Definitions

Vulnerability — a weakness that can be exploited.
Threat — the potential for exploitation of a vulnerability.
Risk — the hazard resulting from a threat exploiting a vulnerability.
Internal Threat — an insider with (or having had) authorized access.
External Threat — attacker with no prior access seeking entry.
Nation-State Actor — hacker group employed by a government.
Advanced Persistent Threat (APT) — ongoing, sophisticated attacks to maintain access.
Attack Surface — all possible points where an attack can occur.
Threat Vector — path or method used to gain unauthorized access.
Social Engineering — tricking individuals into giving up information or access.
Phishing — fraudulent attempts to obtain sensitive info, often via email.
BEC (Business Email Compromise) — impersonating a business executive for fraud.

Action Items / Next Steps

Review any weak policies or outdated software in your organization.
Ensure password, access, and physical security policies are current and enforced.
Conduct training sessions to improve security awareness among all users.
Read about common social engineering and phishing techniques before the next module.