Threat Actor Attack Vectors
To conduct an effective security assessment, you should be able to explain the strategies of both defense and attack. Your responsibilities may primarily be to defend assets, but to do so you must be able to explain the tactics and techniques used by those who cause you risk, and you must also be able to distinguish the types and capabilities of actors (Threat Actors) Because the threat landscape is constantly evolving, you should also be able to identify reliable sources to detect security threats that professionals detect daily.
Vulnerability, Threat, and Risk
As part of security assessment and monitoring, the team must ensure that it identifies ways in which systems can be attacked. These assessments involve vulnerabilities, threats, and risks.
Vulnerability: It is a weakness that can be accidentally operated but is deliberately exploited. Examples include the weakest devices or incorrectly installed software, failure to properly set them up, lack of protective devices such as Firewall in the right place on the network or what incorrect network design means, as well as the use of unsecured communications protocols. Use old operating systems such as Windows 7 (End of Support, End of update).
Threat: The term referring to any threat to an enterprise, the threat is the possibility of a person exploiting a weakness and causing a security breach, whether intentional or unintentional. People or objects that cause threat are called threat actors or threat agents. The method, strategy, or tool used by threat actors calls a threat vector (Attack Vector).
Risk: is the scope of the threat effect. For example, if there is a weakness (Vulnerability), and it is exploited here, we say there is a threat, but if the data is leaked, for example here, we say there is a risk. Risk is classified as a threat force. Another scenario must be vulnerability, and it must be exploited in addition to its impact, in order to say that there is a risk and action must be taken.
Attributes of Threat Actors
In fact, there are multiple types of threat actors that you once knew as hackers, but now you know that anyone who can cause you a threat called Threat Actor or Threat agent as a security-level specialist should have the ability to know the threat actor's ratings, analysis, and motivations that enable them to carry out attacks on institutions in general.
Threat actors Internal/External
External Threat Actor: It is these people who cause the enterprise to be threatened from abroad, and although they do not have permission to access the target system, they have some strategies they are trying to analyze for the target system (network topology). These strategies are used until all (security control) is known on the network and third-party hackers must infiltrate using malware or social engineering for example or a security vulnerability detected on the network or target system during the survey phase.
Internal Threat Actor: Unlike the external threat representative, it is these people who have been granted powers over the system, and this includes some of the company's accounts as well. Because it has access to the system and the more skilled it is in terms of damage, the greater the damage to the enterprise. Often, the employee's motivation is.
Threat Actors Intent/Motivation
Despite all types of Threat actors, they all have intentions and motives. Which enables them to carry out damage on companies and describe the intention here what the attacker hopes to verify from the attack, The motive is why the attacker committed the attack, and the motive can be greed, covid, or any kind of grievance or curiosity and the intention may be to sabotage and disrupt the system.
Although there are different types of cyberattacks, they are all divided into two parts of an organized attack and a disorderly attack. It is often an organized attack by professionals, meaning that the likelihood of harm to the company is greater and often a disorderly attack by children, for example, but in the latter they all have motives and intentions.
Hackers, Script Kiddies, and Hacktivists
Hacker was originally described as someone who has the ability to handle computer systems and software aggressively because I have the ability to enter those systems in an unusual way. Hacker is a neutral term for a user who excelled in computer system management and computer programming. The hack into operating systems demonstrates the technical skills and creativity that have gradually become associated with illegal and malicious violations of companies and institutions for material profit.
To fully assess intent and capacity, it would be useful to identify different categories of actors under threat.
Black Hat Hacker: They are people with the same abilities as well, but they work illegally for the purpose of stealing money and sabotaging the corporate economy.
White Hat Hacker: They have the same skills in dealing with different systems and software, but they work legally for the purpose of detecting and closing security gaps before someone can manage those security gaps.
Grey Hat Hacker: He is the broker of the two means that he is not in the right legal form, not in the illegal right, and they often earn the prize money by the companies or (Bug bounty).
Script Kiddies: It is the child who uses electronic hacking tools without understanding how they work and what methods or strategies he should know briefly. They're people who don't have any skills. Except for the cyberattack scenario they witness on different platforms such as YouTube for example, the motivation may be to prove ability or satisfy desire.
Hacker Teams and Hacktivists
The historical image of hackers is the only person who does not have funding and is also infected with loneliness and calls this person “Lone Hacker.” This name refers to hackers who work individually, which is also a danger, but the great risk lies with pirates who work collectively or a team because they can develop new strategies as well as the ability to develop tools at will.
Groups like WikiLeaks, LulzSec and Anonymous often target companies for political purposes and hackers may try to leak and disseminate information to the public. Political companies confirm that they are most exposed to this or even carry out cyberattacks such as DoS service gratification attack and can be the two most frequent executory attacks of these groups.
State Actors and Advanced Persistent Threats
(APT) Threat: This form of groups is sponsored by countries such as Russia, China, and many others. These groups are mainly targeted for political purposes and for the government institutions of the adversarial countries, and have the capacity to develop the attack for months and years and to remain in the hacked organs for a long time.
State Actors: They are sadly subordinate to governments and, although they are far from the national government, the security apparatus or the military, they are likely to pretend to be independent groups or even pirates waging false flag brands to implicate other countries, but ultimately they are mainly state affiliated and supported. They were involved in cyberattacks on infrastructure in countries such as power plant systems, health, water purification plants and many other cyberattacks affecting target countries' infrastructure.
Insider Threat Actors Criminal Syndicates and Competitors
Criminal Syndicates-Organized Crime: Cybercrime exceeds the first crime in terms of loss and number of accidents. Organized crime refers to a group of criminals who work together to commit crimes and for financial profit. These gangsters might be well organized.
Competitors: Competitors may also be those who pose a risk to the company, and such attacks may aim to disrupt or steal a competitor's business or even damage a competitor's reputation.
Insider Threat Actors: We talked about external actors because all of them don't have permissions on the system, unlike company employees who have partial access to the system. Internal threat is a security risk arising from within the target company. The actual threat can be a current or former employee or business partner with access to premium accounts or sensitive information. An employee may have been hired from a competitor of a company or any other party.
Attack Surface and Attack Vectors
Attack Surface: The surface of an attack is defined as the total number of all possible entry points in an unauthorized manner and to assess the surface of the attack on you by thinking about the representative of the threat Is it from within the company or from the outside And the surface of the attack can be a digital or physical process including websites, servers, apps, protocols, and ports.
Attack Vector: is the method, strategy, or tool used by the threat actor until the system is accessed. In most cases, access means running the code is harmful on the target. This code can be received directly or via social platforms and others. Let's mention some ways in which malicious code can be transferred to the company.
Direct access: Direct transfer is the malicious code transfer process directly. The attacker can sequence to the company and implant USB, for example, and other similar strategies.
Removable media: The attacker often hides malware in a disk drive, USB or internal memory card and tries to trick employees into connecting those media to one of the company's devices.
Email: The attacker sends a malicious file via email or any other communication system and the attacker needs to use social engineering techniques to persuade the user to open and operate the file.
Web and social media: An attacker can hide malware in files attached to social media posts, and can also hack into websites and integrate malicious codes that infect all visitors to the site. Social media can also be used to promote social engineering and malware deployment.
Remote and wireless: The attacker can also control the system remotely. This is due to weaknesses in the system that cause the attacker to enter the system. This includes the Wireless system.