• Attributes: Skill level (script kiddie → advanced), resources (time/money), intent, sophistication
• Motivations: Financial (ransom), Political/ideological (hacktivists), Revenge (disgruntled), Curiosity (hobbyists), Coercion (blackmail), Competition (IP theft)
Threat Actor Types
• Script Kiddies: Low skill, use pre-made tools; loud/noisy attacks
• Hacktivists: Ideological (political/social causes); DDoS, defacement, data leaks
• Nation State / APT: Advanced Persistent Threat; well-funded, stealthy, long-term dwell time, cyberespionage
• Organized Crime: Financially motivated, ransomware-as-a-service (RaaS), professional money laundering
• Competitors: Economic espionage, stealing trade secrets/IPs
• Insiders: Current/former employees; Intentional (theft/sabotage) vs Unintentional (carelessness, phishing victims)
• Attack Surface: Total exposed entry points (ports, users, apps); reduce via hardening
• Vector: Path/method used to penetrate (email, USB, web, network)
Vulnerable Software Threats
• Exploit: Code/tool leveraging a vulnerability
• Commodity Malware: Mass-produced, off-the-shelf (ransomware kits, trojans)
• Legacy Systems: End-of-life OS/software; unpatched, unsupported
• Zero-Day: Exploit unknown to vendor; no patch exists yet (0-day)
Attack Vector Categories
• Network: Internet, WiFi (evil twin), Bluetooth (bluesnarfing), removable media
• Lure-Based: USB drops (baiting), enticing downloads ("Free Software")
• Message-Based: Email (phishing), SMS (smishing), IM, social media
• Supply Chain: Compromised vendor software updates, hardware tampering, third-party breaches
• Purpose: Harvest credentials, install malware, gain physical access, wire transfer fraud
• Impersonation: Pretending to be IT support, police, or executives
• Physical Access: Tailgating (follow authorized person), Piggybacking (authorized person lets you in), dumpster diving
Internal & Shadow IT
• Intentional Insider: Data exfiltration, sabotage, privilege abuse
• Shadow IT: Unauthorized apps/devices bypassing security (unsanctioned cloud storage, personal USBs)
• Unintentional: Misconfigured databases, lost laptops, clicking phishing links
• Phishing: Mass email deception (links/attachments)
• Pharming: DNS poisoning redirects legitimate URL to fake site (no email lure needed)
• Typosquatting: Misspelled domains (goggle.com, paypa1.com) catch typos
• Watering Hole: Compromise legitimate website known to target victims (sit-and-wait)
• BEC (Business Email Compromise): Targeted spear-phishing for wire fraud; CEO fraud, invoice scams
• Influence Campaigns: Nation-state disinformation, fake news, election interference
Quick Distinctions:
– Phishing (broad email net) vs Spear Phishing (targeted individual) vs Whaling (C-suite)
– Zero-Day (unknown flaw) vs Legacy (known but unpatched old system)
– Watering Hole (infected legitimate site) vs Pharming (DNS redirect)