Cyber Security

Threat Actors/Threat Agents

(Lecture -3)
BY: NAVEED HUSAIN
MS INFORMATION SECURITY | NUST
CERTIFIED ETHICAL HACKER (CEH) | EC-COUNCIL (ANSI ACCREDITED)
IT SUPPORT SPECIALIST | GOOGLE
PROJECT MANAGEMENT | GOOGLE
LECTURER
DEPARTMENT OF INFORMATICS & SYSTEMS (SST)
UNIVERSITY OF MANAGEMENT AND TECHNOLOGY
EMAIL: NAVEED.HUSAIN@UMT.EDU.PK
Agenda

 Who Are the Threat Actors?

 Threat actor is a generic term used to describe individuals who launch attacks
against other users and their computers (another generic word is simply
attackers).
 Many threat actors belong to organized gangs of young attackers, often
clustered in Eastern European, Asian, and Third World regions, who meet in
hidden online dark web forums to trade information, buy and sell stolen data
and attacker tools, and even coordinate attacks.

 Explain threat actor types and attributes.

Con..
Who Are the Threat Actors?

1. Script Kiddies
2. Hactivists
3. Nation State Actors
4. Insiders
5. Other Threat Actors
5.1. Competitors, Organized crime, Brokers, Cyberterrorists
1. Script Kiddies

 Script kiddies are individuals who want to attack computers yet they lack
the knowledge of computers and networks needed to do so.

 Script kiddies instead do their work by downloading freely available

automated attack software (called open-source intelligence or scripts)
from websites and using it to perform malicious acts.

 Over 40 percent of attacks require low or no skills and are frequently

conducted by script kiddies.
2. Hactivists

 A group that is strongly motivated by ideology (for the sake of their principles or beliefs) is
hactivists. Hactivists (a combination of the words hack and activism) are generally not
considered to be a well-defined and well-organized group of threat agents.

 In addition to attacks as a means of protest or to promote a political agenda, other attacks

can be retaliatory. For example, hactivists may disable the website belonging to a bank
because that bank stopped accepting online payments that were deposited into accounts
belonging to the hactivists.

 It is estimated that there are thousands of hacktivist groups worldwide supporting a wide
variety of causes. Some groups are opposing a specific government, country, or other entity,
while others express no particular allegiances.
3. Nation State Actors

 Instead of using an army to march across the battlefield to strike an adversary,

governments are increasingly employing their own using state-sponsored
attackers for launching computer attacks against their foes. These are known as
nation state actors.
 Their foes may be foreign governments or even citizens of its own nation that the
government considers hostile or threatening.
 Nation state actors are known for being well-resourced and highly trained
attackers.
 This has created a new class of attacks called Advanced Persistent Threat (APT).
These attacks use innovative attack tools (advanced) and once a system is
infected it silently extracts data over an extended period (persistent). APTs are
most commonly associated with nation state actors.
4. Insiders

 Another serious threat to an enterprise comes from its own employees,

contractors, and business partners, called insiders.

 In one study, it was determined that 58 percent of the breaches of an

enterprise were attributed to insiders who abused their right to access
corporate information.

 These attacks are harder to recognize because they come from within the
enterprise yet may be costlier than attacks from the outside.
5. Other Threat Actors

 This is where security controls are put in place to protect the business’s
network.

 The goal is to prevent unauthorized access to the network.

 It is crucial to regularly update all systems on the business network with the
necessary security patches, including encryption.

 It’s always best to disable unused interfaces to further guard against any
threats