Threat Actors

Threat / Threat Actor

  • A potential occurrence that can result in an undesirable outcome.
  • A person or thing likely to cause damage or danger.
  • A threat actor is a person or entity that is responsible for an event or incident that impacts, or has the potential to impact, the safety or security of another entity.

Types of Threat Actors

  • Script Kiddies - A derogatory term for people who use hacking techniques but have limited skills. Often such attackers may rely almost entirely on automated tools they download from the Internet.
  • Hacktivist - A person who uses hacking techniques to accomplish some activist or political goal. Usually seeking to deface websites.
  • Insiders - Internal employees seeking to cause damage to their organization.
  • Organized Crime - Organized groups seeking to steal money, identities, or corporate secrets.
  • Competitors - Outside organizations seeking to commit corporate espionage for financial or market gain.
  • Nation States - Countries sponsoring illegal or fraudulent actions.
  • APT - Advanced Persistent Threat - An attack in which unauthorized persons gain access to a network using advanced exploitation techniques and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organization.

Deep Web / Dark Web

  • Deep Web - Anything on the internet that a search engine can't find.
  • Dark Web - A part of the deep web internet that is only accessible by means of special software (TOR), allowing users and website operators to remain anonymous or untraceable.
  • Dark Web Market - A part of the Dark Web often illegally selling goods, merchandise, data/information, or services.

Open-Source Intelligence (OSINT)

  • Open Source - Any info that is readily available to anyone, such as newspapers or news sites.
  • Intelligence - The collection of information of military, political, organizational, or financial value.
  • Websites and tools that allow you to gather information on current threats or specific security issues:

Attributes of Threat Actors

  • Internal/External
    • Access
  • Level of Sophistication
    • Knowledge
  • Intent/Motivation
  • Resources/Funding
--