Chapter 5: Threat Actors, Vectors, and Intelligence Sources
Threats
APTs: Advanced Persistent Threats
https://duckduckgo.com/?t=ffab&q=mandiant+apt1&atb=v235-1&ia=web
Insider threats –> The Greatest Threats! p. 79
Threat Actors
State Actors
-
-
-
- APT1: China Cyber Espionage Units (PLA 61398)
- APT28: Russia (Fancy Bear)
- APT34: Iran (Helix Kitten
- APT38: North Korea (Lazarus Group)
-
-
Hacktivists
Script Kiddies
Criminal Syndicates
Hackers
-
-
-
- Authorized (White Hat)
- Unauthorized (Black Hat)
- Semi-Authorized (Gray Hat)
-
-
https://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Fourth/dp/0071832386
Shadow IT
Competitors
Attributes of Actors
Internal vs. External
Level of Sophistication or Capability
Resources and Funding
Intent or Motivation
Motivations for Hacking etc. per CompTIA:
-
-
-
- Maintaining Access
- Remain Undetected
- Steal Something of Value
-
-
Consider a Different List:
-
-
-
- Money (Greed)
- Politics (Hacktivism)
- Revenge
- Extortion
- Business (Competitive Intelligence)
-
-
There are possibly more: https://sectigostore.com/blog/hacker-motivation-why-do-hackers-hack/
Vectors of Attack
Direct Access
Network tap, Bash Bunny etc.
Wireless
Kali apps, deauthors etc.
Supply Chain
Social Media
“I’m an expert with….”
Cloud
Hypervisor traversal, Git repo archives etc.
Threat Intelligence Sources
Thread Intelligence Feeds
https://cybermap.kaspersky.com/
https://www.comptia.org/blog/threat-intelligence-feeds
https://logz.io/blog/open-source-threat-intelligence-feeds/
OSINT
Google Dorks
Google Hacking Database at Exploit-db.com
https://www.exploit-db.com/google-hacking-database
Proprietary
Vulnerability Databases
Information Sharing Centers
The Dark Web
Indicators of Compromise
Study pp. 89 – 90!
Automated Indicator Sharing – AIS
OASIS
STIX
TAXII
Predictive analysis
Threat maps
Code Repositories
Research Sources
Vendor websites
Vuln feeds
Conferences
Journals
RFCs
Local Industry Groups
Social media
Threat feeds
TTPs – Adversary Tactics, Techniques and Procedures