Posted on by Glenn

Security+ SY0-601: 1.5: Threat Actors, Vectors, and Intelligence Sources

This entry is part 9 of 47 in the series [ Security+ SY0-601 ]

[ Security+ SY0-601 ]

Chapter 5: Threat Actors, Vectors, and Intelligence Sources

Threats

APTs: Advanced Persistent Threats

https://duckduckgo.com/?t=ffab&q=mandiant+apt1&atb=v235-1&ia=web

Insider threats –> The Greatest Threats! p. 79

Threat Actors

State Actors

        • APT1: China Cyber Espionage Units (PLA 61398)
        • APT28: Russia (Fancy Bear)
        • APT34: Iran (Helix Kitten
        • APT38: North Korea (Lazarus Group)

Hacktivists

Script Kiddies

Criminal Syndicates

Hackers

        • Authorized (White Hat)
        • Unauthorized (Black Hat)
        • Semi-Authorized (Gray Hat)

https://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Fourth/dp/0071832386

Shadow IT

Competitors

Info
You will, for certain, be asked to identify different types of Actors. Drill on this list hard.

Attributes of Actors

Internal vs. External

Level of Sophistication or Capability

Resources and Funding

Intent or Motivation

Motivations for Hacking etc. per CompTIA:

        1. Maintaining Access
        2. Remain Undetected
        3. Steal Something of Value

Consider a Different List:

        1. Money (Greed)
        2. Politics (Hacktivism)
        3. Revenge
        4. Extortion
        5. Business (Competitive Intelligence)

There are possibly more: https://sectigostore.com/blog/hacker-motivation-why-do-hackers-hack/

Info
You will, for certain, be asked to identify different Attributes of Actors: Resources, Sophistication, Location and Motivation

Vectors of Attack

Direct Access

Network tap, Bash Bunny etc.

Wireless

Kali apps, deauthors etc.

Email

Supply Chain

Social Media

“I’m an expert with….”

Cloud

Hypervisor traversal, Git repo archives etc.

Threat Intelligence Sources

Thread Intelligence Feeds

https://cybermap.kaspersky.com/

https://www.comptia.org/blog/threat-intelligence-feeds

https://logz.io/blog/open-source-threat-intelligence-feeds/

OSINT

Google Dorks

Google Hacking Database at Exploit-db.com

https://www.exploit-db.com/google-hacking-database

Proprietary

Vulnerability Databases

Information Sharing Centers

The Dark Web

Indicators of Compromise

Study pp. 89 – 90!

Automated Indicator Sharing – AIS

OASIS

STIX

TAXII

Predictive analysis

Threat maps

Code Repositories

Research Sources

Vendor websites

Vuln feeds

Conferences

Journals

RFCs

Local Industry Groups

Social media

Threat feeds

TTPs – Adversary Tactics, Techniques and Procedures

Series Navigation<< Security+ SY0-601: 1.4: Network Attack IndicatorsSecurity+ SY0-601: 1.6: Vulnerabilities >>