Types of Threat Actors
More technically competent than script kiddies; account for 8-12% of malicious Internet activity. Work together for a “common cause”
Hacktivist
posing as a trusted source, attempt to deliver malicious payload or get personal/sensitive info using bait.
Phishing
Code that runs on a computer without the users knowledge and infects the computer when the code is accessed and executed
Virus
Device that allows device charging but prevents transfer of data.
USB Blocker
The process of changing an IP address while it is in transit across a router. Often used so one larger address space (private) can be remapped to another address space or single IP.
Network Address Translation (NAT)
Not highly technical, but are savvy enough to run scripts written by others
Script Kiddie
Targeting a particular user or group
Spear Phishing
Malware that imitate a trusted program
Trojan
Considered the "gold standard" of data destruction.
Burning
Network device that is a one stop shop for security, normally located on edge of the network to manage traffic in and out of that network
Unified Threat Management (UTM)
Very patient – willing to wait for the right situation and opportunity to attack “low and slow” using Advanced Persistent Threats
Nation States
Following someone through a limited entry door
Tailgating
Allows attacker to record system configuration and user actions. Key logging, screenshots, remote logging.etc
Spyware
Type of industrial monitoring device that uses real-time to monitor things like gas lines, nuclear power plant conditions, or municipal water systems.
SCADA (Supervisory Control and Data Acquisition)
Acts as a VPN endpoint, providing a method of managing multiple separate VPN conversations, each isolated from the others and converting each encrypted stream to its unencrypted, plaintext form, on the network
VPN concentrator
Operate across legal jurisdiction and motivated by criminal profit
Organized Crime
Infected website used to infect other systems simply by visiting the website
Watering Hole
A self-spreading malware that exploit system and application vulnerabilities to move between systems and require no user interaction to exploit a system
Worm
By passing the App store on iOS device in order to run apps not approved
Jailbreaking
Network device that identifies and responds to threats immediately
Network Intrusion Prevention System (NIPS)
A person who Had or has had authorized access to company network that uses sabotage for financial gain or business advantage
Malicious Insider Threat
Spam that is done over instant messaging
SPIM
Malicious program that executes during boot-up and replaces key system files and utilities.
Root Kit
LDAPS port number
389
Hardware device that manages or stores encryption keys and can assist with encryption, hashing, or application of digital signatures.
Hardware Security Module