Threat Vectors & Motives
These threat actors are primarily motivated by profit and financial gain.
Who are Cybercriminals
In December 2022, this Toronto hospital was attacked by LockBit, who later apologized and offered a free decryptor.
What is SickKids (The Hospital for Sick Children)
This term refers to any device connected to a network, such as a laptop, smartphone, or smart thermostat.
What is an Endpoint
To protect networks and devices, the checklist suggests using antivirus, anti-malware, and these barriers to block threats.
What are Firewalls
This specific type of threat actor is motivated by ideological reasons rather than money or geopolitics.
Who are Hacktivists
In 2014, the National Research Council suffered a state-sponsored breach attributed to this country.
What is China
This type of "engineering" involves tricking unwitting insiders into putting malware onto their systems, often via phishing.
What is Social Engineering
For access control, it is recommended to use this security measure for all accounts, not just admin ones.
What is Multi-Factor Authentication (MFA)
LockBit operates using this specific business model, which allows "affiliates" to use their malware in attacks.
What is Ransomware-as-a-Service (RaaS)
The 2023 attack on Hydro-Québec, attributed to a pro-Russian group, utilized this specific type of attack vector to take down their website.
What is a DDoS (Distributed Denial of Service) attack
This protective physical separation is used to completely isolate a secure network from unsecured external networks.
What is an "Air Gap"
This access control concept ensures users have only the minimum access necessary to do their jobs.
What is the Principle of Least Privilege
This term describes someone within an organization who, either wittingly or unwittingly, installs malware onto a device.
What is an Insider (or Insider Threat)
The 2020 attack on Trans-Northern Pipelines was carried out by this ransomware group, which also hit the Colonial Pipeline in the U.S.
Who is DarkSide
Guidelines for defending critical infrastructure play a central role in recommending this specific management practice to prevent attackers from gaining access to critical resources.
What is Privileged Access Management
Organizations with remote workers are strongly advised to use this tool to ensure secure remote connections.
What is a VPN (Virtual Private Network)
While thrill-seekers are motivated by satisfaction, this type of threat actor is motivated specifically by "Geopolitical" factors.
Who are Nation-states
According to the presentation, the 2024 Ontario Healthcare ransomware attacks were caused by this specific endpoint failure
What are Compromised Employee Credentials (or Compromised Administrative Accounts)
Digital transformation and the rise of IoT have expanded this conceptual "area," which encompasses all systems and services that can be exploited by malicious actors.
What is the Cyber Threat Surface (or Attack Surface)
This is the maximum window, in hours, to report a cyber security incident to the CSE under the proposed Critical Cyber Systems Protection Act (CCSPA).
What is 72 Hours