2.2 - Threat Actors

 2.2 - Threat actors 

 

Key Terms 

    • Advanced persistent threat (APT) - A stealthy attack on a network which the hacker gains access to the target and remains undetected for a period of time. 
    • Threat modelling - Analysing the security of an organisation and determining security holes. 
    • White hat – A hacker who uses their skills for defensive purposes only. These hackers only gain access to systems they have been given permission to and are the only legal form of hacker. 
    • Black hat – A hacker who uses their skills for illegal and malicious purposes. 
    • Grey hat – A hacker that hacks systems without permission for semi-good intent and does not cause any damage. For example, they may hack a system and make a company pay them to fix it. This hacking is still unethical and illegal. 
    • Suicide hacker – A hacker that does not care about legality and only intends to take a target down for a cause. 
    • Cyber terrorist – A hacker motivated by religious or political belief who wants to cause severe disruption or fear. 
    • State-sponsored hacker – A hacker employed by a government who attempts to gain information by hacking other country’s systems. 
    • Hacktivist – A hacker whose main purpose is to draw attention to their views or protest an event/situation. One example of a hacktivist group is Anonymous. 
    • Script kiddie – An unskilled hacker who uses tools and scripts developed by real hackers. 

 

Capabilities 

Ethical hackers face lots of problems. Cyber-attacks are now more advanced than ever, and script kiddies can use pre-made software easily to execute basic attacks. Tools such as Maltego, Hashcat, NMAP and Metasploit make it easy enough for anyone to carry out a basic cyber-attack. Ethical hackers also use these tools to test systems however, an ethical hacker learns about how a tool works so they can stay 1 step ahead of anyone else using them for malicious purposes. 

 

APT 

APTs are very sophisticated attacks. They can last for long amounts of time without the hacker being detected. Here is an example of a real APT: 


STUXNET – Stuxnet was an APT worm created by the US government to learn about Iranian infrastructure, most importantly, their uranium enrichment project. Stuxnet targeted machines that were not connected to the internet which mandated the use for a removable media drive injection such as a USB stick. This meant that the US had to have insider workers high in the Iranian infrastructure projects. Once injected, the worm travelled the network searching for devices that used programmable logic controllers (PLCs) which are devices that control manufacturing processes. The virus stole valuable information from the PLCs and even caused damage to uranium enrichment centrifuges. 

 

Motivation 

Hackers are motivated in many ways to execute attacks. They could be motivated by political views, religious beliefs, greed, protest, terrorism, recognition, blackmail and revenge. Black hat hackers can hack into companies and sell stolen data on the dark web for money. 

 

Threat Modelling 

Threat modelling is used to analyse a system’s security and discover weaknesses. There are 5 main questions asked when threat modelling: 

    • What is worth protecting? 
    • From whom do I protect from? 
    • How likely is it that I will need to protect it? 
    • What are the consequences of failure? 
    • How much trouble am I willing to go through to prevent these consequences? 

This will allow ethical hackers to determine which penetration test they should use and what to secure. 

Comments

Post a Comment

Popular posts from this blog

OSA Assignment 1 - Task 3 GUIDE

Image
  OSA Assignment 1 – Task 3 Guide     Exam parameters   Time length – 5 hours (2x 2 ½ sessions)   Marks available – 28     Task 3: Design – Communication Equipment   In this task you are required to submit :   A technical proposal covering the switches, wireless infrastructure and specifications   Justification of planned network architecture and considerations for security, resilience, performance and redundancy   Evidence print screens   Annotated floor plan/network diagram     Technical Proposal   The technical proposal in task 3 follows a similar format as task 2. It's another large document detailing the requirements and recommendations for the company. In task 3, however , it should discuss communication and other digital equipment such as switches, CCTV and APs.   You should recommend multiple hardware solutions and justify between them.   Here are some examples of tables and information ...
Read more

OSA Assignment 1 - Task 1 GUIDE

  OSA Assignment 1 – Task 1 Guide     Exam parameters   Time length – 3 hours   Marks available – 20     Task 1: Planning   In this task you are required to submit :   A project plan   Gantt chart showing th e critical path   Explanation of legal requirements   Physical and digital threat countermeasures   Annotated floor plan     Gantt Chart   The Gantt Chart is the first document you should create. This details each phase of the project alongside the timescale to complete it.   Ensure you make a note of the deadline for the project along with any pre-requisites such as cabling. This should all be implemented into your Gantt Chart.   You can follow a layout like this:   Project:   Pre considerations (Gathering project timescale, risk assessments, ...)   Planning (Devising project plan, identifying budget, ...)   Design (Research hardware, identify topology, ...)   Pre ...
Read more

OSA Summer 2023 Mock - Task 1, Assignment 1

Image
  OSA Summer 2023 Mock – Task 1           Legal requirements   The company must ensure they are compliant with the correct legislation whilst the project is undertaken.   If any person is working at height, the correct safety measures to prevent injury or death must be imposed under The Work at Height Regulations 2005. They must have an appropriate safety harness on and hazardous areas at height should be i dentified in the risk assessment.   By storing data internally on a local file server, the business is responsible for maintaining the confidentiality, availability and integrity of that data. They must comply with The Data Protection Act 2018 and General Data Protection Regulations.   Display screen equipment regulations (DSE) should be considered when installing workstations. Ergonomic and posture-friendly chairs should be installed and employees given appropriate breaks from working around screens.     Data p...
Read more