Threat Actors

Total Seminars • 500,000+ Enrollments
A free video tutorial from Total Seminars • 500,000+ Enrollments
Home of Mike Meyers and his Team of IT Certification Pros
4.6 instructor rating • 30 courses • 283,935 students

Lecture description

Mike explains the types of man-made threats that can attack a system.

Learn more from the full course

TOTAL: CompTIA Security+ Certification (SY0-501).

Everything you need to pass the CompTIA Security+ SY0-501 Exam, from Mike Meyers. CompTIA expert and bestselling author.

18:57:19 of on-demand video • Updated March 2020

  • This is a complete and comprehensive CompTIA Security+ Certification (SY0-501) course. It is designed to prepare you to be able to take and pass the exam to become CompTIA Security+ Certified.
  • Once you complete the course, you will have the knowledge and confidence to pass the CompTIA exam AND the skills to be a great IT security tech. This course is ideal as both a study tool and an on-the-job reference.
  • Your new skills and the CompTIA Security+ Certification will help you land a great IT security tech job. Or, if you are already a security tech, get that raise or advancement you are after.
English If we want to talk about evil we need to talk about who are the people the organizations that are actually doing the evil that are doing the attacks to our infrastructures. And that's what this episode is all about. I want to talk about what we call threat actors. These are the people and organizations that actually do the types of attacks. Now for the exam we're going to go through a number of different types of threat actors. But what's important is that we understand what the attributes of all these actors are. So before we go through the actors let's talk about what would be some types of attributes that you might see. First one is that are they going to be internal or are they going to be external? Are they going to be people inside your infrastructure within your organization or are they going to be somebody in a far off country? Second is level of sophistication. It's surprising how much evil a person who is not terribly sophisticated at computing and networking can do to a system. And of course they're also very very sophisticated people out there who could do lots of evil. Along with that is going to be resources, and more importantly funding. In order to do a lot of evil it requires a lot of resources, lots of computers lots of people with lots of skills, and a lot of times, it takes a tremendous amount of money so that also becomes a very strong attribute of different types of threat actors. The next one is going to be what their intent is what's their motivation? We need to think about what type of attribute that threat actor might have in terms of why are they actually doing this and more importantly what is their intention to what are they trying to go for? What's their goal? And then the last one is and this to me I I think it's funny the way CompTIA put this into the objectives. But the last one is going to be use of open source intelligence. Now it wasn't that long ago, Mike Myers coming out old again, that open source intelligence, we're talking about social media, public records, that type of stuff, was not that easy to get to. Today, it's ridiculously easy. I do a lot of work here in the United States with the Department of Justice and also the Department of Defense, and one of the thing that amazes me is that when the good guys are looking to find the bad guy, you know one of the first places they turn to? Facebook. So open source intelligence is also a really really big issue. OK. So now we know what our attributes are. Let's talk about the type of threat actors that you're going to be seeing on the exam. The first one are script kiddies. Script kiddies is a great name because these are people with just a trivial amount of attack knowledge and they use scripts and pre-made tools. They don't really have a lot of sophistication. They're often not very evil. They don't have any intent other than they like to pick locks and they'll come into a system and they'll try to make some attacks. Most cases script kiddies are the types of people who are easily blocked and good firewalling and good basic system controls are always going to keep these people out of your hair. The next one is a hacktivist. Now a hacktivist is someone who has some form of activism that they want to pursue. So intent really comes into play with these guys. A hacktivist is going to be, Oh I'll come up with a theoretical somebody who wants to save the whales, so they're going to go against the fishing industry or something like that. So for a hacktivist the big thing we want to keep in there is what their intent and their motivation is. Next one is organized crime and this is a huge problem out there today. When we're talking about organized crime we're talking about you know we'd like to think about the Mafia and things like that but really what we're talking about is very smart groups of people who are working together in order to mainly more than anything else make money and they can make money in a lot of different ways and organized crime is a big issue. Probably the biggest single threat these days are nation states where an entire country has a job and their job is to have tremendous resources and tremendous sophistication in order to get more often than not intelligence. And while I don't want to name any countries here that is a huge problem today with a lot of countries that have extremely sophisticated tool sets to be able to gather intelligence. One of the big things that these types of organizations go for is what we call advanced persistent threat and APT is nothing more than some form of threat. They get into a system and they stay there. They are always there. It's persistent and that's their big goal they want to hack into a cable and get naval intelligence or they want to connect into a wireless network and get State Department information. So APT is a big issue that really comes into play with nation states. Next is going to be insiders. Insiders is somebody who is inside the company. Now, be careful with this term because when we hear the word insiders you want to think employee. It doesn't always have to be an employee. It could be somebody who is within the infrastructure. It could be the cleaning people. It could be a vendor who's working inside your infrastructure. Basically when we say the word infrastructure we're talking about the actual organization itself and there's a lot of people who may not be employees who are within that infrastructure. Also keep in mind when we're talking about insiders think in terms of do they have user names and passwords for some amount of resource. And if they do you should treat them as an insider. The last one is going to be competitors. Now this may have been a bigger issue maybe 10 or even 15 years ago and it still happens but it's not nearly as much as it used to be mainly because the laws are so onerous today that to have a private organization do some form of threat actor job against another organization is people are going to be walking away in handcuffs so the old adage of you know worrying about the competition while it's still there and I'm not going to say it doesn't exist at all can be a big problem. OK. So we went through the different attributes of actors and we went through all the different types of threat actors that are actually listed on the exam itself. For the exam, just keep in mind as we talk about these different types of threat actors what are the attributes that you would apply to each one of them.