4 hours 25 minutes
Hi. Welcome to lesson one dot to where we're going to talk about Attackers now the word attack simply means to set upon or work against forcefully.
We talked about vulnerabilities in the previous lesson, and vulnerability is just that. There's no damage that's been done yet. It's just something that's vulnerable to attack. In this lesson, we'll talk about Attackers and Attackers, someone that exploits that vulnerability, somebody that actually takes advantage of the vulnerabilities that we talked about in the previous lessons.
To do damage or to steal something or to act on their motivations.
There are a few different motivations that Attackers have. There's only four different motivation categories we like to look at. The 1st 1 is cybercriminals. Now these are people that are usually financially motivated. You think of things like Ransomware, where they're holding some data for ransom. They want certain amount of money, or Bitcoins or something. In return,
they're usually target individuals or corporations, sometimes one of the other.
It doesn't go either particular way, and they could act as an individual or part of a larger organization like a larger crime syndicate or something, you know, funded organization, where each party has their own specific goals to achieve.
The next motivation type is what we'd like to label hacktivists, and these air those who are usually politically or socially motivated. Usually this group of attacker doesn't like a particular political movement or social movement, and there's there's something that they disagree with on you know, they're morally disagree with,
um they tend to target organisations or authority figures,
and they don't tend to steal data as much as they tend to try to take down a service to whatever that language is that messages that they disagree, what they're trying to take that down by taking the site down or defacing it or removing it or something like that.
The third category is what we call state sponsored, and these are nation states, thes air sponsored by countries. So there's a lot of financial resource is they're very well funded. They're very well organized. They usually target larger organizations like government entities or infrastructure,
and these were going to be the most complicated and complex types of Attackers.
These air. A lot of times a week, you'll hear the term AP ti in the security space, and that was stands for advanced, persistent threat and usually nation states or the types that will conduct a P T activities.
And in the fourth and final category is the insider threat category. Now insider threats can come from both intentional and unintentional sources. Ah, form of intentional source to be, say, a disgruntled employee who's someone's about to quit, and they're gonna steal some data before they leave. Or maybe they got bribed by an outside party. Maybe
maybe an outside government entity said, Hey, we'll give you $10,000 if you still this information for us,
that's an intentional insider threat. Unintentional are things that we previously covered things like the I T administrator subverting that process. And so there they are, unintentionally threatening the organization by subverting the process by going around process and opening themselves up to additional vulnerability.
It could be someone who's just tricked by an outsider. You know, that phishing email that we that we talked about in the previous lesson?
Well, the attacker themselves that sent the email that's an outside source. But the person that is going to click the email like if somebody is very prone to clicking obvious emails, that's a threat That's an entire insider threat, but it's unintentional.
That's it for our attacker motivation section. Next up, we're gonna be lesson one dot to dot to we're gonna talk about the miter attack framework.