Threats

Threats are possible danger that may exploit vulnerabilities present in your system to breach security and cause harm to your system.

Major classification of threats includes

Adversaries are cyber actors (mostly known as hackers) who exploits an organization’s or individual’s vulnerabilities to gain undue advantage.

There are different categories of adversaries such as

  • Script Kiddies: new hackers who target individuals and organizations just for fun activities or being renowned. However, in number of instances such groups/individuals gather different hacking skills and operate as professional hacker(s).
  • Individual adversaries who target victims for financial gain or personal grudge.
  • Adversary group, includes a group of individuals usually with different cyber skills. Such individuals organize themselves together to target individuals, organizations or industry sector. Such groups can further be divided into following based on their end goals.
    • Hacktivists: Adversary group who target organizations for social or political motives. Anonymous.
    • Adversary group with financial motives target organization to monetize their hacking skills wither by demanding ransom in lieu of stolen data or sell sensitive information outside the organization in underground forums. Fin7.
    • Nation-state actors are group of skilled hackers working for government agencies to secure their own networks or penetrate networks of other agencies or nations. Such actor is highly sophisticated and well-sourced due to support from government agencies.
  • APT: Advanced Persistent Threat (APT) are group of cyber actors with highly sophisticated skills to penetrate well secured networks and remain persistent. This group predominantly includes nation state actors due to their strong financial background and cyber skills.  Such actors are capable of covertly conduct cyber espionage activities such as exfiltrating data, manipulating compromised machines or merely monitoring the victim’s activities. E.g.: APT32, APT28, Dragonfly, APT10.

 

Exploit Kits are specific set of online tools that are specially crafted to compromise visitor’s machine by identifying their vulnerabilities. A typical exploit kit leverage compromised legitimate website to redirect visitors to malicious websites. These websites execute scripts on visitor’s machines to check for installed software packages and their versions. These versions are then checked against available exploits (either well known or even 0’days). The final stage includes exploiting these vulnerabilities to drop additional malware payloads, which is typically the monetizing part of exploit kits. Exploit kits are extensively used in malvertising attacks.

E.g.: Angler EK, Rig Ek, Sundown EK

 

Breaches implies to unauthorized access to an organization’s network with intent to exfiltrate data. Such incidents are conducted by adversaries to gain financial advantages (via ransom) or competitive advantage by hampering brand image or financial loss of rival organization. Breaches are also conducted by hacktivists or APT group with intent of gaining sensitive information from victim organization.

Recent data breaches include attacks at Equifax (credit monitoring service) and Deloitte (professional services provider).

 

Vulnerability is a weakness/flaw/misconfiguration in software/network/service which can be leveraged by a potential hacker to gain undue advantage. Vulnerabilities are sometimes properly disclosed by security researchers by providing time to developers for releasing the patches or updated versions of such vulnerable applications. Whereas in several instances these vulnerabilities are discovered by notorious actors who then develops exploit codes to leverage these vulnerabilities for financial gains. A popular term for such vulnerabilities is 0’day vulnerability, which refers to a vulnerability that has not been disclosed publicly thus does not have any patches or workaround to mitigate any attempts to exploit that vulnerability. Vulnerabilities are systematically reported and tracked by organizations/websites such as mitre.org and cvedetails.com.

 

Campaign is a targeted attack against an individual, organization or sector that is usually conducted for a prolonged period. Such attacks campaigns are mostly conducted either by APT groups or other adversary groups to achieve a broader goal or financial gain. Campaigns includes all stages of a cyber-attack (cyber kill-chain) namely reconnaissance, weaponization, delivery, exploitation, installation, command and control and actions on objective (along with maintaining persistence).

 

Malware is a payload (script, application, or code) that is intended to do unwanted/disruptive activities on a computer system. Malware is created by an adversary to gain access to victim’s system, remove victim’s access to his/her system, monitor victim’s activities. Malware can be implanted on victim’s system via several ways such as emails, USB drives, or downloading from internet.