Lesson 2: Threat Types

Core Concepts

• Vulnerability: Weakness in a system (unpatched software)
• Threat: Potential danger (hacker exploiting vulnerability)
• Risk: Impact × Likelihood of threat occurring

Threat Actor Attributes

Classification:

• Internal/External: Authorized users vs outsiders
• Sophistication: Low (script kiddies) vs High (nation-states)
• Resources: Organized crime (funded) vs hacktivists (ideological)

Motivations:

• Financial: Ransomware, fraud
• Political: Espionage (APT groups)
• Chaotic: Hacktivists (Anonymous)
• Accidental: Insider mistakes

Key Threat Actor Types

Hacktivists

• Ideologically motivated
• Tactics: DDoS attacks, website defacement, data leaks
• Low-budget, volunteer efforts
• Public operations, claim responsibility

Nation-State Actors

• Government-sponsored
• Tactics: Zero-day exploits, APTs, supply chain attacks
• Advanced, stealthy, well-funded
• Avoid attribution, long-term access
• Examples: APT29 (Russian Cozy Bear), APT41 (China)

Organized Crime

• Profit-driven
• Tactics: Ransomware, phishing, cryptojacking
• Financial gain and extortion

Insiders

• Malicious: Revenge, sabotage, data theft
• Negligent: Accidental breaches, shadow IT

Attack Surfaces and Vectors

Attack Surface Components:

• Physical: Unsecured server rooms
• Network: Open ports, weak credentials
• Human: Social engineering
• Software: Zero-day vulnerabilities

Network-Based Vectors:

• Exploits targeting protocols (Bluetooth, DNS, HTTP)
• Misconfigurations (unsecured cloud storage, default credentials)
• MITM attacks (intercepting unencrypted traffic)
• DoS/DDoS (overwhelming with traffic)

Lure-Based Vectors:

• Malicious USB drops
• Trojanized software (fake downloads)
• Malicious documents (Office files with macros)
• Image/PDF exploits

Message-Based Vectors:

• Phishing: Fraudulent emails (fake login pages)
• SMiShing/Vishing: SMS/voice scams
• Social media scams
• BEC (Business Email Compromise): Impersonating executives

Supply Chain Vectors:

• Compromised software updates (SolarWinds)
• Third-party access exploitation
• Hardware tampering

MITRE ATT&CK Framework

• Tactics: Initial access, lateral movement, exfiltration
• Techniques: Spear phishing (T1566), credential dumping (T1003)

Social Engineering Techniques

Core methods:

• Phishing: Fake emails
• Vishing/SMiShing: Voice calls/text scams
• Pretexting: Fabricated scenarios
• BEC: CEO fraud

Human Psychological Vectors:

• Impersonation: Posing as IT staff/vendors
• Urgency: Creating time pressure ("account deleted in 24 hours")
• Authority: Exploiting hierarchical obedience (CEO requesting transfer)
• Familiarity: Using shared interests or casual tone
• Consensus: "Everyone already did this"
• Social Proof: Showing fake testimonials or endorsements