Tactics, Techniques and Procedures (TTPs)
Specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors
Threat Actors
An individual or entity responsible for incidents that impact security and data protection
Unskilled Attackers
Also referred to as Script Kiddies
Hackers with little or no skills and mostly use tools and exploits that are written by others
Motived by a desire for recognition or the thrill of causing disruptions
Hacktivists
Hackers who are driven by a cause like social change, political agendas or terrorism
Generally show a fairly high level of sophistication
Website Defacement, DDoS Attacks, Doxing, Leaking of Sensitive Data
e.g. Anonymous, LulzSec
Organized Cyber Crime Groups
Hackers who are part of a crime group that is well-funded and highly sophisticated
Custom Malware, Ransomware, Sophisticated Phishing Campaigns
They are mostly in it for the financial gains
Data Breaches, Identity Theft, Online Fraud, Ransomware Attack
e.g. FIN7, Carbanak
Nation-state Actors
Groups that are sponsored by a government to conduct cyber operations
False Flag Attack: Attack that appears to originate from a different source or group
APT (Advanced Persistent Threat): Prolonged and targeted cyberattack
Gather Intelligence, Disrupting Critical Infrastructure, Influencing Political Processes
e.g. Stuxnet
Insider Threats
Threats that originate from inside the organization
Can have varying levels of capabilities
Data Theft, Sabotage, Misuse of Access Privileges
Motivated by financial gains, revenge, carelessness
e.g. Edward Snowden, 2020 Twitter Bitcoin Attack