Security + Domain 2
                     #learntor i s
e  
2.1: UNDERSTANDING THREAT ACTORS AND MOTIVATIONS
Nation-State: Government agency gathering 
intelligence
Unskilled Attacker: Teenager using hacking tool
Hacktivists: Group hacking a website
Insider Threat: Employee leaking sensitive data
Organized Crime: Criminal groups deploying 
ransomware
Shadow IT: Employee using unauthorized app
www.infosectra in.com
 
THREAT ACTORS
2.1: UNDERSTANDING THREAT ACTORS AND MOTIVATIONS
Internal/External: Insiders or 
external cyber attackers
Resources/Funding: Self-funded 
hackers to state-sponsored
Level of Sophistication/Capability: Unskilled 
attackers to nation-states
www.infosectra in.com
 
ATTRIBUTES OF ACTORS
2.1: UNDERSTANDING THREAT ACTORS AND MOTIVATIONS
Data Exfiltration: Stealing sensitive information
Espionage: Covert operations for strategic gains
Service Disruption: Disrupting services, like DDoS 
attacks Blackmail: Blackmail: Extortion using 
stolen data Financial Gain: Cybercrime for 
monetary benefits
Philosophical/Political Beliefs:Ideologically driven 
actions, hacktivism
Ethical: Exposing wrongdoing for advocacy
Revenge: Retaliation or personal vendetta
Disruption/Chaos: Causing chaos without specific 
goals
War: Cyber warfare strategies
www.infosectra in.com
 
MOTIVATIONS OF THREAT ACTORS
2.2: COMMON THREAT VECTORS AND ATTACK SURFACES
Email: Phishing 
mimicking legitimate 
entities
SMS: Smishing 
Message-
attacks via text 
based
messages
Instant Messaging: 
Malware through 
Image-based (Steganogmraepsshayg):in Cgo ldinek hsidden in images
File-based (Documents/PDFs): Malware in files activated 
on access
Voice Call (Vishing): Fraudulent calls for information
Removable Device (USB Drives): Malware transfer via 
USB drives
Vulnerable Software: Exploits in outdated 
applications
Unsecure Networks: Open Wi-Fi, unsecured 
Bluetooth, and physical network vulnerabilities
Open Service Ports (FTP Ports): Exploited open 
ports for malware
Default Credentials: Default usernames/passwords 
exploited
Supply Chain: Attacks on vendors and suppliers
www.infosectra in.com
 
THREAT VECTORS
2.2: COMMON THREAT VECTORS AND ATTACK SURFACES
ATTACK SURFACES
Phishing/Vishing/Smishing: Deceptive 
methods exploiting psychology
Misinformation/Disinformation: Manipulating 
with false information
Impersonation: Pretending to be someone else
Business Email Compromise (BEC): 
Impersonating email for fraud
Pretexting: Fabricated scenarios for 
information
Watering Hole: Infecting commonly visited 
sites
Brand Impersonation: Mimicking brands to 
mislead
Typosquatting: Exploiting typos for 
www. infosectra in.com
 redirection
HUMAN VECTORS/SOCIAL ENGINEERING
2.3: TYPES OF VULNERABILITIES
SQL 
Application Injection
Vulnerabiliti XSS
es Insecure Direct Object 
References
Memory 
Memory & Injection
Buffer 
Issues Buffer Overflow
Time-of-Check (TOC): State 
changes after checking
Race 
Conditions Time-of-Use (TOU): Status 
changes before utilization
Malicious Updates: Compromised software updates
Web-Based: Security weaknesses in web apps
SQL Injection: Manipulates SQL queries
Cross-Site Scripting (XSS): Injects malicious scripts
Firmware: Firmware: Outdated 
firmware risks
Hardware
End-of-Life/Legacy: Unsupported 
hardware vulnerabilities
Virtualization: Escape VM to host system
Cloud-Specific: Misconfigurations, insecure APIs, shared 
risks
www.infosectra in.com
 
TYPES OF VULNERABILITIES
2.3: TYPES OF VULNERABILITIES
Supply Chain: Vulnerabilities insupply 
network
Cryptographic Weaknesses:Use of weak 
algorithms or keys
Misconfiguration: Incorrect system or network 
settings
Mobile Device Vulnerabilities: Risks in mobile 
devices
Zero-Day: Unknown, exploited vulnerabilities
www.infosectra in.com
 
TYPES OF VULNERABILITIES
2.4: INDICATORS OF MALICIOUS ACTIVITY
Malware Attacks: Malicious 
software compromising systems
Physical Attacks: Direct physical access attempts
DDoS (Distributed Denial-of-Service):
Overloading services with traffic
DNS Attacks: Manipulating domain 
name resolutions
Wireless Attacks: Exploiting wireless 
network vulnerabilities
Networ
k 
Attack
s
Man-in-the-Middle Attacks: 
Intercepting communication 
between parties
Credential Replay: Reusing 
captured authentication 
credentials
www.infosectra in.com
 Malicious Code: Injecting 
harmful scripts/code
MALICIOUS ACTIVITY INDICATORS
2.4: INDICATORS OF MALICIOUS ACTIVITY
Injection: Injecting malicious input 
data
Buffer Overflow: 
Overloading memory 
buffers
Applicati
Replay: Reusing valid data 
on 
transmissions
Attacks
Privilege Escalation: Gaining 
unauthorized access levels
Forgery: Forgery: Faking data or 
identities
Cryptographic Attacks: Breaking 
encryption to steal data
Password Attacks: Exploiting weak or 
stolen passwords
Indicators of Malicious Activities: Signs of 
harmful actions
www.infosectra in.com
 
MALICIOUS ACTIVITY INDICATORS
2.5 MITIGATION TECHNIQUES USED TO SECURE 
THE ENTERPRISE
Segmentation: Divide network into 
segments
Application Allow List: Permit 
specific
Acces applications only
s 
Contr Isolation: Separate systems for 
ol security
Patching: Update software to fix vulnerabilities
Monitoring: Track activities for 
anomalies
Least Privilege: Minimum access necessary principle
Configuration Enforcement: Ensure consistent settings 
compliance
Decommissioning: Retire outdated systems securely
www.infosectra in.com
 
MITIGATION TECHNIQUES
2.5 MITIGATION TECHNIQUES USED TO SECURE 
THE ENTERPRISE
Encryption: Secure data through 
encryption
Default Password Change: Replace factory-set 
passwords
Installation of Endpoint Protection: Install security 
software on devices
Host-based Firewall: Protect devices with firewalls
Host-based Intrusion Prevention System: Prevent 
attacks on individual hosts
Disabling Ports/Protocols: Turn off unused 
ports/protocols
www.infosectra in.com
 
HARDENING TECHNIQUES
FOUND THIS 
USEFUL?
To Get More Through Our 
Insights FREE
Courses | Workshops | eBooks | Checklists | Mock Tests
LIKE SHARE FOLLOW