Cyber Threat Landscape

This chapter will cover the cyber threat landscape, ranging from the possible attack vectors used by attackers to the type of attackers there are

Different Hats

Threat Actors

Threat Actors:

Hacktivist

Script kiddies

Nation state

Advance persistent threats

Insiders

Terrorists

Criminal syndicates

Competitors

Attack Vectors

Email and Social Media

A lot of information can be scraped from social media

emails are a key part of phishing attacks and are very common 

Direct Access

An attacker may try to get access to the network by physically connecting to it on site or using an unmanned computer terminal

Wireless Networks

An attacker can sit in the car park and try to access the wifi network if its unsecure its an easy way in

Removable Media

An attacker may scatter Usbs in the car park loaded with malware , the intent is for an employee to plug it into their work laptop and spread the malware

Cloud

Cloud services can be used as an attack vector, attackers routinely scan popular cloud services for files with unconfigure access controls, systems which have security flaws, or accidently published api keys and passwords

Third Party

An attacker may attempt to tamper with an organisations IT supply chain and load back doors onto the devices before the end user receives the device

This should be monitored heavily regarding outside code development, cloud data storage and integration between internal and external systems