Understanding external adversaries_Cybersecurity Attacks：Red Team Strategies-QQ阅读男生玄幻网

书名：Cybersecurity Attacks：Red Team Strategies
作者名：Johann Rehberger
本章字数：96字
更新时间：2024-12-21 01:41:29

Modeling the adversary

One of the core responsibilities of an offensive security team is to strategically model adversaries and threats that the organization faces. The program should be a direct contributor to the risk management process. At a high level, one might distinguish between external and internal adversaries, although the majority of the likely objectives for malicious activities have some form of external motivation. For instance, an internal employee might be blackmailed by a government agency to exfiltrate records from the customer databases. Even though this is seen as classic insider activity, the actual entity behind the scheme is external.

Understanding external adversaries

This is an actor or threat that originates and operates entirely from the outside of an organization. A typical example is a script kiddie or a nation-state that attempts to breach the perimeter of the organization. This adversary will focus on the attack surface of the organization, which includes systems and services exposed on the internet, as well as physical threats and the physical perimeters of the organization. External adversaries include threat actors such as the following:

Script kiddies
Hacktivists
Criminals
Espionage
Nation-states

Typically, these actors are classified based on sophistication and intent.

Considering insider threats

Another threat actor is someone that is already inside the organization. This could possibly be a disgruntled employee who is out for revenge, for instance. It could also be that an employee is being blackmailed to steal source code or intellectual property from the organization (so the employee is indirectly targeted by one of the external threat actors described previously).

This threat actor is a good place to start for a typical red team operation, as it should be assumed that the adversary is already within the boundaries of the organization.

Other insider threats to consider are basic human errors or accidents that might occur during operations.

Motivating factors

Threat actors are driven by a set of motivating factors. An offensive security team analyzes and attempts to embrace them in their thinking to identify what objectives the adversary might be after. The motivations for an adversary might be related to the following:

Financial gain
Intelligence-gathering and espionage
Opportunistic hacking
Self-fulfillment
Research and learning
Demonstration of power