Security+: How to Explain Threat Actor Types and Attributes


One of the roles of information security professionals is to defend their organization’s systems and data proactively. As with any defensive strategy, this requires knowing the adversary’s tactics and motivations. CompTIA’s Security + exam is designed to test candidates’ understanding of the main types of threat actors and their characteristics.

While the monetary gain is the primary incentive for most cybercriminals, not all threat actors are motivated financially. Some are engaged in political or commercial espionage, others may have a social or political agenda, yet others may be hunting for vulnerabilities, so they can make a name for themselves. Some of the attributes that distinguish the different types include their level of sophistication and the resources they have for carrying out attacks.

Nation-State Actors

Actors sponsored by nation-states are characterized by a high level of sophistication and resources. They’re capable of carrying out large-scale attacks as well as advanced persistent threats (APTs), which are stealthy attacks whose purpose is to maintain a presence in the network for an extensive period of time, typically to collect targeted types of data. APTs can move laterally through a network and blend in with regular traffic — one of the reasons they can go undetected for months and years and inflict a high degree of damage to an organization.

Nation-state actors focus on several attack vectors simultaneously and exploit a number of vulnerabilities. In recent years, many high-profile attacks have been attributed to nation-state actors.

Some countries use these sophisticated players to fund their regime. But more typically, nation-state actors are not motivated by direct financial gain. Their reasons may lie in national security, political espionage, military intelligence and even attempts to influence another nation’s political process. They may also after intellectual property data that could ultimately give the sponsoring nation a competitive (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Rodika Tollefson. Read the original post at: