Skip to main content
HashnodeIsabella's Cyber NotesIsabella's Cyber Notes

Command Palette

Search for a command to run...

Comparing threat types

Updated
4 min read
I
isabellaguran
Building a Cybersecurity foundation
Part of seriesCompTIA Security+

This lesson focuses on the core components of the modern threat landscape, specifically identifying the "who," "how," and "why" behind security breaches.

I. The Core Security Formula

The relationship between vulnerability, threat, and risk is defined as: Vulnerability + Threat = Risk

  • Vulnerability: A specific weakness (e.g., an unpatched server, an open firewall port, or lack of antivirus)

  • Threat: The potential for a vulnerability to be exploited. It is the statistical chance that an actor will take advantage of a weakness

  • Risk: The actual level of hazard or impact posed. High risk typically demands immediate patching

II. Threat Actor Attributes & Sophistication

Threat actors are no longer just evaluated by their tools, but by their Adversary Behaviors. Modern security tools look for "out of the ordinary" behavior (like irregular login hours) rather than just known virus signatures

  • Internal vs. External:

    • Internal: Employees, contractors, or partners. They may be malicious (seeking financial gain or revenge) or unintentional (caused by "Shadow IT," weak training, or poor adherence to policies).

    • Strategy: Always apply the Concept of Least Privilege to mitigate internal threats.

  • Levels of Sophistication:

    • Low Capability: Rely on "commodity tools" (pre-made software). Often referred to as Script Kiddies.

    • High Capability: Very skilled, often working in organized groups with significant funding and resources. They create "novel vectors" and may have access to political or military assets.

III. Motivations & Strategies

The motivation for attacks has shifted from simple curiosity or notoriety to more structured goals :

  • Motivations: Financial gain (greed), Revenge, Political gain, or Espionage.

  • Strategies:

    • Service Disruption: Aimed at stopping business operations (often revenge-driven)

    • Data Exfiltration: Stealing sensitive information

    • Disinformation: Spreading false info for strategic advantage

IV. Attack Surface & Vectors

  • Attack Surface: The sum of all points where an attacker can discover or exploit vulnerabilities. This spans physical, network, application, and human surfaces.

  • Threat Vectors: The specific "path" used to execute an attack.

    • Network Vectors: Include unsecure networks, open TCP/UDP ports, and default credentials (passwords).

    • Software Vectors: Vulnerable code, unsupported applications, and delays in patching.

V. Specific Actor Types

  • Organized Crime: Highly resourced, motivated by profit, and operating across legal jurisdictions.

  • Nation-State Actors & APTs: Attached to governments or militaries. They use Advanced Persistent Threats (APT) for long-term espionage and may use "False Flag" operations to shift blame.

  • Hacktivists: Use hacking to promote a political agenda or social change.

  • Competitors: Engage in cyber-espionage or disinformation to gain a business advantage.

III. Human Vectors & Social Engineering

Social engineering is the art of manipulating people into divulging confidential information or performing actions that compromise security.

  • Principles of Social Engineering:

    • Authority: Impersonating a boss or IT technician to demand compliance.

    • Urgency: Creating a false "emergency" (e.g., "Your account will be deleted in 10 minutes") to force quick, unthinking action.

    • Scarcity/Gifting: Offering something limited or "free" to lure clicks.

    • Consensus/Social Proof: Making it seem like everyone else is doing it (e.g., "All employees have already signed this form").

  • Common Attack Methods:

    • Pretexting: Creating a fabricated scenario (the "pretext") to steal data (e.g., "I'm calling from HR to verify your payroll details").

    • Phishing & Pharming: Phishing uses fraudulent emails; Pharming redirects users from a legitimate website to a fake one by poisoning DNS or host files.

    • Typosquatting: Registering domain names that are common misspellings of popular sites (e.g., gogle.cominstead of google.com) to catch users who make typing errors.

    • Business Email Compromise (BEC): A highly targeted attack where an actor hacks or spoof-impersonates a high-level executive to authorize fraudulent wire transfers.

IV. Physical Attack Surfaces

The lesson reminds us that digital security is useless if physical security fails:

  • Tailgating/Piggybacking: Following an authorized person through a secure door without scanning a badge.

  • Dumpster Diving: Searching through trash for discarded "hard" data like passwords on sticky notes or sensitive reports.

  • Shoulder Surfing: Simply watching someone type their PIN or password.

Highlights from Your Personal Notes

I noticed these specific additions in your notebook that add "real-world" flavor to the lesson:

  • Shadow IT & Training: You noted that "unintentional" internal threats often stem from a lack of training or employees using unauthorized apps (Shadow IT) to get their work done faster.

  • Skill Levels: You emphasized that while "Script Kiddies" use commodity tools, Organized Crime and APTs have the funding to develop "Novel Vectors" (new ways to attack that haven't been seen before).

  • The "Attacker Strategy" Table: Your notes neatly categorize motivations like Espionage, Service Disruption, and Disinformation, which are critical for the exam's "Compare and Contrast" objectives.

Comments

Join the discussion

No comments yet. Be the first to comment.

CompTIA Security+

Part 3 of 13

Notes for Security+ Exam

Up next

Quiz: Comparing Threat Types

How is "Risk" calculated in a security environment? A) Vulnerability + Impact B) Vulnerability + Threat C) Asset + Threat D) Impact + Likelihood Answer: B Explanation: As you noted on page one

More from this blog

I

Isabella's Cyber Notes

13 posts