Lesson 4: Threat Actors, Attacks & the Kill Chain
Defense begins with understanding the adversary. In this lesson we meet the attackers and their motives, see why the balance favors the attacker, classify attacks (passive, active, and insider), review common attacks, and understand the Cyber Kill Chain model that lets us stop an attack as early as
An attacker only needs to find one hole, while the defender must close them all. If we understand the stages of an attack, we can stop it early.
- Threat Actor
- Anyone who may harm assets: hackers, organized crime, nation-states (APT), insiders, hacktivists, and third-party suppliers.
- APT (Advanced Persistent Threat)
- A sophisticated, well-funded attacker (often state-sponsored) running a targeted, long-lasting campaign while staying hidden over time.
- Social Engineering
- Manipulating people to obtain information or access — often the first step in phishing.
- Phishing
- Impersonating a trusted party (e.g. by email) to steal passwords and personal details.
- Malware
- Malicious software: viruses, worms, ransomware, and trojans.
- DoS / DDoS
- Flooding resources to disrupt a service and bring systems down — a direct hit to availability.
- MitM (Man-in-the-Middle)
- Intercepting the communication between two parties to eavesdrop, steal, or alter information.
- Cyber Kill Chain
- A seven-stage model describing an attack's life cycle; the defensive goal is to stop it as early as possible.