September 6, 2025 • 22 mins
Dive deep into the world of cybersecurity threat actors with Professor J-Rod as we unpack the essential definitions from Chapter 2 of the Security+ 701 certification exam. This knowledge-packed episode breaks down the critical foundation of information security risk management through clear, actionable explanations.
We start by exploring the trinity of cybersecurity concepts: vulnerability (weaknesses in systems or processes), threats (potential causes of unwanted incidents), and risk (the potential impact when threats exploit vulnerabilities). Understanding the relationship between these concepts—and the formula Risk = Threat × Vulnerability × Impact—provides the framework for all security planning and mitigation strategies.
The heart of this episode focuses on threat actors—who they are, what motivates them, and how they operate. From script kiddies to sophisticated nation-state actors, from financially-motivated cybercriminals to ideologically-driven hacktivists, we examine the full spectrum of adversaries organizations face today. You'll learn to distinguish between white hat, black hat, and gray hat hackers, understand the dangerous capabilities of Advanced Persistent Threats (APTs), and recognize the unique challenges posed by insider threats who already have legitimate access to your systems.
Whether you're studying for your Security+ certification or working to strengthen your organization's cybersecurity posture, this episode provides the foundational knowledge needed to identify, classify, and respond to the diverse threat landscape. Complete with practice questions to test your understanding, this guide will help you think like both defender and attacker—a crucial skill in today's digital battlefield. Follow Professor J-Rod on TikTok or email your cybersecurity questions directly to continue your learning journey.
If you want to help me with my research please e-mail me.
Professorjrod@gmail.com
If you want to join my question/answer zoom class e-mail me at
Professorjrod@gmail.com
Art By Sarah/Desmond
Music by Joakim Karud
Little chacha Productions
Juan Rodriguez can be reached at
TikTok @ProfessorJrod
ProfessorJRod@gmail.com
@Prof_JRod
Instagram ProfessorJRod
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:27):
And and welcome to Technology Tap.
I'm Professor J-Rock In thisepisode Security Plus 701,
chapter 2.
Let's get into it All right.
(00:57):
Welcome everyone to TechnologyTap.
For those of you who don't knowme, my name is Professor J-Rod
and I'm professor ofcybersecurity and I'm here to
help students pass their A-plus,network-plus and Security-plus
exams.
So on this episode we're goingto do Security-plus exam, the
(01:18):
701, chapter 2.
And, as I stated before, thisis mostly a definition class
exam for the most part.
So we're going to go over a lotof definitions today.
(01:42):
First we're going to talk aboutthe three terms form of the
foundation of informationsecurity risk management, which
is vulnerability, threat andrisk.
Number one is vulnerability aweakness in a system,
application process or controlthat can be explained, can exist
in software, unpatched software, hardware, for example, open
ports, or human behavior, weakpasswords.
The example that they give isoutdated operating systems with
(02:06):
known security flaws,misconfigured firewalls and lack
of employment training.
Threat is a potential case ofan unwanted incident which may
result in harm.
Can be intentional by a hackeror unintentional, natural
disaster, or human error.
Human error is possible.
I've seen it.
Somebody clicks on somethingthey're not supposed to.
(02:29):
Examples malware spreading viaemail, insider leaking data,
ransomware targeting a knownexploit, an earthquake damaging
a data center.
Next is risk the potentialimpact, damage or loss when a
threat exploits a vulnerabilityExpress the combination of
likelihood and impact.
There's actually a formula forit Risk equals threat times
(02:56):
multiplied by vulnerabilitymultiplied by impact.
Example if a threat actorexploits unknown vulnerability
in an unpatched web server, therisk is of data being breached.
If an employee falls for aphishing scam, the risk of
credential theft and systemcompromise.
A real world example a hospitalhas an outdated Windows machine
(03:20):
.
That's the vulnerability.
A criminal group launches aransomware campaign that's the
vulnerability.
A criminal group launches aransomware campaign that's the
threat.
And the outdated system getsinfected and shuts down patient
records.
That's the risk.
Attributes of threat actors.
Understanding the attributes ofthreat actors help
cybersecurity professionalsidentify, classify and respond
(03:41):
to different types of cyberthreats more efficiently.
Internal versus externalInternal has legitimate access
you employ your contractor.
External operates outside theorganization.
Hacker or competitor.
There are attributes.
It's level of sophisticationthe description ranges from low
script kiddies to high nationstate actors.
(04:02):
High sophistication may includecustom malware, zero-day
exploits.
The attribute resource andfunding.
The description threat actorswith available tools.
(04:24):
Commodity malware versus custombuilt tool kits.
Motivation financial, political,ideological or personal.
Like revenge is the description.
The attribute capability andskill set.
The description technicalskills, knowledge of systems and
the ability to exploit weakness.
Affiliation is the attribute.
(04:45):
The description is independent,lone hacker or affiliated with
a group, cyber gang, nationstate, union activist,
collective Targeting behavioropportunistic attacks with known
vulnerabilities.
Targeted chooses a specificvictim CEO, companies,
government.
And the last attribute istactics, techniques and
(05:10):
procedures, and the descriptionis patterns of behavior and
tools used during an attack.
Helps in attribution and defenseUsed in cyber defense.
Knowing the attributes of athreat actor helps you tailor
security controls, prioritizethreats by potential impact,
develop effective incidentresponse, improve attribution or
(05:33):
who is behind the attack.
Next, motivation of threatactors understanding why threat
actors launch attacks is crucialfor building risk assessments,
designing security controls anddevelop incident response
strategies.
Threat actors' motivationsdirectly influence their tactics
(05:53):
, targets and level ofpersistence.
Motivation is financial gainthe description is profit-driven
activities such as theft, fraudand extortion.
Example ransomware, credit cardtheft.
Right Motivation is politicalDescription promote political
agendas, conduct espionage ordisrupt opponents.
Examples nation-state attacks,cyber warfare, sabotage.
(06:18):
Motivation ideologicalDescription driven by facts, I'm
sorry, driven by beliefs orcauses right Religion,
environmental right, animalrights activists.
The example hacktivist right.
Anonymous right Is an example.
Motivation revenge, personalDescription, retaliation,
(06:41):
perceived wrongdoing or personalgrievance.
The example disgruntledemployee Leaking or destroying
data.
Motivation reputationalChallenge Description seeking
fame, recognition or skill.
The examples of bug bounty andwhite hat or website defamation
defacement.
Listen, if you're going to goout there in Times Square in the
(07:04):
middle of Times Square and saymy website cannot be hacked, by
the time you get to the officeit's hacked, right.
It's like that guy fromLifeLock who said here's my
social security number, try tohack it.
And people did.
They didn't buy outrageousstuff.
I think the most that theybought was cell phones.
That was the number one thing,but LifeLock didn't protect it
(07:26):
100%, so I don't know what hedid.
I wonder how many people usethe social security number for
work.
Strategic advantage descriptionlong-term surveillance or
control to gain geopoliticalstrategic advantage.
Description long-termsurveillance or control to gain
geopolitical, economic ormilitary edge.
Examples is your APTs, youradvanced, persistent threats,
(07:49):
cyber espionage.
Motivation disruption and chaos.
Description cause confusion,downtime or disorder without a
clear financial or ideologicalgoal.
Example disruptive or disorderwithout a clear financial or
ideological goal.
Example disruptive malware orwiper attacks.
Accidental or unintentionalactions without malice intent.
Malicious intent but stillcause harm.
(08:10):
Example employeesmisconfiguration of weak
password usage.
Motivation by actor type Cybercriminals are going to have
financial gain.
Nation state actors are, forpolitical reasons, espionage
activists, ideological politicalinsiders, revenge personal gain
insiders.
Accidental, non-unintentionalscript kiddies, reputational fun
(08:34):
and challenge.
Why motivation matters.
Understanding motivation helpssecurity teams predict behavior,
who, how and when, prioritizehigh value assets and align
defense strategy with threatmodels.
Hacktivists there are twodistinctive types of threat
(08:57):
actors, each with differentskill, goals and ethical
boundaries.
Understanding their behaviorhelps tailor organizational
defenses accordingly.
Who are hackers?
A hacker is someone who'sskilled in technology, who
explores, manipulates orexploits systems and networks.
Hackers fall into variouscategories based on intent and
(09:19):
authorization.
You have white hat hackers,black hat hackers, gray hat
script kitties, blue hat, redteam, green hat, right.
Those are your type of hackers.
White hat is our ethicalhackers who test systems with
permission.
Black hat malicious hackers whobreak into system without
authorization for personal gain.
Gray hat operating in betweenmay exploit flaws without
permission, but not always.
(09:40):
Malicious.
Script kiddies inexperiencedindividuals who use pre-made
tools or script without fullunderstanding.
Blue hat team securityprofessionals hired to test
software for bugs before publicrelease.
Red hat team offensive securityexperts simulating real-world
attacks to improve defense.
Green hat hackers in training,who are learning to become
(10:03):
skilled in ethical hacking.
Who are hacktivists?
Hacktivists is hacker plus.
Activists Use hackingtechnologies to promote
political, social, ideologicalagendas.
Their goal isn't personal, butto make a statement or drive
awareness.
Characteristics of hacktivistsare often target governments,
corporations or institutionsthey view as corrupt or unjust
(10:25):
use.
Techniques like websitedefacement, data leaks and DDoS
attacks operate under a moral orethical justification Right.
The example that they give isthe group Anonymous.
Let's see.
They do a comparison hackersversus hacktivists, right?
Hackers their motivation isprofit, curiosity, challenge,
(10:48):
fame.
Hacktivists is political,ideological beliefs.
Targets for hackers are broadpersonal, corporate, public
Hacktivists they're veryspecific or political entities
they're very specific orpolitical entities.
Techniques for hackers there'swidely different ways.
For hacktivists.
(11:08):
They use website defacementsand DDoS, of course, if it's
legal, various white hats arelegal.
Black hats are not Forhacktivists.
It's generally not legal right.
They're all illegal.
Black hats are not Generallynot For hacktivists.
It's generally not legal right.
They are all illegal.
Let's see.
Next we talk about nation-stateactors and advanced persistent
threats.
Nation-state actors and APTsare the most dangerous and
(11:33):
sophisticated threat actors inthe cybersecurity landscape.
They are capable of long-term,stealthy and highly targeted
operations designed to serve thestrategic, political, economic
or military interests of acountry.
Nation-state actors.
Threat actors sponsored, fundedor directed by national
government.
The objectives is espionage,steal sensitive government,
(11:55):
corporate or research data.
Disruption, cripple criticalinfrastructures, power grades,
hospitals.
Sabotage, dismantle rivalcapabilities, nuclear defense,
propaganda and influence, spreaddisinformation or manipulate
public opinion.
Cyber warfare, prepare digitalbattlegrounds for geopolitical
(12:16):
advantage.
Characteristics operate with alot of money.
Right, these guys have a lot ofmoney because they're backed by
a state.
Often have legal and politicalimmunity.
Highly skilled teams withaccess to zero-day
vulnerabilities.
Use of false flag operationsMay operate via front companies
or third-party contractors.
(12:38):
Advanced persistent threat aprolonged and targeted cyber
attack in which an intrudergains access and remains
undetected for extended period,usually backed by a nation state
.
Their lifecycle initial accessspear phishing, exploiting
zero-day vulnerabilities.
They establish a foothold bydeploying malware and creating
backdoors.
They escalate privileges.
(12:59):
They gain admin root access,internal reconnaissance, map the
network and identify valuableassets.
Lateral movement spread acrossthe system, undetected Data
extradition, steal sensitivedata over time, maintain
persistence, leave hidden toolsfor future access.
Key attributes stealthy andadaptive.
(13:19):
And they have a long, long termpremise, usually months or
years.
To this day, notable APT groupsFancy Bear, which are Russian.
Alleged Cozy Bear allegedlyRussian, comet Crew allegedly is
China, lazarus Group, which isNorth Korean, and APT33 is
(13:42):
allegedly Iran.
All right, why they'redangerous?
They're difficult to detect andremove.
Long-term espionage and sabotage, strategic impact on national
security, economy and criticalinfrastructure.
Then you have organized crimeand competitors as threat actors
.
In the cybersecurity world.
(14:03):
Organized crime groups andcorporate competitors represent
distinctive but highly dangerousthreats, often motivated by
financial gain, intellectualproperty theft and strategic
disruption.
Organized crime threat actorsCriminal organizations that use
cyberattacks to conduct illegalactivities for profit.
(14:25):
They operate like a business,with hierarchies, resources and
long-term plans.
Key characteristics they'rewell-funded and structured like
a cartel or mafia.
Operate across multiplejurisdictions, making
prosecution difficult.
Offer crime as a service model.
Ransomware as a service.
Highly collaborative work withbrokers, launderers and malware
(14:48):
developers.
Use social engineering,ransomware, phishing and fraud
as primary tactics.
Common activity ransomware,financial fraud on credit card
companies.
Data breach and identity theftand cryptojacking.
Hijacking computing resourcesto mine cryptocurrency.
(15:11):
Corporate competitors or cyberespionage is business rivals who
engage in unauthorized accessto sensitive data or sabotage
for competitive advantage, oftenlinked to industrial espionage.
Key characteristics many useinsider threats, bribes or
malware to obtain proprietaryinformation.
More common in high-valuesectors tech, farm, aerospace
(15:33):
finance.
Tactics that can be subtle datatheft, supply chain compromise,
disinformation campaigns.
Common targets are tradesecrets, patents, proprietary
algorithms, employee credentialsfor lateral movement.
Internal threat actors areindividuals within an
(15:55):
organization who pose a risk todata systems and operations,
either intentionally orunintentionally.
Unlike external attackers,insiders have legitimate access,
making the actions harder todetect and stop Got to worry
about.
It's the guy inside?
It's the guy who has accessalready right?
It's not the guy sitting in thebasement.
It's this guy, right, either bypurpose or by accident, right.
(16:20):
You never know when this mighthappen.
This is the.
This the one guy you got to.
You got to be worried about themost types of internal threat
actors.
You have your malicious actors.
Intentional threat actors withinthe organization may act out of
revenge, greed, ideology,ideology or coercion.
Ideology or coercion.
(16:45):
Examples of disgruntledemployee deleting critical files
.
An insider selling customerdata to competitors.
A contractor installing spywareto steal trade secrets.
Two unintentional insiderscause harm without malicious
intent, often due to lack oftraining, negligence or mistakes
.
Example an employee clicking ona phishing link, misconfiguring
a cloud storage bucket andexposing data or sending
(17:06):
sensitive data to the wrongrecipients.
Then you have your shadow ITusers.
Employee using unauthorizedhardware apps or services.
Bypass official IT policies.
Increasing risk using personalDropbox for company files,
setting up rogue wireless accesspoint I've seen that and
installing unapproved browserextensions.
(17:31):
Indicators of insider threatsunusual login times or location,
high volume of file transfers.
Assessing data unrelated to jobduties, sudden changes in
behavior or performance andattempting to disable monitoring
tools.
Mitigating insider threats useleast privilege.
(17:52):
Not only give users access towhat they need user activity
monitoring, log and reviewactions.
Security awareness training.
Teach users about phishingpolicies and risk.
Background checks.
Vet employees and contractorsduring onboarding.
Incident response planning.
Establish protocol for insiderincidents.
Separations of duties splitcrucial tasks to avoid abuse of
(18:17):
authority.
All right, that takes care ofpart one of chapter two.
Let's go on to the questions,all right?
Question one which attributedescribes the level of expertise
and technical knowledge athreat actor brings to an attack
(18:40):
?
A resources, b capabilities, csophistication, d motivation.
Which attribute describes thelevel of expertise and technical
knowledge a threat actor bringsto an attack?
A resources, b capability, csophistication, d motivation
Right, so the level of expertiseand tech and technical
(19:03):
knowledge.
So the answer is what?
The answer is C sophistication,right, he knows all these, all
of this stuff, all right.
Next number two a threat actorbacked by government and capable
of developing zero day exploitsdemonstrates which attributes
low resource, a low resources, bhigh resources and funding.
C Opportunistic, targeting, dAccidental affiliation.
(19:26):
I'll read it again A threatactor backed by government and
capable of developing zero-dayexploits demonstrates which
attribute A Low resources, bHigh resources and funding.
C Opportunistic, targeting, dAccidental affili.
Think about it for a second.
Which one you think it is?
The answer is B high resourcesand funding.
(19:47):
The clue is backed bygovernment, right?
Government has a lot of money.
Which attribute explains whythreat actor conducts malicious
activity?
A motivation, b affiliation, cttp.
Again, which attribute explainwhy threat actor conducts a
malicious activity?
(20:08):
A motivation, b affiliation, ctargeting, d ttps.
And the answer is what guys?
What do you think?
The answer is a motivation,right.
When he's doing maliciousactivity, there's a reason why
there's a motivation for that.
A hacktivist group launching aDDoS attack against a financial
(20:28):
institution for ideologicalreasons best illustrates which
threat actor attributes Amotivation and targeting.
B sophistication and funding, ccapabilities and resources.
A, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a,
a, aation and funding, ccapabilities and resources, and
(21:04):
D affiliation and tactics,techniques and procedures.
The answer is A motivation andtargeting Right hacktivists.
They're motivated by something.
They have a specific target inmind.
All right, last one, whichattributes refers to techniques
and operational methods.
A threat actor commonly employsA motivation B targeting C TTPs
(21:28):
, tactics, techniques andprocedures, and D resources.
Read it again which attributesrefers to techniques and
operation methods.
A threat actor commonly employsA motivation B targeting C TTPs
, employees, a motivation betargeting C TTPs and D resources
.
Think about it for a minute andthe answer is C tactics,
techniques and procedures.
(21:49):
All right, hope you got themall right, if you did put your
patches up on the back.
This is back.
This is going to be it forchapter two.
This is part A of the SecurityPlus 701 exam.
(22:09):
Until next time, thanks.
This has been a part of LittleTrash Productions.
Art by Sarah, music by Jo Kim.
You can follow me on TikTok atProfessorJRod.
That'sP-R-O-F-E-S-S-O-R-J-R-O-D, and
(22:34):
you can email me atProfessorJRod at gmailcom.
And and welcome to Technology Tap.
I'm Professor J-Rock In thisepisode Security Plus 701,
chapter 2.
Let's get into it All right.
(00:57):
Welcome everyone to TechnologyTap.
For those of you who don't knowme, my name is Professor J-Rod
and I'm professor ofcybersecurity and I'm here to
help students pass their A-plus,network-plus and Security-plus
exams.
So on this episode we're goingto do Security-plus exam, the
(01:18):
701, chapter 2.
And, as I stated before, thisis mostly a definition class
exam for the most part.
So we're going to go over a lotof definitions today.
(01:42):
First we're going to talk aboutthe three terms form of the
foundation of informationsecurity risk management, which
is vulnerability, threat andrisk.
Number one is vulnerability aweakness in a system,
application process or controlthat can be explained, can exist
in software, unpatched software, hardware, for example, open
ports, or human behavior, weakpasswords.
The example that they give isoutdated operating systems with
(02:06):
known security flaws,misconfigured firewalls and lack
of employment training.
Threat is a potential case ofan unwanted incident which may
result in harm.
Can be intentional by a hackeror unintentional, natural
disaster, or human error.
Human error is possible.
I've seen it.
Somebody clicks on somethingthey're not supposed to.
(02:29):
Examples malware spreading viaemail, insider leaking data,
ransomware targeting a knownexploit, an earthquake damaging
a data center.
Next is risk the potentialimpact, damage or loss when a
threat exploits a vulnerabilityExpress the combination of
likelihood and impact.
There's actually a formula forit Risk equals threat times
(02:56):
multiplied by vulnerabilitymultiplied by impact.
Example if a threat actorexploits unknown vulnerability
in an unpatched web server, therisk is of data being breached.
If an employee falls for aphishing scam, the risk of
credential theft and systemcompromise.
A real world example a hospitalhas an outdated Windows machine
(03:20):
.
That's the vulnerability.
A criminal group launches aransomware campaign that's the
vulnerability.
A criminal group launches aransomware campaign that's the
threat.
And the outdated system getsinfected and shuts down patient
records.
That's the risk.
Attributes of threat actors.
Understanding the attributes ofthreat actors help
cybersecurity professionalsidentify, classify and respond
(03:41):
to different types of cyberthreats more efficiently.
Internal versus externalInternal has legitimate access
you employ your contractor.
External operates outside theorganization.
Hacker or competitor.
There are attributes.
It's level of sophisticationthe description ranges from low
script kiddies to high nationstate actors.
(04:02):
High sophistication may includecustom malware, zero-day
exploits.
The attribute resource andfunding.
The description threat actorswith available tools.
(04:24):
Commodity malware versus custombuilt tool kits.
Motivation financial, political,ideological or personal.
Like revenge is the description.
The attribute capability andskill set.
The description technicalskills, knowledge of systems and
the ability to exploit weakness.
Affiliation is the attribute.
(04:45):
The description is independent,lone hacker or affiliated with
a group, cyber gang, nationstate, union activist,
collective Targeting behavioropportunistic attacks with known
vulnerabilities.
Targeted chooses a specificvictim CEO, companies,
government.
And the last attribute istactics, techniques and
(05:10):
procedures, and the descriptionis patterns of behavior and
tools used during an attack.
Helps in attribution and defenseUsed in cyber defense.
Knowing the attributes of athreat actor helps you tailor
security controls, prioritizethreats by potential impact,
develop effective incidentresponse, improve attribution or
(05:33):
who is behind the attack.
Next, motivation of threatactors understanding why threat
actors launch attacks is crucialfor building risk assessments,
designing security controls anddevelop incident response
strategies.
Threat actors' motivationsdirectly influence their tactics
(05:53):
, targets and level ofpersistence.
Motivation is financial gainthe description is profit-driven
activities such as theft, fraudand extortion.
Example ransomware, credit cardtheft.
Right Motivation is politicalDescription promote political
agendas, conduct espionage ordisrupt opponents.
Examples nation-state attacks,cyber warfare, sabotage.
(06:18):
Motivation ideologicalDescription driven by facts, I'm
sorry, driven by beliefs orcauses right Religion,
environmental right, animalrights activists.
The example hacktivist right.
Anonymous right Is an example.
Motivation revenge, personalDescription, retaliation,
(06:41):
perceived wrongdoing or personalgrievance.
The example disgruntledemployee Leaking or destroying
data.
Motivation reputationalChallenge Description seeking
fame, recognition or skill.
The examples of bug bounty andwhite hat or website defamation
defacement.
Listen, if you're going to goout there in Times Square in the
(07:04):
middle of Times Square and saymy website cannot be hacked, by
the time you get to the officeit's hacked, right.
It's like that guy fromLifeLock who said here's my
social security number, try tohack it.
And people did.
They didn't buy outrageousstuff.
I think the most that theybought was cell phones.
That was the number one thing,but LifeLock didn't protect it
(07:26):
100%, so I don't know what hedid.
I wonder how many people usethe social security number for
work.
Strategic advantage descriptionlong-term surveillance or
control to gain geopoliticalstrategic advantage.
Description long-termsurveillance or control to gain
geopolitical, economic ormilitary edge.
Examples is your APTs, youradvanced, persistent threats,
(07:49):
cyber espionage.
Motivation disruption and chaos.
Description cause confusion,downtime or disorder without a
clear financial or ideologicalgoal.
Example disruptive or disorderwithout a clear financial or
ideological goal.
Example disruptive malware orwiper attacks.
Accidental or unintentionalactions without malice intent.
Malicious intent but stillcause harm.
(08:10):
Example employeesmisconfiguration of weak
password usage.
Motivation by actor type Cybercriminals are going to have
financial gain.
Nation state actors are, forpolitical reasons, espionage
activists, ideological politicalinsiders, revenge personal gain
insiders.
Accidental, non-unintentionalscript kiddies, reputational fun
(08:34):
and challenge.
Why motivation matters.
Understanding motivation helpssecurity teams predict behavior,
who, how and when, prioritizehigh value assets and align
defense strategy with threatmodels.
Hacktivists there are twodistinctive types of threat
(08:57):
actors, each with differentskill, goals and ethical
boundaries.
Understanding their behaviorhelps tailor organizational
defenses accordingly.
Who are hackers?
A hacker is someone who'sskilled in technology, who
explores, manipulates orexploits systems and networks.
Hackers fall into variouscategories based on intent and
(09:19):
authorization.
You have white hat hackers,black hat hackers, gray hat
script kitties, blue hat, redteam, green hat, right.
Those are your type of hackers.
White hat is our ethicalhackers who test systems with
permission.
Black hat malicious hackers whobreak into system without
authorization for personal gain.
Gray hat operating in betweenmay exploit flaws without
permission, but not always.
(09:40):
Malicious.
Script kiddies inexperiencedindividuals who use pre-made
tools or script without fullunderstanding.
Blue hat team securityprofessionals hired to test
software for bugs before publicrelease.
Red hat team offensive securityexperts simulating real-world
attacks to improve defense.
Green hat hackers in training,who are learning to become
(10:03):
skilled in ethical hacking.
Who are hacktivists?
Hacktivists is hacker plus.
Activists Use hackingtechnologies to promote
political, social, ideologicalagendas.
Their goal isn't personal, butto make a statement or drive
awareness.
Characteristics of hacktivistsare often target governments,
corporations or institutionsthey view as corrupt or unjust
(10:25):
use.
Techniques like websitedefacement, data leaks and DDoS
attacks operate under a moral orethical justification Right.
The example that they give isthe group Anonymous.
Let's see.
They do a comparison hackersversus hacktivists, right?
Hackers their motivation isprofit, curiosity, challenge,
(10:48):
fame.
Hacktivists is political,ideological beliefs.
Targets for hackers are broadpersonal, corporate, public
Hacktivists they're veryspecific or political entities
they're very specific orpolitical entities.
Techniques for hackers there'swidely different ways.
For hacktivists.
(11:08):
They use website defacementsand DDoS, of course, if it's
legal, various white hats arelegal.
Black hats are not Forhacktivists.
It's generally not legal right.
They're all illegal.
Black hats are not Generallynot For hacktivists.
It's generally not legal right.
They are all illegal.
Let's see.
Next we talk about nation-stateactors and advanced persistent
threats.
Nation-state actors and APTsare the most dangerous and
(11:33):
sophisticated threat actors inthe cybersecurity landscape.
They are capable of long-term,stealthy and highly targeted
operations designed to serve thestrategic, political, economic
or military interests of acountry.
Nation-state actors.
Threat actors sponsored, fundedor directed by national
government.
The objectives is espionage,steal sensitive government,
(11:55):
corporate or research data.
Disruption, cripple criticalinfrastructures, power grades,
hospitals.
Sabotage, dismantle rivalcapabilities, nuclear defense,
propaganda and influence, spreaddisinformation or manipulate
public opinion.
Cyber warfare, prepare digitalbattlegrounds for geopolitical
(12:16):
advantage.
Characteristics operate with alot of money.
Right, these guys have a lot ofmoney because they're backed by
a state.
Often have legal and politicalimmunity.
Highly skilled teams withaccess to zero-day
vulnerabilities.
Use of false flag operationsMay operate via front companies
or third-party contractors.
(12:38):
Advanced persistent threat aprolonged and targeted cyber
attack in which an intrudergains access and remains
undetected for extended period,usually backed by a nation state
.
Their lifecycle initial accessspear phishing, exploiting
zero-day vulnerabilities.
They establish a foothold bydeploying malware and creating
backdoors.
They escalate privileges.
(12:59):
They gain admin root access,internal reconnaissance, map the
network and identify valuableassets.
Lateral movement spread acrossthe system, undetected Data
extradition, steal sensitivedata over time, maintain
persistence, leave hidden toolsfor future access.
Key attributes stealthy andadaptive.
(13:19):
And they have a long, long termpremise, usually months or
years.
To this day, notable APT groupsFancy Bear, which are Russian.
Alleged Cozy Bear allegedlyRussian, comet Crew allegedly is
China, lazarus Group, which isNorth Korean, and APT33 is
(13:42):
allegedly Iran.
All right, why they'redangerous?
They're difficult to detect andremove.
Long-term espionage and sabotage, strategic impact on national
security, economy and criticalinfrastructure.
Then you have organized crimeand competitors as threat actors
.
In the cybersecurity world.
(14:03):
Organized crime groups andcorporate competitors represent
distinctive but highly dangerousthreats, often motivated by
financial gain, intellectualproperty theft and strategic
disruption.
Organized crime threat actorsCriminal organizations that use
cyberattacks to conduct illegalactivities for profit.
(14:25):
They operate like a business,with hierarchies, resources and
long-term plans.
Key characteristics they'rewell-funded and structured like
a cartel or mafia.
Operate across multiplejurisdictions, making
prosecution difficult.
Offer crime as a service model.
Ransomware as a service.
Highly collaborative work withbrokers, launderers and malware
(14:48):
developers.
Use social engineering,ransomware, phishing and fraud
as primary tactics.
Common activity ransomware,financial fraud on credit card
companies.
Data breach and identity theftand cryptojacking.
Hijacking computing resourcesto mine cryptocurrency.
(15:11):
Corporate competitors or cyberespionage is business rivals who
engage in unauthorized accessto sensitive data or sabotage
for competitive advantage, oftenlinked to industrial espionage.
Key characteristics many useinsider threats, bribes or
malware to obtain proprietaryinformation.
More common in high-valuesectors tech, farm, aerospace
(15:33):
finance.
Tactics that can be subtle datatheft, supply chain compromise,
disinformation campaigns.
Common targets are tradesecrets, patents, proprietary
algorithms, employee credentialsfor lateral movement.
Internal threat actors areindividuals within an
(15:55):
organization who pose a risk todata systems and operations,
either intentionally orunintentionally.
Unlike external attackers,insiders have legitimate access,
making the actions harder todetect and stop Got to worry
about.
It's the guy inside?
It's the guy who has accessalready right?
It's not the guy sitting in thebasement.
It's this guy, right, either bypurpose or by accident, right.
(16:20):
You never know when this mighthappen.
This is the.
This the one guy you got to.
You got to be worried about themost types of internal threat
actors.
You have your malicious actors.
Intentional threat actors withinthe organization may act out of
revenge, greed, ideology,ideology or coercion.
Ideology or coercion.
(16:45):
Examples of disgruntledemployee deleting critical files
.
An insider selling customerdata to competitors.
A contractor installing spywareto steal trade secrets.
Two unintentional insiderscause harm without malicious
intent, often due to lack oftraining, negligence or mistakes
.
Example an employee clicking ona phishing link, misconfiguring
a cloud storage bucket andexposing data or sending
(17:06):
sensitive data to the wrongrecipients.
Then you have your shadow ITusers.
Employee using unauthorizedhardware apps or services.
Bypass official IT policies.
Increasing risk using personalDropbox for company files,
setting up rogue wireless accesspoint I've seen that and
installing unapproved browserextensions.
(17:31):
Indicators of insider threatsunusual login times or location,
high volume of file transfers.
Assessing data unrelated to jobduties, sudden changes in
behavior or performance andattempting to disable monitoring
tools.
Mitigating insider threats useleast privilege.
(17:52):
Not only give users access towhat they need user activity
monitoring, log and reviewactions.
Security awareness training.
Teach users about phishingpolicies and risk.
Background checks.
Vet employees and contractorsduring onboarding.
Incident response planning.
Establish protocol for insiderincidents.
Separations of duties splitcrucial tasks to avoid abuse of
(18:17):
authority.
All right, that takes care ofpart one of chapter two.
Let's go on to the questions,all right?
Question one which attributedescribes the level of expertise
and technical knowledge athreat actor brings to an attack
(18:40):
?
A resources, b capabilities, csophistication, d motivation.
Which attribute describes thelevel of expertise and technical
knowledge a threat actor bringsto an attack?
A resources, b capability, csophistication, d motivation
Right, so the level of expertiseand tech and technical
(19:03):
knowledge.
So the answer is what?
The answer is C sophistication,right, he knows all these, all
of this stuff, all right.
Next number two a threat actorbacked by government and capable
of developing zero day exploitsdemonstrates which attributes
low resource, a low resources, bhigh resources and funding.
C Opportunistic, targeting, dAccidental affiliation.
(19:26):
I'll read it again A threatactor backed by government and
capable of developing zero-dayexploits demonstrates which
attribute A Low resources, bHigh resources and funding.
C Opportunistic, targeting, dAccidental affili.
Think about it for a second.
Which one you think it is?
The answer is B high resourcesand funding.
(19:47):
The clue is backed bygovernment, right?
Government has a lot of money.
Which attribute explains whythreat actor conducts malicious
activity?
A motivation, b affiliation, cttp.
Again, which attribute explainwhy threat actor conducts a
malicious activity?
(20:08):
A motivation, b affiliation, ctargeting, d ttps.
And the answer is what guys?
What do you think?
The answer is a motivation,right.
When he's doing maliciousactivity, there's a reason why
there's a motivation for that.
A hacktivist group launching aDDoS attack against a financial
(20:28):
institution for ideologicalreasons best illustrates which
threat actor attributes Amotivation and targeting.
B sophistication and funding, ccapabilities and resources.
A, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a,
a, aation and funding, ccapabilities and resources, and
(21:04):
D affiliation and tactics,techniques and procedures.
The answer is A motivation andtargeting Right hacktivists.
They're motivated by something.
They have a specific target inmind.
All right, last one, whichattributes refers to techniques
and operational methods.
A threat actor commonly employsA motivation B targeting C TTPs
(21:28):
, tactics, techniques andprocedures, and D resources.
Read it again which attributesrefers to techniques and
operation methods.
A threat actor commonly employsA motivation B targeting C TTPs
, employees, a motivation betargeting C TTPs and D resources
.
Think about it for a minute andthe answer is C tactics,
techniques and procedures.
(21:49):
All right, hope you got themall right, if you did put your
patches up on the back.
This is back.
This is going to be it forchapter two.
This is part A of the SecurityPlus 701 exam.
(22:09):
Until next time, thanks.
This has been a part of LittleTrash Productions.
Art by Sarah, music by Jo Kim.
You can follow me on TikTok atProfessorJRod.
That'sP-R-O-F-E-S-S-O-R-J-R-O-D, and
(22:34):
you can email me atProfessorJRod at gmailcom.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Cardiac Cowboys
The heart was always off-limits to surgeons. Cutting into it spelled instant death for the patient. That is, until a ragtag group of doctors scattered across the Midwest and Texas decided to throw out the rule book. Working in makeshift laboratories and home garages, using medical devices made from scavenged machine parts and beer tubes, these men and women invented the field of open heart surgery. Odds are, someone you know is alive because of them. So why has history left them behind? Presented by Chris Pine, CARDIAC COWBOYS tells the gripping true story behind the birth of heart surgery, and the young, Greatest Generation doctors who made it happen. For years, they competed and feuded, racing to be the first, the best, and the most prolific. Some appeared on the cover of Time Magazine, operated on kings and advised presidents. Others ended up disgraced, penniless, and convicted of felonies. Together, they ignited a revolution in medicine, and changed the world.