In WordPress, a script kiddie may attempt to hack into sites using pre-created exploits designed to take advantage of known plugin vulnerabilities, or even develop their own scripts since most WordPress vulnerabilities are fairly trivial to exploit. The key indicator that a threat actor is a script kiddie is that they succeeded in initial intrusion and made a few obvious changes, but there isn’t much evidence that the attack escalated beyond that initial point. They can also develop their own scripts, however, they will likely be very simple and there may be an apparent lack of sophistication in the scripts they develop.Ī common result of an attack you would see from a script kiddie is the defacement of a website, which is altering the physical appearance of a site with a new “face.” Defacement pages typically contain taglines like “Hacked by XXX”, which highlights the fact that the primary motivation is bragging rights. This threat actor group is referred to as script kiddies as they often blindly use scripts developed by other security researchers without knowledge of how those scripts actually work. Their motivation is primarily egotistical and revolves around bragging rights. Script Kiddies are considered the least skilled among the threat actor groups. In this article, we hope to identify common threat actor classifications so that your incident response planning is informed, thorough and thoughtful. Once you understand those basics it is easier to understand who may be responsible based upon the facts. If an organization doesn’t understand the actors behind an attack, they can risk ineffective or inefficient remediation.īefore we can determine attribution we need to understand what types of threats there are, and what they may be capable of. Simply put, a threat actor’s motivation is critically important when determining what part of a business is at risk. In determining attribution, security professionals identify operational risks. Is knowing the threat actor helpful? Or is it a needless distraction when an intense incident response is underway? There is often debate in the security world about attribution. The process of identifying the threat actor in a security incident is referred to as attribution, as we are determining what or whom caused an incident to occur. Of course, one of the biggest questions for security analysts is who is responsible. You can follow Chloe on Twitter SolarWinds Orion hack is one of the most sophisticated hacks we have seen in a long time, and arguably one of the most significant hacks in years. Chloe also discusses several types of threat actors, and then dives into the SolarWinds hack and assigns probabilities to each kind of threat actor based on what we know about the hack. She describes the challenges associated with attribution and whether attribution is useful. In the piece below, Chloe describes how threat analysts and the industry think about attribution.
SOLARWINDS ORION HACKED SOFTWARE
She works closely with vendors to remediate vulnerabilities they have, develops firewall rules for Wordfence, and publishes her research here, once the affected software has been patched by the vendor. Many of these are advanced certifications including OSCP and OSWE which are 24 and 48 hour exams respectively, that require hands-on hacking skills to pass.Ĭhloe works full-time at Wordfence to identify and reverse engineer emerging threats facing WordPress. She holds the following certifications: OSCP, OSWP, OSWE, Security+, CySA+, PenTest+, CASP+, SSCP, Associate of (ISC)2, CEH, ECSA and eWPT. Chloe Chamberland is a threat analyst and member of the Wordfence Threat Intelligence Team.
0 kommentar(er)
