diff --git a/content/21.From-Audio/to-fix-transcription/AppSec/Type Of Attackers.md b/content/21.From-Audio/to-fix-transcription/AppSec/Type Of Attackers.md deleted file mode 100644 index 0a9b68b..0000000 --- a/content/21.From-Audio/to-fix-transcription/AppSec/Type Of Attackers.md +++ /dev/null @@ -1,17 +0,0 @@ -**Type Of Attackers** - -There are a number of different types of attackers that will hit the organization. In a way the key difference is whether theirs is opportunistic attacks or focused attacks on you. - -So opportunistic will basically be you just happen to be at the wrong place at the wrong time [internet speaking] and you just happen to use a particular framework or technology or be close to something or even just have some personal relationship with one of the attackers. - -And focus is when you actually are targeted by particular attackers again because they are going after your business or your type of business e.t.c. - -In a way the next big element is whether the attackers have a criminal business model or not. Yes there is some very sophisticated, state sponsored and activist attackers but the reality is the big damage is caused by criminals, kids and script kiddies less experienced attackers they are not really a problem in the medium term. - -They can cause short term damage but ultimately like I said before the way I look at it is if the attacker tells you about it, they are friends it doesn't matter how much short term pain that gives you, reality is that the consequences of an attacker actually exploiting that issue with criminal intent would be way worse. - -So the ones you have to really worry about are the criminals which have criminal business models. Because they will have a system, they will be persistent, they will invest on it and they will basically be focused on finding ways to make money out of your system. - -So it is kind of like Murphy for Murphy law that is actual malicious, it adapts, it reacts, you know it has multiple levels of activities. So I have seen cases where you have one team that will brute force log in passwords attacks and they will discover names and passwords to make sure they work and then another team that basically knows how to use them and then another team that knows how to get the money out of the systems and that is what they are doing. - -So if you happen to hit in one of those chains, you are kind of into trouble because then the attackers will be focused on your activities. \ No newline at end of file diff --git a/content/21.From-Audio/to-fix-transcription/AppSec/Types of Attackers.md b/content/21.From-Audio/to-fix-transcription/AppSec/Types of Attackers.md new file mode 100644 index 0000000..9fbfd28 --- /dev/null +++ b/content/21.From-Audio/to-fix-transcription/AppSec/Types of Attackers.md @@ -0,0 +1,17 @@ +**Types of Attackers** + +There are a number of different types of attacks that can hit your organization. The most important differential is whether they are opportunistic or focused attacks. + +An opportunistic attack happens when you are in the wrong place at the wrong time [in terms of the internet] and you use a particular framework, or technology, or you are close to something, or you may even have a personal relationship with one of the attackers; any of these variables can make you vulnerable to an opportunistic attack. + +A focused attack occurs when you are targeted by specific attackers because they are going after your business or your type of business. + +The next element to consider is whether the attackers have a criminal business model or not. There are some very sophisticated, state-sponsored, or activist attackers, but the reality is the greatest damage is caused by criminals, kids and script kiddies -- less experienced attackers who are not really a problem in the medium term. + +They can cause short-term damage, but ultimately, if the attacker tells you about it, he is a friend. It doesn't matter how much short term pain that gives you, the reality is that the consequences of an attacker actually exploiting an issue with criminal intent would be way worse. + +The ones you have to really worry about are the criminals who have criminal business models. They have a system, they invest in their system, they are persistent, and they are focused on finding ways to make money from your business. + +It is like Murphy's law: anything that can go wrong will go wrong. A targeted attack is malicious; it adapts, it reacts, it has multiple levels of activities. I have seen cases where three different teams work on an attack. One team carries out log in and password attacks to discover names and passwords and make sure they work. Another team will know how to use the names and passwords, and the third team knows how to get the money out of the system. + +So if you happen to be positioned in one of those chains, you are in trouble because then the attackers will focus on your activities.