As the security analyst for a financial institution, you uncover repeated failed login attempts against a user account during off-hours. The source addresses resolve to a country where the company has no employees or offices. Based on the threat-actor attribute of location, which type of actor is most likely responsible?
An insider threat from a current employee with authorized access
An unskilled attacker (script kiddie) located on the internal network
An external threat actor operating outside the organization
Shadow IT personnel using unapproved cloud services
Because the attempts originate from a country where the organization has no presence, the actor is almost certainly operating outside the corporate network. This matches the definition of an external threat actor-someone with no authorized access who must break in from the outside. Insider threats and shadow IT both originate from within the organization, and an unskilled attacker on the internal network would still be an internal actor, even if inexperienced. Therefore, the most likely actor is external.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are external threat actors, and how do they differ from internal threats?
Open an interactive chat with Bash
Why would the geographic location of login attempts help identify a threat actor?
Open an interactive chat with Bash
What are script kiddies, and why is it unlikely one would operate externally?