This card is very advantageous for attackers as it allows them to achieved initial access or to lateral movement in a much easier manner. In some cases, this card is even required. Take for example the Replication Through Removable Media card (ATt&CK T1091). The Replication Through Removable Media card can only(!) be played if the Internal Threat Actor card is also played(!).
Playing this card however, should be very expensive to play.
This card does not require a dice.
How long should this card be allowed to remain at the game table? Two rounds seem OK. Certainly no more otherwise it will give the player that has this card a huge advantage. Besides, it is assumed that after initial compromise, the company will have detected the breach and hence, the Internal Threat Actor can no longer operate at the company (i.e. the card gets trashed). Trashing the card should cost the attacker a link or money.
The name of the card
|
Internal Threat Actor |
|---|---|
|
The card type
|
Normal card type |
|
Whether this card was meant to be played as part of another card
|
Single |
|
Whether this card must be trashed after being player or not
|
Play once |
|
Whether a certain requirement must be met before this card can be played
|
|
|
The ATT&CK tactic this card belongs to
|
|
|
The ATT&CK technique this card belongs to
|
|
|
Amount of bitcoins the player needs to pay in order to play this card
|
|
|
The amount of bitcoins the player needs to play to retreat this card
|
|
|
Cards that will counter this card
|
E.g. Security Awareness.... |
|
How rare this card is
|
High |