Cyber Threat Actors – Motivations and Tactics: Module 2
Data breaches have become commonplace, and any business and governmental organization can be a target. It’s become crucial to know the difference between threat actors, their motivation, and what you should expect. In module 1 we have discussed Cyber Threat terms that are helpful to know as well as what is a cyber attack.
Cyber Threat Actors and Their Motivations
Cyber threat actors are individuals or coordinated groups that attack people or organizations for personal, national, social, or political gain. Below, we cover the most prominent categories and their motivations.
- Script kiddies: A malicious hacker with little or no experience. They use an existing script or application to launch hacking attacks. While their motivation can be boredom or peer recognition, they can still cause profound damage to the company.
- Hacktivists: Individuals who use their hacking skills to achieve social, political, or ideological goals. Their actions can result in government-related and high-impact disruptions.
- Gray hat hackers: Experienced individuals with extensive knowledge of breaking into computer networks. Their motivations are usually without malicious intent. Still, they may sometimes violate laws or have lax ethical standards. Their goal may be to leak stories to the media, track down debtors, conduct private investigations, and adjust insurance premiums.
- Insiders: These are individuals that have current or former relations with the company (employees, contractors, or business partners). They usually have authorized access to the company’s resources and intentionally misuse their position to affect the company’s information system, causing loss.
- Nation-state hackers: These are also called Advanced Persistent Threats (APT). They’re highly experienced and act in groups. In some cases, they’re administered by governments and deal with national security level information. These groups carry on the attacks on high-impact geopolitical sources and until they succeed.
- Terrorist groups: Like in real life, in the digital world, too, these groups aim at disruption and inducing fear for political, religious, and social change. The attacks by these groups are malicious or even violent in nature.
What Tactics Do Cyber Threat Actors Use?
Cyber threat actors use various methods and attack types to steal their victims’ personal information, assets, or money. Attacks vary in what they target. Some attacks target software and hardware faults, while others exploit human vulnerabilities.
The latter category is called social engineering. To carry out the attack, the cybercriminal:
- Studies the victims for a while
- Infiltrates their “inbox”
- Exploits the available resources
- Swiftly leaves with no trace
The threat actor makes it their goal to put you in a position where you act based on emotion. These include urgency prompts, making a quick decision, and heightened emotional state. It’s also typical for the message to be too good for the reality or offer help you didn’t ask for. One of the best examples of a social engineering attack is the notorious “Nigerian prince” that left you a pile of money.
Below are a few widespread social engineering attack types:
- Email phishing: A cyberthreat where the attacker gathers data by sending deceptive emails to the victims.
- Vishing (voice phishing): This type of attack uses voicemails to steal personal confidential information (bank or credit card numbers). The cybercriminals pretend to be a representative of a reputable company.
- Smishing (SMS phishing): The malicious URL gets to you in an SMS. In this case, the attacker can also ask you to reply to the message.
- Spear phishing: Unlike phishing attacks, this variation is targeted to a specific individual. The threat actor can be after financial, personal, employer, or other information. About 91% of attacks account for this type.
- Whaling: This is similar to phishing, but the attacker goes after people that possess a significant amount of valuable data. Senior executives are a typical target for these attacks. However, these are harder to carry out, as the victims are more knowledgeable than the general audience.
- Pretexting: The threat actor makes up a story or a situation (the pretext) where the victim has to provide personal information for a supposed reward. One example is “receiving” a heritage (house or money).
- Pharming: This word is a combination of “phishing” and “farming.” The attacker creates a fake website that looks like a legitimate one and sends traffic to it. There, the website acts as a host of malware or some information-stealing mechanism.
Another category of attacks doesn’t require the victim to take action. These include:
- Dumpster diving: As the name suggests, the cybercriminal searches for information in the victim’s trash.
- Shoulder surfing: The threat actor obtains personal information while the victim is oblivious during data entry into a device. For example, someone could overlook your credit card pin while you’re at the ATM, then steal your physical card and gain access to your funds.
- Mail theft: This is the act of stealing information from a physical mailbox.
To this point, we were talking about methods of vulnerability exploitation. But what happens when the attacker gets into your device? Here are a few was the situation could develop:
- Identity theft: This is the process of acquiring the victim’s personal information (credentials, ID, or credit card number). Later the cybercriminal uses it for fraudulent activity or other crimes.
- Privacy invasion: While identity theft causes an external vulnerability, privacy invasion brings third-party threats to your door. Collecting and selling personal data can result in anything between unwanted ads on social media and scare-inducing messages.
- Malware (malicious software): This is a file or code usually delivered due to a phishing attack. Once the person clicks the link, their software gets infected. Viruses can infect anything from a single file to taking down whole networks.
- Man-in-the-middle: This is a type of eavesdropping attack. After intercepting the online communication or transfer, the attackers pretend to be legitimate participants.
As both software and hardware evolve, threat actors also develop new methods and tactics. Thus, businesses and individuals need to protect themselves against emerging threats actively. Go to the next module to learn more about recognizing a phishing attack when you see it.