Welcome to this new Cybersecurity tutorial where we will be talking about Cybersecurity Threats Actors.
Our goal as cybersecurity professionals is to protect our systems and information from unauthorized access and modification. Indeed, we want to ensure the confidentiality, the integrity of our data and the availability of our systems when needed. Remember the core principle of the CIA triad. What? wait, why do we need to protect our systems and information? Against who? Against what? Well, it is because there are some “bad” guys in the digital world whose intention is to steal our sensitize data like credit card information, bank accounts information, intellectual property and use them maliciously on our behalf. They can even make our systems unusable. These “bad” guys can also get access to our data and modify them making them unaccurate. Imagine your bank balance being 10, 000 dollars today and the next day, when you recheck, you find out that your bank balance is now 100 dollars. Imagine the chaos this will bring if it happens to thousands of individuals. These bad guys that can exploit vulnerabilities or weaknesses in our system to cause harm to us are what we call Threat Actors. They have different motivations, goals, ressources, funding and level of sophistication. This tutorial provides individuals who are new or complete beginner to the cybersecurity threat actors topic with a comprehensive introduction. Now, let’s dive into this digital “bad guys” .
1. Definition of Threat, Vulnerability and Threat Actors
A threat in the context of Cybersecurity is any action taken with the intention to harm our systems and to compromise their confidentiality, integrity and availability, the so-called CIA Triad.
A vulnerability is any weakness in our system’s design, implementation, or security procedures that could be exploited by individuals in order to cause harm.
A threat actor is any individual or entity trying to exploit any vulnerabilities in a system in order to cause harm. These are the “bad guys” from whom we need to protect our systems. But who are these guys who would like to compromise the security of our systems. Well, they have specific categories, different motivations, different level of sophistication.
2. Categories of Threats actors
Threat actors can be categorized in two groups namely the internal and the external threat actors.
The internal threat actor also known as insider threat is any individuals or entities within our organization whose action can cause harm to our system intentionelly or unintentionelly. You can see internal threat actors like traitors.
The external threat actors are individuals or entities external to our organization aiming at causing harm to our systems.
But, wait a second? For what reasons will these people want to attack and compromise our systems. Well, there are many reasons including financial gain, secret theft, revenge. Let’s discuss now the different types of threat actors we have and their motivations, ressources and level of sophistification.
3. Types of Threat Actors and additional attributes
In this section, we will list different types of threat actors whether internal or external that can cyber attack our systems and also let’s highlight their motivations, their level of ability or sophistification and the kind of ressources they have at their disposal. It is crucial to know these different threat actors because this allows to harden our systems properly. This is also very important in risk identification and assessment. In fact, if your systems present some vulnerabilities for which there are no potential threat actors, we can say that there is no risk. The other way around is also true because if there are threat actors that might attack your systems whereas there is no vulnerability, we can also state here that there is no risk. And of course, if there is a vulnerability in your systems that can be exploited by threat actors be it internal or external, there is a risk. Once a risk is identified with associated vulnerability and threat actor, having a good knowledge on the attributes of threat actors will help you in your risk assessment. Basically, if these threat actors are highly skilled, posess sophisticated tools and high ressources, it means they could break your systems very quickly with too much harm making the impact of the risk very high. I hope you got how important having knowledge in threat actors is important. Of course in addition to vulnerabilities knowledge. Enough talk😅, let’s delve into the topic with the threat actors called Scripts Kiddies.
3.1 Script kiddies
Script kiddies are the less skilled threat actors. They have limited technical skills and knowledge and use tools created by more skilled hackers to conduct cyber attacks. They mostly use tools with Graphical User Interface and would just enter an IP address of the target in a dedicated box in the tool and just click a button to execute a DOS attack for example by using a tool like Low Orbit Ion Cannon (LOIC). Please, keep in mind that the goal of this tutorial is not to give you knowledge to attack systems of third parties. The knowledge shared here purpose is for awareness so that you can properly protect your systems 🤲🤲. Now, let’s talk about the next threat actor, the hacktivist.
3.2 Hacktivist
Hacktivist are individuals or group of individuals with technical skills using their knowledge to attack systems for a political or social cause. Hacktivism is a portmanteau of “hacking” and “activism” and unlike traditional activism that involves protests, demonstrations, hacktivism involvess cyber operations.
Hacktivists are motivated by political, philosophical and social reasons. In fact, they may target organizations they see as opposing their beliefs for various causes, such as human rights, environmental issues, or freedom of information. They usually used various methods and tools to attack system and carry out attacks like DDOS (Distributed Denial Of Service), Websites defacement, doxing and leaking of sensitive Data. Distributed Denial of Service (DDoS) is a cyber attack that consists in overloading a target’s servers with traffic to make its services unavailable. Website Defacements is an attack that is carried out by changing the appearance of a website to convey a political message. Doxing is a form of online harassment or privacy invasion where an individual’s private information is exposed on the internet without their consent. We will discuss more about the different cyber attacks in another tutorial.
Here are the names of some famous hacktivists :
- Anonymous: A loosely associated international network known for various cyber operations.
- Lizard Squad: Involved in DDoS attacks and known for targeting gaming networks.
- WikiLeaks: While not a traditional hacktivist group, WikiLeaks has been involved in releasing classified information to promote transparency.
3.3 Nation State Actors
Nation-state actors, often referred to simply as “nation-states” or “state-sponsored actors” or are entities that are directly tied to and supported by a government to conduct cyber operations. These operations can include cyber espionage, cyber warfare, and various forms of cyber attacks. Unlike individual hackers or hacktivist groups, nation-state actors typically have significant resources, sophisticated capabilities, and strategic goals aligned with the interests of the sponsoring government. Nation State Actors are also known as “Advanced Persistent Actors” or APT for short because of their ability in gaining persistent access to systems they attack. They might gain access to systems and keep it persistent for several weeks, months or even years before they are detected. In most situations, they are never detected. I personally think that Nation State Actors are the most sophiscated hackers. Do you think the same? If not, not hesitate to mention it in the comment section😉.
3.4 Organized Crime Groups
Organized Crime is a group of individuals highly skilled with important ressources who gather to carry out criminal activities in the digital world. Those people are mostly motivated by financial gains. Due to their high level of sophistication, they can unfortunately cause tremendous damage. Indeed, they will use advanced hacking techniques and tools like ransomware, sophisticated phishing attacks. Organized crime groups can be also hired by governments to conduct malicious activities in coordination with Advanced Persistent Actors or Nation State Actors.
3.5 Insider Threats
Insider threats are individuals within the organization who already have access to critical systems or data that carry out malicious cyber activities like data theft, intellectual property theft, sabotage, fraud etc. Insider Threat Actors motivations vary from individuals. Some will be motivated by financial gains and some by revenge, job dissatisfaction, career advancement etc. It is important to mention that some insider threats are not driven by malicious intent but rather by negligence or lack of awareness of Cybersecurity Best practices. Individuals within an organization may accidentally expose sensitive information or compromise security through unintentional actions. That’s why it is crucial that organizations offer cybersecurity best practices awareness trainings to employees.
Delving into the realm of “threat actors” within the security domain proves to be of paramount importance in an ever-evolving digital landscape. Whether in the realm of cybersecurity, organized crime, or other sectors, these actors play a pivotal role in shaping and executing potential threats. Understanding their motivations, methods, and specific objectives is crucial for formulating robust protection strategies.
We’ve explored various types of threat actors, from script kiddies to insider threats, cyber organized crime groups, and digital activists. Each of these actors possesses distinct motivations, specific skills, ressources and level of sophistication.
The significance of this understanding extends beyond security professionals, impacting individuals, businesses, and governments alike. Implementing proactive strategies, such as user awareness programs, zero trust architecture, systems patching, proper configuration of security devices are examples of measures that can help safeguard our systems against these threats.
Ultimately, digital security demands a holistic approach that integrates technology, individual training, and global collaboration. By remaining vigilant and continuously understanding the evolving landscape of threat actors, we are better equipped to confront contemporary security challenges and safeguard our systems against emerging threats.