The Different Types of Threat Actors

With cybersecurity breaches on the rise, it’s important to understand the different threat actors behind these attacks, their capabilities and what motivates them. Threat actors do not all have the same motivation, however they will always be ‘motivated by a purpose’. To really grasp this, we have to think about the level of fear of attribution (getting caught by the appropriate authorities) for each individual threat actor. One assumes that the ultimate goal of a cyber-attack is for financial gain, but this isn’t always the case; especially when talking about hobbyists.  

Hobbyists 

Hobbyists, often referred to as ‘script kiddies’, are usually low-skilled hackers and are typically acting alone, without a lot of financial resources. Their motivations usually lie within the realm of improving their reputation, by finding vulnerabilities within a technical system and exploiting them; essentially hobbyists are ‘curious’ about technology. But what kind of cyber-attacks do hobbyists perform? Well, there are a variety of attacks that are of a low-level. This includes: 

• Defacing a website- basically graffiti on a website. 
• Denial of service attack- stopping the service of a specific application server by throwing enough packets at a target until it cannot respond. 
• A SQL injection attack- this is essentially used to expose more content than was intended to be displayed, by tricking the database from altering the URL.  

Due to hobbyists adopting more of a grey area in terms of the law, mainly crossing lines and violating confidentiality/integrity, the fear of attribution isn’t particularly high. 

Cyber criminals 

These threat actors are usually part of an organised cyber-crime network.  But how much of a threat are these actors? The skill levels of these criminals do vary; however, it is to be assumed that they are more advanced than hobbyists and their motives are of financial gain. They also have greater resources than hobbyists which makes them a much larger threat to businesses and organisations. Their main focal points are ‘fraud, theft and extortion tactics’ with the outcome being to make money from your sensitive data.  

Hacktivists  

Hacktivists, derived from combining the words 'Hack' and 'Activism', are very different from other threat actors. They are essentially hackers with a set of political, philosophical, or religious objectives that they carry out through hacking. Their main focus is on ‘exposing information, defacing websites, and a denial-of-service attack’.   

But are hacktivists a real threat? Well yes and no, it solely depends on the particular agenda of the hacktivist. They mostly have legitimate messages which they are passionate about, usually surrounding an injustice and the hacking is more of an ‘expression’ of their opinions. So even though their methods aren’t directly a threat, the aftermath can range from ruining the reputation of a company to the exposure of terrorist organisations.   

Advanced Persistent Threat

The last and frankly most concerning actor is the Advanced Persistent Threat actor. To fully understand their capabilities and motives, let us first unpack the name- they are advanced due to the highly skilled nature of their hacking abilities and unlimited resourcing, and they are persistent because of their constant engagement with their chosen targets. Once set on an objective, these hackers will not stop until they are complete.  

But what are their motives? Well, these threat actors are well-funded with government training and support, which also means they are the least concerned about attribution. Their goals are either surrounding nation-states (which they are also referred as) or geopolitical with their main purposes including espionage, sabotage and supporting military operations- stealing trade secrets and other highly classified information. But what type of attacks do advanced persistent threat actors perform? Deep penetrations into government and corporate networks; including phone systems. They also create ‘disruptive campaigns to cripple infrastructure’ which can lead to catastrophic results like taking down a power grid.  

Protect your business against threat actors

Securiwiser can monitor and scan your website to identify breaches from potential threat actors. Sign up today to get your FREE scan and cybersecurity report.