Cyber security for beginners: Part 11
Hey all! In this blog, we are going to discuss the various types of threat actors that exist in the digital world. The threat actors are classified based on various attributes such as Internal/External, Level of sophistication, Resources, and Motive. The actors differ from each other based on their specialized attributes.
Before we dive into the various types of threat actors, let’s first explore the attributes that govern the behavior of these actors. The 4 main attributes associated with a threat actor are:
- Internal/External
- Level of sophistication
- Resources
- Motive
Threats can occur either internally within an organization or it can be from an external entity. The first characteristic of a threat actor is their position relative to the target. If they are within the target organization and are conducting their attacks from inside, then they are known as internal threats. On the other hand, if a threat actor performs the cyber attacks from outside or using the public internet, then they are known as external threats. In terms of the impact, internal threat actors are more dangerous than external threats. This is because, an insider has more knowledge about the organization and a better understanding of the organization’s structure, policies, standards etc. The second attribute is the Level of sophistication or capabilities of the threat actor. Capability refers to the skills that an actor possesses. The level of sophistication of a threat actor determines whether it is easy to defend against them or not.
The third characteristic is the Resources available to a threat actor. Based on their objectives, the threat actors could be operating on their own or they could be backed by a sufficiently large entity. The resources available to these threat actors determine the level of sophistication and the difficulty to detect their attacks. The final attribute associated with a threat actor would be their motive or intent. Different threat actors would have different goals and objectives.
Classification of threat actors
Following are some examples of threat actors in today’s world:
Now, lets explore each of these categories and their characteristics.
- Script Kiddies
Script kiddies are people who have no expertise in the hacking field. They use pre-built tools and software made by other cybersecurity people for performing the hacking activities. Script kiddies can exist both internal and external to a target and their capability is very low. Usually, they cannot bypass any security defenses deployed by a target, if they ever come across one. They usually have very limited resources to perform their hacking activities and they normally do it for fun or to gain fame. But its not to say that they are not dangerous. If they ever come across an unprotected target, they can easily break into it using the tools which are available over the internet. Simple defensive mechanisms like firewalls, Anti-malware software etc. is enough to discourage them performing an attack.
2. Criminal syndicates
These are the usual unethical or black hat hackers that we talk about. They are usually external to a target they are attacking and can be experienced in what they do. They can have sufficient funding for performing the illegal activities or they can be limited. The main motive of such cyber criminals is money. They may create ransomwares, may perform extortion, phishing or other activities to demand money from their victims. Proper cybersecurity defenses need to be developed to protect against these types of threat actors.
3. Hacktivists
Activists who use digital means to support or achieve socio-political objectives are known as hacktivists. Hacktivists are usually independent groups which targets specific organizations, individuals, or other entities to spread their agenda. They are an organized group of individuals who have sufficient capabilities to perform large scale cyber attacks and would have enough resources to perform their objectives. One popular example of a hacktivist group that most of us would be familiar with is Anonymous.
4. Nation State Actors
These threat actors are the most advanced in terms of capability and resources available to them. They are usually backed by the governments of their respective countries to carry out sophisticated cyber attacks against other countries, governments, organizations, individuals, etc. The motive or intent of such groups varies based on their objectives but it is safe to say that financial gain is not one of their primary goals. Nation state adversaries are also known as APTs (Advanced Persistent Threats). The attacks performed by such adversaries are very sophisticated and it is very difficult to detect such attacks. The victims of such attacks generally takes a large amount of time to detect the presence of APT groups in their networks since these groups are trained to lay low and persist for a long time. Examples of famous APT groups include Lazarus group of North Korea, Fancy Bear from Russia, Charming Kitten from Iran etc. Many such groups exist and more information about them can be read from the blogs posted in the additional resources section of this article.
Alright then, that’s the end of this blog on threat actors. Keep in mind that you may come across other categories of threat actors but these are the most common ones that you need to know about. See you guys in the next blog!
Additional resources:
Infamous APT groups:
Cybersecurity threat actors:
Threat actors:
