Discover Threat Types
After completing this unit, you’ll be able to:
- List types of threats.
- Identify key characteristics and motives of each type of threat actor.
Who Are We Up Against?
Whether you know it or not, today’s networks, users, and devices are under constant assault. The way we shop, bank, and communicate has moved to the online world and with that comes the risk of losing sensitive information. The way we navigate this online world and our digital footprint is more difficult to navigate than ever without losing critical financial data, health records, and other information.
Most personal digital security strategies start with implementing tools like antivirus software and password managers. But that’s putting the cart before the horse. The most critical first steps are to understand who you’re defending against and which tactics they use. In order to protect yourself, it’s super helpful to understand each attacker’s motivations to identify the necessary resources to protect your data. Ultimately, the more we understand the motivations, intent, and capabilities of the adversary, the better we are prepared to protect ourselves from potential attacks.
Digital adversaries go by a lot of names—explorers, hacktivists, cyberterrorists, cybercriminals, and cyberwarriors, to name a few. These categories help clarify what a cyberattacker’s motives and strategies are, which is critical to determining what sorts of security solutions you need to put in place to defend yourself. Before we dive into these adversaries, let’s talk about two threats that you may not have thought about before: insiders and human error. The approach to dealing with these threats is substantially different from the methods to prevent other attacks because they come from within and may not even be intentionally malicious in nature. Let’s take a closer look.
Meet Sean. He’s an employee at a media company. However, even he can be a threat to an organization, its data, and its brand reputation. Both current employees like Sean and former employees possess valuable knowledge about a company and are capable of committing crimes that may cause irreparable harm to the organization.
An insider is anyone who has authorized access to resources. An insider threat is the risk an insider will use their authorized access, wittingly or unwittingly, to do harm to their organization.
A malicious insider is connected to the organization or person they target, and wittingly targets it for an attack. For example, say Sean just learned that he’s going to be fired. He is very unhappy, and decides to destroy some of the data he has access to. Like Sean, truly malicious acts are seldom impulsive. Something happens that contributes to a trusted insider evolving into a malicious insider. For this reason, it’s key to consider what access insiders have, and what events might cause them to be malicious. In your personal life, this might involve changing the password on your phone or computer that you had shared with your boyfriend who you are about to break up with. Or monitoring your bank account to make sure a family member you’re quarreling with who has access doesn’t suddenly withdraw a large amount of funds.
In countering insider threats, it helps to build a culture of trust. This includes spending more time explaining and raising awareness about cyber risks and their implications, enforcing cybersecurity procedures, and showing how individual behavior can help or hinder the organization’s mission. Other mitigations include using the principle of least privilege, which gives users only the access they need to complete a task, and nothing more.
Sometimes insider threats can even be unintentional, through human error. Let’s take a look.
Human error is the root cause of almost every single data breach. Errors can result from not following security best practices correctly, failing to back up sensitive information, or not being aware of people around you when you are looking at or discussing confidential information. Be wary of suspicious requests, attempts by unknown persons to contact you, and unsolicited information that comes to you in any form of communication. You can end up doing something accidental and put your sensitive data at risk, such as clicking a phishing email or something negligent, such as not following security best practices in order to complete a task faster. These actions can result in some form of security compromise, albeit unwittingly.
Much like insider threat, building a culture of trust can help mitigate human error. In addition, encouraging security-minded behavior can help keep security at the forefront of everyday actions, preventing costly mistakes from occurring in the first place.
Now that you understand a little bit more about the risks posed by insider threat and human error, let’s take a look at some of the more typical cyber threat actors you may be familiar with.
Meet Dread386. He has a large digital community—though he’s never actually met any of them in real life—and he tries to outdo them with different types of hacks. He’s after notoriety, plain and simple.
Dread386 is mostly curious about what kinds of weaknesses are out there, what he can do to exploit them, and how far he can get into these systems. He wants to explore for fun but doesn’t necessarily mean any harm. Sometimes he changes a page on a website to embarrass someone or to show the world how clever he is. But he doesn’t do any serious damage.
Explorers typically try various ways to get login credentials to the systems they want to get into. There are lists online of the most commonly used passwords. Those can be useful, but not very efficient. Instead, explorers find ways to trick people into telling them their account names and passwords directly.
Now let’s introduce you to Suzette, a Hacker + activist, or hacktivist. She’s motivated by political, social, or moral outrage. Her goal is to attack targets that represent things she doesn’t agree with, such as specific corporations, political or social orgs, or even individuals.
Suzette uses a ton of tools to advance her causes—one of the most common being a denial-of-service (DDoS) attack. These attacks target “enemy” websites by inundating them with so much bogus traffic that their servers become unable to respond to legitimate requests.
Now let’s introduce you to Jules, a member of a cyberterrorist group.
His goal is to intimidate and strike terror into the hearts of his enemies by causing disruption, mayhem, and damage. His motivation is purely ideological.
Unfortunately for Jules, his group isn’t usually well-funded, so his key tactics vary. He uses whatever resources he can to attack the enemy’s high-profile targets. He attempts to disrupt internet services, infiltrate systems to steal sensitive data, or expose personal data about people the group wants harmed. He also threatens to corrupt critical information such as healthcare or voting records, hoping to throw entire industries or government systems into disarray. Because cyberterrorists don’t usually have a lot of resources, they don’t develop much of their own malicious tech. Instead, they borrow and steal what they can, wherever they can find it.
Meet Evan. He’s part of an organized crime syndicate that operates purely online.
While some small-time cybercriminals operate alone, making a little money here and there, his group is larger. They have the resources to hit bigger targets, and their motivation is money—pure and simple.
So far, Evan’s prime targets have been networks that have point-of-sale credit card terminals. If he can break into those networks and get their credit card data, then he can turn around and sell that info to any number of buyers or even use those cards himself.
Once he’s inside those networks, he can also grab personally identifiable information like phone numbers, addresses, government-issued personal identification numbers, and more. One especially rich set of targets for Evan is systems that hold healthcare data because they can contain so much information about individuals—making identity theft an easy task for an attacker.
Lt. General Anderson is in command of her nation’s elite force of cyberwarriors. Her group is motivated by, and acts in, the national and military interests of their country’s government. They are well-funded and have the resources to not only use any exploit method that exists but also develop new ones on their own.
Unlike the other actors you’ve learned about, cyberwarriors don’t have a singular focus. Their missions range from espionage, extortion, and embarrassment to using targeted cyber weapons to disrupt, damage, or destroy critical infrastructure. To complete those missions, they use a variety of attack methods. Heck, they use them all!
From everyday human error to mighty cyberwarriors, it’s no surprise your information is at risk. But how, exactly, do attackers target your information? We cover that next.