Member Article

Who are the cyber attackers?

In every crime, the police work hard to determine the basics of Who, Where, When, Why, and How. The process is the same in the cyber landscape, where IT security professionals try to identify and understand the criminals targeting their organisation. Whilst the make up of threat actors and types of attack change by industry and sector, the types of cyber criminals involved are the same. There are the good guys and the bad guys, and the people that make mistakes.

Armed with information about the types of threat actors and their motivations, organisations can start to tell their enemies from their allies. Only then can an organisation thwart the first, while educating and supporting the second.

Security researchers

Security researchers are the white knights of the cyber crime world. These “ethical hackers” are often employed as part of security teams, but are sometimes students, independent operators, or IT workers that have become security enthusiasts. Their motivations vary, from the promise of a pay check, to the glory and credit of halting a damaging exploit and foiling the cybercriminal’s plan. The varied motivations and background of security researchers means a similar variance in skill level, as well as determination. Experienced security researchers often use mapping and reconnaissance tools and custom-designed software.

Nation state hackers

Nation state hackers are usually government-funded groups, motivated by patriotism and a dedication to national security. Their goals include surveillance, command and control, military power and even financial or strategic control. Extremely skilled, organised, and tactical, nation state hackers are typically well funded, with abundant resources. They are either employed directly or contracted by government agencies as part of ongoing cyber-defence efforts. A recent example of a nation state attack is the collaboration between the US and Israeli governments to create the Stuxnet worm, which was designed to slow Iran’s progress towards building an atomic bomb.

Hacktivists

Hacktivist attacks have been going on for years. They involve politically-motivated cyber criminals, who, like other activists, hold their own political agendas, often pursuing activities that expose wrongdoing. Their skill level is typically intermediate at best, but occasionally they do include trained professionals. The goals of the hacktivist usually fall in to three categories: exposing information; changing or defacing information; and denying access to services. To this end, the hacktivist’s preferred methods of attack include off-the-shelf tools and toolkits, as well as DDoS attacks. Unlike other types of hackers, hacktivists often lack the financial backing for more advanced attacks. They tend to react to news stories, and conduct activities with set deadlines. There is often coordination and communication between individuals, which has resulted in the growth of hacktivist groups such as Anonymous. There have been very few reported incidents of the more sophisticated hacktivists being caught or prosecuted for their crimes; those that have been caught have often included teenagers or college students.

Organised criminals

These are professional criminals motivated by money. They hack to steal data, money and computing resources. Organised criminal hackers are well funded and prepared, and often have relations with nation state hackers or even hacktivists. Operating at a highly sophisticated level, they diversify their skill sets with a sophisticated supply chain – one person does the hacking, one does the exploit writing, another group handles tech support. These cyber criminals perform reconnaissance, before targeting the easiest and weakest links in an organisation, with the fastest financial return. For example, earlier this year Snapchat fell foul to a phishing scam, which resulted in the breach of over 700 employees’ personal data.

Terrorist hackers

Terrorist hackers are the most recent persona to enter the threat landscape. Motivated by politics or religion, these cybercriminals work with high levels of determination and persistence to achieve a political end. Similar to hacktivists, terrorist hackers are highly coordinated and strategic, with techniques reminiscent of other hacker personas; using organised crime techniques to attain money, or hacktivist techniques to gather data. With lack of funding, it is rumoured that terrorist hackers participate in organised crime as a means to fund other activities. Recent examples of successful attacks include Islamic State hackers hijacking US military social media accounts. Ironically, the bad guys occasionally bicker amongst themselves. It was recently reported that Anonymous fought back against Islamic State’s Doxxing attacks by hijacking their social media accounts.

Insiders

Unfortunately, as humans, we make mistakes. People lose their laptops, or write down passwords on scraps of paper. People download PowerPoint slides sent via email, and insert USB drives into their laptops to copy files. Security tools, policies, and repeated education are the best defence against mistakes and weaknesses in the human element of your ecosystem. Another element of the insider threat is malicious insiders and other disgruntled individuals. These actors can be a lot harder to stop as they may already have the required access privileges to sensitive information.

So how do we defend ourselves?

We’re in a raging cyber arms race, but the basics are always the best place to start. A common-sense approach to security will take you a long way. Scan your most critical systems, patch what you can, as soon as you can and encourage your developers to learn secure coding practices. Moreover, businesses must ensure they are educating every employee on the policies and procedures that will help them become security advocates. Only then will businesses stand a fighting chance against the growing numbers of malicious actors out there today.

This was posted in Bdaily's Members' News section by Ryan O'Leary .