cyber Adventura

Today, we have just received the news that a number of European banks have been subjected to cyberattacks ! Immediately a question crosses our mind !! Who is behind those attacks ?? The news outlets call them as hackers, hactivists etc, but they have formal name , ‘Threat actors‘ !!

Threat Actors can be loosely defined as states, groups, or individuals who aim to cause harm by exploiting a vulnerability with malicious intent. A threat actor must be trying to gain access to information systems to access or alter data, devices, systems, or networks.

Hackers, hactivists, cybercriminals, State sponsored actors, the categories of Threat Actors are different and they are categorised according to their skills, sophistication of their attacks and the motivations that drive them. Ever wondered who are they and what are their motivations behind their act ?

Here are some common types of threat actors:

• Hackers: These individuals or groups exploit vulnerabilities in computer systems or networks to gain unauthorized access, steal data, disrupt operations, or cause damage.
  • Black Hat Hackers : Black hat hackers work against organizations or government agencies in an attempt to break into computer networks or systems with malicious intent. Black hat hackers often work alone or with organized crime groups and employ a number of techniques to hack their targets, including social engineering, hacking passwords, infecting devices with malware, logging keystrokes, or creating botnets to execute a Distributed-Denial-of-Services (DDoS) attack.
  • White Hat Hackers : White hat hackers, also called ethical hackers, work with organizations or government agencies to identify vulnerabilities and protect cyber systems from malicious hackers. Unlike other types of hackers, white hat hackers always have permission from the organisation or agency they work with to hack into computer networks or systems. Sometimes the process is gamified in the form of bug bounty programs – competitions that reward hackers with cash prizes for reporting vulnerabilities. But remember , these are the good guys.
  • Grey Hat Hackers : Grey hat hackers fall somewhere in between white hat hackers and black hat hackers. Grey hat hackers hack into computer networks or systems in order to draw the target’s attention to vulnerabilities or potential attack paths and then charge a fee to fix the issues they’ve discovered. Most often, this type of hacker exploits security issues without malicious intent, but it is done without permission and often through illegal tactics. Gray hat hacking is thus illegal, as the hacker has not received permission from an organisation to attempt to infiltrate their systems.
  • Green Hat Hackers : Green hat hackers are beginners and often seek out information from more experienced members of the hacking community. Although green hat hackers may not always have the necessary skills or knowledge to launch a coordinated attack, they can still cause serious damage if they don’t have a clear understanding of what they’ve done or how to fix it.
  • Blue Hat Hackers : Blue hat hackers are most similar to white hat hackers: they’re security professionals working at consulting firms that are hired specifically to test a system prior to its launch. Sometimes, blue hat hackers also target individuals or companies in retaliation for some wrongdoing without putting much thought into the consequences of their actions.
  • Red Hat Hackers: Red hat hackers are often seen as the “dark horses” of the hacking world, working alone or in private groups to disarm black hat hackers. Unlike white hat hackers who turn black hat hackers into the authorities, red hat hackers often focus on destroying resources and doing harm.
  • Script Kiddies : Unlike other types of hackers, script kiddies are often motivated by boredom and don’t write their own computer scripts or code. Instead, they insert existing scripts or codes into viruses or applications to hack computer systems belonging to others. In the hacking world, script kiddies are notorious for being relatively unskilled and immature compared to other types of hackers.
  • Hacktivists : Hacktivists are often considered black hat hackers, but their motivations for hacking are political. Whether they’re concerned with preserving free speech or exposing instances of human rights violations, hacktivists target individuals, organizations, or government agencies.Most of the time, hacktivists believe they’re trying to enact a positive change in the world. For example, the hacking group Anonymous is well-known for its numerous cyberattacks against several governments and have been called “freedom fighters” by their supporters.Of the different types of hackers, the term “threat actor” most directly applies to black hat hackers, blue hat hackers, script kiddies, and hacktivists.
• Cybercriminals: These actors are motivated by financial gain. They engage in activities such as identity theft, credit card fraud, ransomware attacks, or selling stolen data on the dark web.
• State-Sponsored Actors: These are government-backed entities or agencies that conduct cyber espionage, sabotage, or other cyberattacks to further their political, economic, or military objectives.
• Insiders : Insiders are individuals with authorized access to systems or data who misuse their privileges for personal gain, revenge, or other malicious purposes. This category includes disgruntled employees or contractors.
  • Malicious Insiders: Malicious insiders are individuals who have access to the corporate environment and decide to turn against their employers by helping threat actors; usually for monetary gain.
  • Incautious Insiders: Incautious insiders are employees who may not have malicious intent but end up causing a data breach due to their carelessness. They might click on a phishing email, install unapproved software, or lose their corporate devices.
• Business Competitors : Business competitors can be another threat actor that can harm organisations. Competitors can gain access to organization secrets that are typically secure. Organizations can try to gain a stronger knowledge of business intelligence to protect themselves against a competition threat actor.At times nation states use this route to exfiltrate information to create capacity in their own country.
• Thrill-seekers : Thrill-seekers are threat actors who attack computer systems or networks for personal enjoyment. Whether they want to see how much data and sensitive information they can steal, or they are interested in how specific networks and computer systems operate, thrill-seekers may not necessarily intend to do much harm to their targets. However, they can interfere with computer systems and networks or exploit vulnerabilities for more sophisticated cyberattacks in the future.
• Organized Crime Syndicates: Some criminal organizations have expanded their activities into cyberspace. They conduct various cybercrimes, including financial fraud, data breaches, and ransomware attacks, to generate illicit profits.
• Cyberterrorists : Cyberterrorists launch politcally or ideologically motivated cyberattacks that threaten or result in violence. Some cyberterrorists are nation-state actors; others actor on their own or on behalf of a non-government group. 
• Advanced Persistent Threat (APT) Groups : APT groups are sophisticated threat actors often associated with state-sponsored or highly skilled attackers. They conduct long-term, targeted attacks against specific organizations or industries, focusing on espionage, data theft, or disruption.

Here are some examples of threat actors from the past, present, and potential future ones:

Past Threat Actors:

1. Kevin Mitnick: A notorious hacker in the 1980s and 1990s, known for his social engineering skills and hacking into numerous high-profile computer systems.
2. Stuxnet: A sophisticated worm discovered in 2010, believed to have been developed by a joint effort between the United States and Israel. It targeted Iran’s nuclear facilities and is considered one of the first major instances of state-sponsored cyber warfare.

Present Threat Actors:

1. APT28 (Fancy Bear): A Russian state-sponsored hacking group known for targeting governments, military organizations, and political entities worldwide.
2. Lazarus Group: A North Korean state-sponsored hacking group associated with various cyberattacks, including the 2014 Sony Pictures hack and the 2017 WannaCry ransomware attack.

Potential Future Threat Actors:

1. Artificial Intelligence (AI)-driven attacks: As AI technology advances, there is a concern that threat actors could leverage it to develop autonomous and sophisticated attack methods that are more difficult to detect and mitigate.
2. Non-state actors and hacktivist groups: With the increasing accessibility of hacking tools and techniques, non-state actors and hacktivist groups may continue to pose significant threats by targeting governments, corporations, or individuals for political or ideological reasons.
3. Contagion based attacks : As industries converge and different disciplines interoperate, criminal and fringe groups will learn from each other and mount attack with domain knowledge of their different spheres. We are already witnessing Money Laundering and cyberattacks converging together.

It’s important to note that the landscape of threat actors is constantly evolving, and new actors can emerge as technology advances and new geopolitical dynamics unfold.