Threat actors: From script kiddies to nation states
Historically, businesses have faced multiple existential threats such as economic downturns, regulatory changes, market competition and more. But in the last few decades, with the advent of the internet, the massive shift towards digital transformation and the complications of a remote workforce, cybersecurity incidents have become one the most important threats faced by companies of all shapes and sizes.
In this article, we will look at the different types of threat actors, from lone-wolf “script kiddies” to sophisticated nation-state sponsored groups. We will then do a brief history lesson on where it all started and how we got here.
Subsequent articles will look at all these subjects in deeper detail.
Types of Threat Actors
For most people, when you say the word “hacker”, they picture a dark basement with a hooded character sitting in front of multiple screens, for example, look at the photo accompanying this article. (Fun fact: I took this photo from an article titled "Top 10 Cliche Stock Photos You Need To Stop Using Right Now!"). Reality is a lot more complicated than this Hollywood trope. We will explore the different categories of threat actors and their motivations. It is important to note that the lines can get very blurry as there can be a lot of overlap.
Lone Wolves
A lone wolf actor is the closest resemblance to the scenario listed above. As the name alludes to, they act alone. Their skill levels can range from absolute beginners to highly skilled and their motivations can be something simple like curiosity, or harmful like extortion. While they do not have inside knowledge or the support of a group, highly skilled Lone Wolves can be difficult to detect since they do not typically have signature sets of tools, tactics, and techniques.
Insiders
As the name suggests, an insider threat is a person or group within an organisation that has access to private data/systems. This allows them to exfiltrate data or even install malicious software/hardware in the environment. Once again, their motivation can vary widely, we can easily think of a few: financial gain, job frustration, and more. With the proper security controls, we can detect and mitigate a lot of the attack vectors but this is still a significant threat to any organisation.
Hacktivists
The motivations of this group are easiest to define, they will tell everyone that wants to listen; they are the digital equivalent of a mob protest. Hacktivists use technology against their targets to bring awareness to their cause. Some of their techniques have traditionally included defacing websites, bringing down systems through DDoS attacks, and leaking private information about their targets to the general public.
Cyber Criminals
This ever evolving group of threat actors will need a lot more than a simple introduction, they will be the focus of an upcoming article. Their motivation is mostly always financial, and they will go to any length to make money. Cyber Criminals encrypt and steal our data then make us pay to get it back, they impersonate our colleagues then ask us to transfer money to the wrong bank accounts, they create clandestine online markets where people can buy things such as weapons, drugs, stolen credit cards, malicious software, and criminal services. The most sophisticated of these groups have corporate structures with business units such as Tech Support, HR, Finance, etc.
Nation States
This is another complicated subject that will be the focus of a future article. State Sponsored Threat Actors are some of the most sophisticated and capable groups. They are either directly connected or have a direct relationship with a nation’s government. Their mandate is to clandestinely support the government’s objectives, whether it’s gaining financial/strategic information, infiltrating critical infrastructure systems to gain a military advantage, stealing intellectual property to bolster their own economy, etc.
History of Cyber Threats
Now that you have a better understanding of the types and motivations of threat actors, let’s look at a very brief history of how we got here.
Ever since digital machines made their appearance, there have been groups and individuals using them for malicious purposes. In the early years, this was mostly done for research purposes or simply for laughs. One of the earliest known examples of using a computer system outside of its intended purpose is in the late 1950s when a group of students at MIT known as the Tech Model Railroad Club got the school’s new IBM 704 computer to control the switches and signals of their model railroad system. Fast forward to the 1970s when John Draper (aka Captain Crunch) used a toy whistle from a box of cereal to mimic telephone tones and make free long distance calls (trivia : the long running computer magazine called 2600 refers to this whistle’s frequency).
In the essence of time, we will skip 30 years, but if you want to do some reading, you will find stories about “The Cult of the Dead Cow”, “The Chaos Computer Club”, “Kevin Mitnick”, “The Morris Worm”, and many more fascinating stories.
The early 2000s brings us into the Internet Era and the rise of Hacktivism notably by the collective known as Anonymous. This group used various attacks to take down websites and disrupt online services. By the late 2000s, we started seeing sophisticated attackers hone their crafts: cyber criminals infecting vulnerable devices to create botnets, ransomware groups targeting big corporations, nation-state sponsored groups were conducting cyber espionage and more. Some of the more famous attacks are:
The Stuxnet worm, discovered in 2010. This was an attack aimed at sabotaging Iran’s nuclear program and was widely successful until it got released in the wild and discovered by security researchers.
The Colonial pipeline ransomware attack in 2021 which saw gas pipelines that supply about 55% of all fuels consumed on the US East Coast being completely shut down. This created a cascading effect of cancelled flights, gas stations running out of fuel, and a panic in the population causing people to fill any containers they could with whatever fuel they could find.
Conclusion
If you keep yourself up to date with cybersecurity news these days, you will know that no one is immune to cyber attacks. Every day we see software and hardware vendors being hit by exploits, we see hospitals and governments getting breached, we learn of our personal data being leaked and stolen, companies losing millions of dollars through scams, individuals losing their life savings.
We all have a part to play in helping with these new and evolving threats. Companies should strive to create systems that are secure, individuals should practise proper cyber hygiene, cybersecurity professionals should educate themselves and others constantly to keep up to date with the latest threats, governments should create policies that help protect our data.
We hope that our series of articles will help you understand the current threat landscape, and give you the motivation to learn more so that you can secure your systems a little bit better everyday. Until next time!