Cyber threat actors take center stage in the ongoing fight against malicious online activity. They are the perpetrators of such activity, so identifying them and understanding their motivations is a normal part of the cybersecurity paradigm.
As it turns out, not all cyber threat actors are the same. Expert threat intelligence firms, like DarkOwl, recognize as many as eight different types of threat actors. Different things motivate each one. And as you might expect, their tactics tend to be commensurate with their motivations.
1. Cybercriminals
The first and most transparent type of cyber threat actor is the cybercriminal. This is an individual or group motivated primarily by financial gain. Cybercriminals steal sensitive information and sell it on the dark web. They commit online fraud, engage in extortion, and develop malware.
The most prominent cybercriminal tactic right now is ransomware. A threat actor will plant a piece of malware on a single computer or a network, malware that locks everything down by encrypting the data. The victim cannot regain access to data without paying a ransom.
2. Nation-State Actors
While cybercriminals are applying their trade for monetary gain, other cyber threat actors are sponsored by, or directly working under, national governments. Their primary goal is to strategically disrupt other nation-states. These types of threat actors steal intellectual property, sabotage adversary systems, and even pursue espionage. The end game could be anything from gaining a military advantage to harming an adversary’s economy.
3. Organization Insiders
Next up are insiders within an organization. These cyber threat actors have legitimate access to systems but abuse that access for any number of reasons. They can be motivated by greed, personal grievances, a desire to coerce colleagues, or even the desire to seek revenge against those they perceive have done them wrong.
4. Hactivists
Hactivists are political, social, or ideological activists who use cyber tools to do what they do. Their goals are closely aligned with their ideological causes. They use cybercrime to promote their beliefs or make public statements. Things like DDoS attacks and website defacement are their signature moves.
5. Organized Crime
Organized crime is no longer limited to traditional offenses like illegal gambling and prostitution. Crime groups have now infiltrated the internet and use it in any way they can to help their criminal enterprises. Everything from money laundering to trafficking is on the table.
6. Terrorist Groups
Similar to organized crime groups are the many terrorist groups that use digital means to do what they do. Terrorists often rely on cyberattacks to sow fear. They use digital tools and the darknet to disrupt, spread propaganda, and even communicate with cells located around the world.
7. Script Kiddies
Script kiddies are a group of cyber threat actors who do what they do for fun. They aren’t necessarily trying to make a buck or ruin a corporation. Instead, they treat malicious cyber activity as a hobby or a sport. Some do it because they are bored while others are driven by curiosity.
8. Undefined
The last category of cyber threat actors is undefined because their motivations seem to blur the lines between several distinct types of threat actors. They are sometimes known as gray-hat and red-hat cybercriminals. Their motivations are as broad as their knowledge of cybercrime itself.
It pays to understand the different types of cyber threat actors and what motivates them. The more security teams know about their online adversaries, the better prepared they are to stop them when they climb out from under their digital rocks. And climb out they will.