Threat Actors, Motivations and Capabilities

Its useful to remind ourselves of the common types of threat actors, their motivations and capabilities. Understanding this will help when we start to produce our hypotheses and Priority Intelligence Requirements.

Different types of Threat Actors

Hacktivists are driven by idealogical causes, sometimes social and political. In most cases they disagree with an idea and form a movement which tends to lead to targeting organisations websites or systems to promote those beliefs or to make statements.

Script Kiddies are inexperienced individuals or groups that use toolsets created by others to engage in cyber attacks for fun or to impress and sometimes for money. The key here is that most of the time they do not fully understand the toolsets they use, however to a business the damage can be very significant.

Organised Crime Groups Are criminal organisations that may use cyber attacks or certain cyber toolets to aide or broaden their criminal activities. Money Laundering, or drugs.

State-sponsored Actors  Often possess advanced capabilities and unlimited funds and resources. They are back by the government to conduct espionage, sabotage and other activities to advance their nations interest.

Terrorist Groups Often their goals are to disrupt services, spread propaganda and fear for idealogical and financial gain.

Insider Threat Can be disgruntled employees, third parties or partners and they use their access to systems to steal sensitive data or business operation data, sabotage and blackmail.

Cyber Criminal Mostly money motivated. Aim to steal data, blackmail businesses and use data for fraudulent purposes. Think Ransomware, Malware and Phishing.

Now we understand the threat actors we can move on to their motivations and then their capabilities.

Threat Actor Motivations

We need to understand why these groups do what they do before we start to think about protecting systems. Threat actor group motivations that are unique to your niche will drive which direction you go.

Financial Gain – Very simple, to gain money. Money is a driver for crime.

Espionage. – States, governments, corporations etc all wanting to gain advantages.

Hacktivism – For political or idealogical purposes. Could also be to raise awareness of ideas.

Ransom – Ransomware attacks, financial gain I put this in its own category as generally their is a ransom for data in exchange for payment.

Sabotage and Disruption – Just plain old damage

Personal Vendettas – People are weird sometimes and they can seek their revenge in the strangest of ways.

Notoriety – We all want to be famous, right?

Political Reasons – Could be to spread propaganda, disinformation or misinformation. Terrorists can recruit this way

Stealing Trade Secrets – Your competitors or new startups.

Threat Actor Capabilities

There has to be capabilities to achieve the objective. Not all capabilities are equal and each threat actor has different capabilities to aid in their campaigns. Below we list some of the more known capabilities you will encounter and need to know about and understand.

  • Malware development and deployment
  • Phishing attacks
  • Other Social Engineering tactics
  • Identity theft
  • Credit card and other financial fraud
  • Money Laundering
  • Data leaks
  • Defacement
  • DDOS
  • Social Media/ Fake News
  • 0 Days
  • Supply chain attacks
  • Nation states using long term infiltration and advanced custom cyber weapons