Beware of the six cyber threat actors in 2022

Neelesh Kripalani, CTO, Clover Infotech

By Neelesh Kripalani

Understanding the types of threat actors and their motivations is an essential step in building a robust cyber defence.

Organisations are accelerating their digital transformation, and cybersecurity is now a major concern. Creating a robust defence relies on an intimate knowledge of the enemy, their motivations, and goals. Defending against a known attacker is much easier than an unknown one. Thus, it is important to know the types of threat actors and be aware of their motivations in order to create a comprehensive cybersecurity plan.

What is a threat actor?

Cyber threat actors are individuals or groups with malicious intent, who aim to take advantage of vulnerabilities or low cyber security awareness to launch a cyber-attack. Their action is intended to cause harm to the cyber realm including computers, devices, systems, or networks.

Simply put, a threat actor is an entity responsible for a cybersecurity incident. Threat actors have different educational backgrounds, skills, and resources. Here are six threat actors to watch out for this year.

#1 Nation-states (Motivation: Espionage)

Nation-states are one of the most sophisticated threat actors having dedicated resources and personnel with extensive planning. They are either directed or funded or both by nations and national governments. Some nation-states have operational relationships with private sector entities and organised criminals.

#2 Cybercriminals (Motivation: Financial Gain)

Cybercriminals are generally understood to have moderate sophistication in comparison to nation-states. They make money by stealing data, tricking you into transferring money, stealing login credentials etc. These threat actors learn fast and constantly evolve their techniques. Their favourite attack is by email, typically a phishing email that tries to get your credentials or get you to download a malicious attachment.

#3 Hacktivists (Motivation: Geopolitical)

Hacktivists are groups of criminals who unite to carry out cyber-attacks in support of political causes. Their focus is on bringing awareness. For instance, almost all the information leaked by WikiLeaks was a result of hacktivists who wanted to expose the truth.

#4 Thrill Seekers (Motivation: Satisfaction)

A thrill-seeker is a type of threat actor that attacks a system for the sole purpose of experimentation. They are interested in learning more about how computer systems and networks operate. They are considered moderate to a low level in terms of sophistication as they usually rely on publicly available exploits that require little technical skill for their cyber-attacks.

#5 Insider Threats (Motivation: Discontent)

Sometimes, employees turn against employers and become insider threats. They are individuals working within their organisation who are particularly dangerous because of their access to internal networks. However, employees can also become insider threats through their own negligence or even through their own unintentional mistakes.

#6 Script Kiddies (Motivation: Fun)

Don’t let the cute name fool you! Although script kiddies (aka skiddies) aren’t skilled enough to design penetration tools on their own. However, they use tools developed by other attackers to penetrate a network or system. They find the easiest routes to hacking a system and do not invest much of their energy into performing an attack.

Take the best step forward

Understanding the types of threat actors and their motivations is an essential step in building a robust cyber defence. Besides being aware of the cyber threat actors, it is important is to build a cybersecurity strategy that can protect organisations from these threats.

Creating awareness about cybersecurity is equally, and perhaps more important as negligence can also lead to cyber-attacks, especially in the form of insider threats.

Neelesh Kripalani, CTO, Clover Infotech
Neelesh Kripalani, CTO, Clover Infotech.

 


Understanding the types of threat actors and their motivations is an essential step in building a robust cyber defence.