In order to secure and defend a network properly, we need to understand WHY attackers do what they do. Let’s look inside 6 types of cyber attack motivations.
1. Script Kiddies
Attackers who act just for fun. Script kiddies generally want to cause trouble and/or gain publicity, using whatever easy tools are available to them -- often open source software. These people are not interested in adding to their skills/knowledge, or even in using hacking tools in the most effective ways.
A Hacktivist usually has a clearer goal, like a social/political agenda. They are deeply committed to a cause and may attack governments, people, businesses, or religious organizations who promote a perceived social or political injustice. Hacktivists have been able to disrupt the operations of or spread misinformation about a wide variety of causes, including DDoS attacks against Black Lives Matter groups this summer.
3. Organized crime.
We have mercenaries in the cyber world too. “Hired guns” provide services or ready-made malware to further the agendas of their clients. They are motivated primarily by money.
4. Nation States/Advanced Persistent Threats
These are some of the most sophisticated and well-funded attackers. These are seeking state secrets, intellectual property, and personal info of government employees. Fitting their name, APTs will persist and keep trying new ways to exfiltrate data over time, even if defenders successfully stop one attack.
5. Insider threats
People, working as individuals or groups, inside a company who act maliciously against it. These actors may be disgruntled employees or have personal agendas outside the interests of the organization. Insiders are especially threatening because they often understand a network and its vulnerabilities better than an outsider. This is a good reason to use the “least privilege” principle when granting access -- limiting users to the lowest level needed. And another reason to consider the human factor in your security plan. 6. Competitors
Competitors want to gain an advantage and inhibit the target’s growth. This could mean simply gaining information on competitor practices or products, but at its worst, attacks on competitors can result in sabotage or theft of data.
Once we understand cyber attack motivations, we can use this information to assess the severity of threats to a network, and therefore determine priorities for mitigation.
Contact us if you need help with a vulnerability assessment, or with increasing your team’s knowledge regarding these risks.
These concepts are based on the book Security+: A Practitioner’s Guide, by David Evenden and Lauren Proehl.
Katy Munden Penner is a Writer and Content Strategist for StandardUser Cyber Security, and a Social Entrepreneur connecting people with great causes.