ATTACKERS

List of different types of attackers present in the digital world.

Nation-state attackers

Terrorist Groups

Malicious Insiders

Criminal Groups

Hacktivists

Corporate Spies

Frequently Asked Questions

  • Attackers
  • What's the premise of hacktivism?
    Carrying out hacking attacks as a form of activism. So, you might think of hacktivism as online activism, digital activism, or cyberactivism,
  • Types of cyber attackers

    Cyber Criminals (Organized Cybercriminals)

    Cybercriminals are individuals or groups of people who use technology to commit cybercrime to steal sensitive company information or personal data and generate profits.

    Hacktivists

    Hacktivists are individuals or groups of hackers who carry out malicious activity to promote a political agenda, religious belief, or social ideology. Hacktivists are not like cybercriminals who hack computer networks to steal data for cash. They are individuals or groups of hackers who work together and see themselves as fighting injustice.

    State-sponsored Attacker (APT Groups)

    State-sponsored attackers have particular objectives aligned with either the political, commercial, or military interests of their country of origin. These types of attackers are not in a hurry. The government organizations have highly skilled hackers and specialize in detecting vulnerabilities and exploiting these before the holes are patched. It is very challenging to defeat these attackers due to the vast resources at their disposal.

    Insider Threats

    The insider threat is a threat to an organization's security or data that comes from within. These types of threats are usually occurred from employees or former employees, but may also arise from third parties, including contractors, temporary workers, employees, or customers.

    Malicious Insider Threats

    Malicious threats are attempts by an insider to access and potentially harm an organization's data, systems, or IT infrastructure. These insider threats are often attributed to dissatisfied employees or ex-employees who believe that the organization was doing something wrong with them in some way, and they feel justified in seeking revenge.

    Cyber Terrorists

    Terrorism, by its very nature, seeks out whatever means possible to proliferate fear, unrest, and discord across the globe. Cyber terrorists utilize an array of cyber weapons to disrupt critical services and commit harmful acts to further their cause. Generally speaking (though far from exclusively), they target the state operations, businesses, and critical services that will cause the most dramatic effect.

  • How profitable is cyber crime?
    The interesting thing is that all the services used by cybercriminals cost money, from malware development all the way through to money muling. All the individuals involved in the criminal ecosystem that supports fraud through a malware campaign require payment. This means that unless the criminals are able to access large numbers of bulk payment systems, and get high-value payouts on each occasion, each criminal is relying on small profit margins from each hack just to keep their business going. They then need to reinvest these profits into developing their botnets and campaigns further in order to have continued success.
  • Which categories are financial cybercrime divided into at this time?

    Individual users: This category focuses on individuals as victims. The threat actors steal and use stolen data, credit card numbers, online financial account information, or ss numbers.

    Enterprises: This category of financial cybercrime focuses on enterprises and business org. Threat actors will attempt to steal research on a new product to sell it to another supplier which deprives the legitimate business of profits.

    Governments: Governments are also the targets of threat actors. If military information can be stolen, it can be sold. Government information can also be stolen and published in front of its citizens to embarrass the government.

  • Who carried out hacktivism attacks?
    People who carried out hacktivism attacks are hacktivists. They generally claim to operate with altruistic intentions, meaning not to cause malicious harm but rather to draw attention to a cause that’s important to the hacktivist group.
  • Who do hacktivists target?
    Hacktivists target entities that they believe violate their values or stand in the way of their agenda. Common targets may include Nation-states, Government agencies, Corporations, Religious institutions, Terrorist organizations.
  • What motivates hacktivists?

    Hacktivists generally believe they’re acting altruistically for the public good. Similar to activism in our physical world, online activists seek to bring public attention to a cause that’s important to them in hopes they’ll invoke change. This often means exposing and correcting perceived injustices.

    The nature of the perceived injustices might be political, social, or religious:

    • Politically motivated hacktivism seeks to promote or upheave a political agenda, sometimes to the extent of anarchy.
    • Socially motivated hacktivism sets out to expose social injustices, ranging from government censorship to human rights.
    • Religiously motivated hacktivism acts in the name of a religious ideology and may seek to discredit or encourage the belief.
  • What are hacktivism attacks?

    Despite any altruistic intentions, hacktivism attacks are hacking attacks, which means they’re illegal. But they’re also difficult to prosecute because they’re mostly conducted anonymously.

    Unlike traditional hacking attacks, though, hacktivism attacks rarely have true malicious intent. In some cases, you might think of them as a form of antagonism, such as the way we might see graffiti on billboards.

    Still, just as this is vandalism in real life, website defacing is considered cyber vandalism. This is just one example of the types of hacktivism that exist today.

  • Types of hacktivism
    Hacktivism comes in many forms, each with its own way to support a hacktivist’s intentions. That might be promoting free speech and information, crashing websites, or exposing incriminating information. Here are 10 known types of hacktivism:
    1. Anonymous blogging
    2. RECAP
    3. Website defacement
    4. Website redirects
    5. Website mirroring
    6. Denial of Service (DoS) or Distributed Denial of Service attacks (DDoS)
    7. Virtual sit-ins
    8. Leaks
    9. Doxing
    10. Geo-bombing
     
  • What is the difference between a hacker and a hacktivist?
    Hackers and hacktivists generally use the same tools and techniques to achieve their goals. Unlike hacktivists, hackers are not defined solely by social causes.
  • What are insider threats?
    Insider threats are users with legitimate access to company assets who use that access, whether maliciously or unintentionally, to cause harm to the business. Insider threats aren’t necessarily current employees, they can also be former employees, contractors, or partners who have access to an organization’s systems or data.  
  • How does the insider threat attack happen?
    Malicious insiders have a distinct advantage in that they already have authorized access to your company's network, information, and assets. They may have accounts that give them access to critical systems or data, making it easy for them to locate it, circumvent security controls and send it outside of the organization.
  • Where do the inside attackers come from?
    Inside attackers come from within your organization - they can be insiders in your company with bad intentions, or cyberspies impersonating contractors, third parties, or remote workers. They can work both autonomously or as part of nation-states, crime rings, or competing organizations. While they might also be remote third-party suppliers or contractors located all over the world, they have some level of legitimate access to your systems and data.
  • Why are insider threats so dangerous?
    Detecting insider threats is no easy task for security teams. The insider already has legitimate access to the organization’s information and assets and distinguishing between a user’s normal activity and potentially malicious activity is a challenge. Insiders typically know where the sensitive data lives within the organization and often have elevated levels of access, they don’t act maliciously most of the time; that’s why it’s harder to detect their harmful activities than it is to detect external attacks. As a result, a data breach caused by an insider is significantly more costly for organizations than one caused by an external attacker.
  • Why are you a target for insider threats?
    • Publicly available information helps foreign intelligence entities identify people with placement and access.
    • Contract information (bid, proposal, award, or strategies).
    • Company website with technical and program information.
    • Connections (partnerships, key suppliers, joint ventures, etc.) with other cleared or non-cleared companies.
    • Employee association with companies or technologies made public through scientific journals, academia, public speaking engagements, social networking sites, etc.
  • What do insider threats target?
    • Company unclassified networks (internal and extranets), partner and community portals, and commonly accessed websites.
    • Proprietary information (business strategy, financial, human resource, email, and product data).
    • Export-controlled technology.
    • Administrative and user credentials (usernames, passwords, tokens, etc.).
    • Foreign intelligence entities seek the aggregate of unclassified or proprietary documents which could paint a classified picture.
  • What's an APT?
    An APT is a cyber-attack launched against a specific company, person, or institution. These attacks are usually deployed by well-trained attackers using advanced technology, strategic tactics, and the necessary (financial) resources. APTs are well-structured and complex.
  • Who is affected by APTs?
    According to Bitkom (Bundesverband Informationswirtschaft, Telekommunikation und neue Medien e. V.), medium-sized companies are most seriously affected by IT espionage or sabotage – over 60 percent. Most organizations are already compromised without even being aware of it.
  • Why would someone launch an APT?
    A successful advanced persistent threat can be extremely effective and beneficial to the attacker. For nation-states, there are significant political motivations, such as military intelligence. For smaller groups, APTs can lead to significant competitive advantages or lucrative payouts.  
  • How do I prevent an APT?
    When organizations detect gaps in their security, they intuitively deploy a standalone product to fill that void. A solution filled with standalone products, however, will continue to have inherent gaps. To avoid these security gaps, organizations need to take a holistic approach. This requires a multilayered, integrated security solution. Deploying a portfolio of products that can seamlessly work together is the best way to enhance security.
  • Where does the APT attack come from?
    Most APT groups are affiliated with or are agents of governments of sovereign states. An APT could also be a professional hacker working full-time for the above. These state-sponsored hacking organizations usually have the resources and ability to closely research their target and determine the best point of entry.  
  • Nation State (APTs)
  • What's an APT?
    An APT is a cyber-attack launched against a specific company, person, or institution. These attacks are usually deployed by well-trained attackers using advanced technology, strategic tactics, and the necessary (financial) resources. APTs are well-structured and complex.
  • Who is affected by APTs?
    According to Bitkom (Bundesverband Informationswirtschaft, Telekommunikation und neue Medien e. V.), medium-sized companies are most seriously affected by IT espionage or sabotage – over 60 percent. Most organizations are already compromised without even being aware of it.
  • Why would someone launch an APT?
    A successful advanced persistent threat can be extremely effective and beneficial to the attacker. For nation-states, there are significant political motivations, such as military intelligence. For smaller groups, APTs can lead to significant competitive advantages or lucrative payouts.  
  • How do I prevent an APT?
    When organizations detect gaps in their security, they intuitively deploy a standalone product to fill that void. A solution filled with standalone products, however, will continue to have inherent gaps. To avoid these security gaps, organizations need to take a holistic approach. This requires a multilayered, integrated security solution. Deploying a portfolio of products that can seamlessly work together is the best way to enhance security.
  • Where does the APT attack come from?
    Most APT groups are affiliated with or are agents of governments of sovereign states. An APT could also be a professional hacker working full-time for the above. These state-sponsored hacking organizations usually have the resources and ability to closely research their target and determine the best point of entry.  
  • Malicious Insiders
  • What are insider threats?
    Insider threats are users with legitimate access to company assets who use that access, whether maliciously or unintentionally, to cause harm to the business. Insider threats aren’t necessarily current employees, they can also be former employees, contractors, or partners who have access to an organization’s systems or data.  
  • How does the insider threat attack happen?
    Malicious insiders have a distinct advantage in that they already have authorized access to your company's network, information, and assets. They may have accounts that give them access to critical systems or data, making it easy for them to locate it, circumvent security controls and send it outside of the organization.
  • Where do the inside attackers come from?
    Inside attackers come from within your organization - they can be insiders in your company with bad intentions, or cyberspies impersonating contractors, third parties, or remote workers. They can work both autonomously or as part of nation-states, crime rings, or competing organizations. While they might also be remote third-party suppliers or contractors located all over the world, they have some level of legitimate access to your systems and data.
  • Why are insider threats so dangerous?
    Detecting insider threats is no easy task for security teams. The insider already has legitimate access to the organization’s information and assets and distinguishing between a user’s normal activity and potentially malicious activity is a challenge. Insiders typically know where the sensitive data lives within the organization and often have elevated levels of access, they don’t act maliciously most of the time; that’s why it’s harder to detect their harmful activities than it is to detect external attacks. As a result, a data breach caused by an insider is significantly more costly for organizations than one caused by an external attacker.
  • Why are you a target for insider threats?
    • Publicly available information helps foreign intelligence entities identify people with placement and access.
    • Contract information (bid, proposal, award, or strategies).
    • Company website with technical and program information.
    • Connections (partnerships, key suppliers, joint ventures, etc.) with other cleared or non-cleared companies.
    • Employee association with companies or technologies made public through scientific journals, academia, public speaking engagements, social networking sites, etc.
  • What do insider threats target?
    • Company unclassified networks (internal and extranets), partner and community portals, and commonly accessed websites.
    • Proprietary information (business strategy, financial, human resource, email, and product data).
    • Export-controlled technology.
    • Administrative and user credentials (usernames, passwords, tokens, etc.).
    • Foreign intelligence entities seek the aggregate of unclassified or proprietary documents which could paint a classified picture.
  • Hacktivists
  • What's the premise of hacktivism?
    Carrying out hacking attacks as a form of activism. So, you might think of hacktivism as online activism, digital activism, or cyberactivism,
  • Who carried out hacktivism attacks?
    People who carried out hacktivism attacks are hacktivists. They generally claim to operate with altruistic intentions, meaning not to cause malicious harm but rather to draw attention to a cause that’s important to the hacktivist group.
  • Who do hacktivists target?
    Hacktivists target entities that they believe violate their values or stand in the way of their agenda. Common targets may include Nation-states, Government agencies, Corporations, Religious institutions, Terrorist organizations.
  • What motivates hacktivists?

    Hacktivists generally believe they’re acting altruistically for the public good. Similar to activism in our physical world, online activists seek to bring public attention to a cause that’s important to them in hopes they’ll invoke change. This often means exposing and correcting perceived injustices.

    The nature of the perceived injustices might be political, social, or religious:

    • Politically motivated hacktivism seeks to promote or upheave a political agenda, sometimes to the extent of anarchy.
    • Socially motivated hacktivism sets out to expose social injustices, ranging from government censorship to human rights.
    • Religiously motivated hacktivism acts in the name of a religious ideology and may seek to discredit or encourage the belief.
  • What are hacktivism attacks?

    Despite any altruistic intentions, hacktivism attacks are hacking attacks, which means they’re illegal. But they’re also difficult to prosecute because they’re mostly conducted anonymously.

    Unlike traditional hacking attacks, though, hacktivism attacks rarely have true malicious intent. In some cases, you might think of them as a form of antagonism, such as the way we might see graffiti on billboards.

    Still, just as this is vandalism in real life, website defacing is considered cyber vandalism. This is just one example of the types of hacktivism that exist today.

  • Types of hacktivism
    Hacktivism comes in many forms, each with its own way to support a hacktivist’s intentions. That might be promoting free speech and information, crashing websites, or exposing incriminating information. Here are 10 known types of hacktivism:
    1. Anonymous blogging
    2. RECAP
    3. Website defacement
    4. Website redirects
    5. Website mirroring
    6. Denial of Service (DoS) or Distributed Denial of Service attacks (DDoS)
    7. Virtual sit-ins
    8. Leaks
    9. Doxing
    10. Geo-bombing
     
  • What is the difference between a hacker and a hacktivist?
    Hackers and hacktivists generally use the same tools and techniques to achieve their goals. Unlike hacktivists, hackers are not defined solely by social causes.
  • Criminal Groups
  • What are the most known cybercrime groups?

    GlobalHell

    Though this group is said to have disbanded in 1999, GlobalHell can be credited with being one of the first hacking groups who gained notoriety for website defacements and breaches. Stealing private and financial information, GlobalHell's founder has said the group caused $2.5 million in damages. GlobalHell infiltrated the White House, Ameritech, the United States army and the U.S. Postal Service.

    TeaMp0isoN

    Founded by a skilled 16-year-old hacker, TeaMp0isoN hacked into the English Defence League and NATO without breaking a sweat. Rumors swirled that the hacking group disbanded in 2012, but they came back in 2015 with a new image: a white-hat security research group.

    Lizard Squad

    Most widely known for their distributed denial-of-service (DDoS) attacks, Lizard Squad took down the Malaysian Airlines website and Facebook, though Facebook denies this. More recently, Lizard Squad puts their hacking efforts to disrupting social media services. You're your business conduct your client and customer service and reviews online? Prepare for war.

    Iran’s Tarh

    Andishan Tarh Andishan apparently wants to control the world’s web-based systems. The group is estimated to have 20 members mostly based in Tehran, Iran. A talented hacker group, Tarh Andishan apparently grew out of a Stuxnet worm virus Iran claimed the US and Israel created. The Iranian government doubled-down on its cyber warfare. The group uses self-propagating software, systems, backdoors, SQL injection, and other techniques. One of the attacks for which the group is best known is “Operation Cleaver.” This hacker group has apparently hacked airline gates and security systems.

    The Level Seven Crew

    This hacker group’s name is rumored to be inspired by the seventh level of hell from Dante’s Inferno, ‘the violent’ level. The group hacked 60 high profile computer systems (NASA, Sheraton Hotels, The First American national Bank) in 1999. They hacked into the US Embassy in China’s website. The group disbanded in 2000.

  • Who Are the Cybercriminals?

    Cybercriminals are individuals or teams of people who use technology to commit malicious activities on digital systems or networks with the intention of stealing sensitive company information or personal data and generating profit.

    Cybercriminals are known to access the cybercriminal underground markets found in the deep web to trade malicious goods and services, such as hacking tools and stolen data. Cybercriminal underground markets are known to specialize in certain products or services.

  • Is Hacking a Cybercrime?

    Hacking does not necessarily count as a cybercrime; as such, not all hackers are cybercriminals. Cybercriminals hack and infiltrate computer systems with malicious intent, while hackers only seek to find new and innovative ways to use a system, be it for good or bad.

  • What are the differences between Cybercriminals and Threat Actors?

    Cybercriminals also differ greatly from threat actors in various ways, the first of which is intent. Threat actors are individuals who conduct targeted attacks, which actively pursue and compromise a target entity’s infrastructure. Cybercriminals are unlikely to focus on a single entity, but conduct operations on broad masses of victims defined only by similar platform types, online behavior, or programs used. Secondly, they differ in the way that they conduct their operations. Threat actors follow a six-step process, which includes researching targets and moving laterally inside a network. Cybercriminals, on the other hand, are unlikely to follow defined steps to get what they want from their victims. Note, however, that cybercriminals have also been known to adopt targeted attack methodologies in their operations.

  • BOOKS

    ADVERTISEMENT

    DEFINITIONS

    Hacktivism

    A malware sandbox, within the computer security context, is a system that confines the actions of an application, such as opening a Word document, to an isolated environment. Within this safe environment the sandbox analyzes the dynamic behavior of an object and its various application interactions in a pseudo-user environment...

    Read more
    ADVERTISEMENT

    DOCUMENTS

    ADVERTISEMENT

    ENTERTAINMENT

    ADVERTISEMENT

    QUOTES

    “As national security and war are being…”

    As national security and war are being redefined for the digital age, Silicon Valley will need to be on the front line of counterterrorism. Its inventors and entrepreneurs are driving the information revolution, and they must figure out how to protect vital systems against malevolent intrusions. It lies at ground...

    Read more

    Welcome Back!

    Login to your account below

    Retrieve your password

    Please enter your username or email address to reset your password.

    Add New Playlist