In the world of cybersecurity, the more you know about threat actors, the better placed you are to counteract and manage cyber threats and attacks. But what is a threat actor?
We can define a threat actor as a person, group, or entity performing a cyber-attack designed to impact an organisation negatively.
In other words, someone who wants to harm you and or your organisation’s IT infrastructure.
There are many types of cyber attacks and threats, from a disgruntled team member trying to gain unauthorised access to steal sensitive data to nation-states attempting to interfere in political elections.
There are ways to keep cyber secure.
For example, threat intelligence is a resource that organisations can leverage to provide information about current or emerging threats that could negatively impact their security. If we combine available threat intelligence on threat actors, existing and emerging threats, then we have a formidable defence against attacks.
Threat Intelligence also allows us to anticipate and pre-empt cyber risks and attacks, making us proactive rather than reactive.
Different Types of Threat Actors
According to a report (a collaboration based on research provided by the cybersecurity authorities of five nations: Australia, Canada, New Zealand, the UK and USA) on publicly available hacking tools:
Today, hacking tools, with a variety of functions, are widely and freely available for use by everyone, from skilled penetration testers, hostile state actors and organised criminals to amateur hackers.Joint report on publicly available hacking tools – NCSC.GOV.UK
A cybercriminal is the most common type of threat actor, and one most people tend to read or see on the news.
An attack is intended to steal data and make it inaccessible until an organisation or individual pays a ransom. Be it working alone or as a group, money is the cybercriminals primary motivation.
Cyber-attacks are made up of phishing attacks, ransomware, malware and other tactics and techniques.
Insider attacks, or insider threats, are typically related to an organisation when a team member, former team member, third-party contractor, or partner wants to get at organisational network, systems, or data.
The reasons for doing so are varied. Disgruntled employees could do so for financial gain, or a threat actor may use an organisation’s system to expose confidential information.
An insider cyber threat actor sometimes maliciously and intentionally damages an organisation’s cybersecurity foundations, yet sometimes this is not intentional.
Not every insider threat is motivated by greed or revenge.
Some attacks can be down to a lack of understanding of cybersecurity. One such example is when a staff member falls prey to a phishing cyber-attack and unfortunately shares sensitive information.
A nation-state attack refers to countries that target institutions within other countries to influence elections, disrupt or affect their security, economy, the electoral process, and government departments. Having access to significant financial backing and the necessary tools makes a nation-state one of the most dangerous types of cyber threat actors.
Hacktivists are a form of threat actor often noted in the media. Groups such as Anonymous, for example, have carried out cyberattacks on terrorist organisations.
The reason for a hacktivist cyber-attack is for them to expose their target entity and disrupt their actions.
There is often a social, political, or ideological reason for the hacktivist to undertake an attack on an organisation, government, or individuals.
Script kiddies refer to those individuals with basic hacking skills.
These bad actors may launch existing scripts to deface a website for their cheap thrills.
Organisations targeted by script kiddies can incur severe costs to repair their systems and recover data.