Cyber Threat Actors
Cyber Threat Actors: Types & Defences
What is a Cyber Threat Actor?
A Cyber Threat Actor (CTA) is a person or group that uses computers, devices, systems, or networks to intentionally cause harm.
There are many different types of cyber threat actor, and these can be classified based on their affiliations and motivations.
Each type will have different knowledge, skills, abilities, motivations, and resources. These characteristics help us understand their preferred target, the kind of data or assets that are valuable to them, and how they might carry out their attacks.
Types of Cyber Threat Actor
Understanding each Cyber Threat Actor’s motivation and goal can help you develop a more focused cybersecurity plan.
For instance, some cyber threat actors may opportunistically target any entities that can generate monetary gain. Following this line of thought, any organisation with valuable or sensitive data could be a target.
On the other side, you may have cyber threat actors who conduct more targeted operations against specific individuals or organisations they want to exploit for espionage or blackmail purposes
Cybercriminals are largely profit-driven and represent a long-term, global, and common threat. They target data to sell, hold for ransom, or otherwise exploit for monetary gain. Cybercriminals may work individually or in groups to achieve their purposes.
- Motivation: Financial gain or reputation enhancement.
- Affiliation: Individuals or with collaborators.
- Common Tactics, Techniques, and Procedures (TTPs): Phishing, social engineering, business email compromise (BEC) scams, botnets, password attacks, exploit kits, malware, ransomware.
Hacktivists (or Ideologically-Motivated Criminal Hackers) are motivated by political, social, or ideological views. They often target victims for publicity or to effect change – which often results in high profile operations.
- Motivation: Political, social, or ideological.
- Affiliation: Non-governmental individuals or organizations.
- Common Tactics, Techniques, and Procedures (TTPs): DDoS attacks, doxing, website defacements.
An ‘insider’ is a current or former employee, contractor, or other partner who has access to an organization’s networks, systems, or data.
Malicious Insiders intentionally exceed or misuse this access in a manner that negatively affects the confidentiality, integrity, or availability of the organization’s data, network or systems.
They differ from unwitting insiders who unintentionally cause damage to their organization’s information systems through actions like clicking on malicious links in a phishing email.
- Motivation: Financial gain or to seek revenge.
- Affiliation: Current or former employee, contractor, or other partner who has authorised access.
- Common Tactics, Techniques, and Procedures (TTPs): data exfiltration or privilege misuse.
Due to heightened geopolitical tensions, many governments have warned about the increased risk of cyber attacks to both public and private sector organizations.
Nation-State Actors aggressively and persistently target public and private sector networks to compromise, steal, change, or destroy information.
They may be part of a state apparatus or they might receive direction, funding, or technical assistance from a nation-state. ‘Nation-State Actors’ is sometimes used interchangeably with Advanced Persistent Threat (APT), however, APT refers to a type of activity conducted by a more varied range of actor types.
- Motivation: Espionage, political, economic, or military.
- Affiliation: Nation-states or organizations with nation-state ties.
- Common Tactics, Techniques, and Procedures (TTPs): Spear-phishing password attacks, social engineering, direct compromise, data exfiltration, remote access trojans, and destructive malware.
The offensive cyber activity committed by Terrorist Organizations’ is typically disruptive or harassing in nature. This group primarily uses the internet for communications and recruitment.
- Motivation: Political or ideological, possibly for financial gain, espionage, or as propaganda.
- Affiliation: Individuals, organizations, or nation-states.
- Common Tactics, Techniques, and Procedures (TTPs): Defacements and claimed data breach and leaks.
How to prevent cyber attacks
Each Cyber Threat Actor has a different way of working, and you may need highly focused defences to protect your organization from a specific type.
There are, however, some basic things you can do to protect yourself from almost every type of cybercriminal. These include:
Let us help with our Managed Service
Help protect your organization by teaching your team about the different types of Cyber Threat Actors and training them to recognise an attempted cyber attack.
Our Click-Prone® Test is a customisable, simulated phishing test that can help you discover who in your organisation is vulnerable to phishing emails. We can then supply you with a library of expert security awareness training content to help improve their knowledge, strengthen your human firewall, and defend your business from cyber threat actors.