- Script Kiddies
- Organized Crime
- Nation States/APT
- Insider Threats
A Script Kiddie is some form of unskilled hacker who has no real skill of their own. They will utilize common or easily implemented vulnerabilities that can be found online.
Script kiddies are assumed to be unskilled and thus a minor threat when compared to other threat actors.
Script kiddies might be a threat to your untrained users, but generally user training and proper security controls on the network can mitigate most attacks that would be carried out by a script kiddie.
A Hacktivist is a person that uses hacking to promote a cause or push a political agenda
A hacktivist can be anything from an individual getting attention for a cause to a cyberterrorist.
* This can cause a moral grey area when viewing a hacktivist. Some will support the cause and others will condone it depending on the cause.
Hacktivism is frequently a red herring for a more threatening attack. For example, a website might get defaced and some credit cards might be discreetly stolen.
The most common adversary thought of when discussing data theft, cybercriminals seek the immediate satisfaction of a financial payout. They typically target personal and financial information, hoping to exploit or sell the data for their own financial gain.
This is typically carried out by an organized group of attackers trying to reap financial gain.
Insider Threats are perpetrated by individuals that are a part of the targeted group/company. They may aim to vandalize assets as a form of revenge, steal proprietary assets for resale on the dark web, or simply send sensitive data to anybody who asks.
The hard part, of course, is distinguishing these actions from all the legitimate activity that occurs every day on your network.
Some tactics could help mitigate an insider threat, like least privilege or job rotation.
The Nation State Actor are hacker that are generally legally hacking for the government of their country. They are usually well trained and will have a set a focused target.
An Advanced Persistent Threat (APT) describes a group of well organized attackers, possibly from an enemy country, who use very sophisticated and targeted attacks against your organization.
Threats posed by competitors are, simply, threats perpetrated by competing groups in order to gain some sort of edge or handicap their rivals.
Threats may include disrupting day-to-day operations, exposing sensitive information, destroying public relations, etc.
Attributes of Actors
Internal vs. External – An internal threat is one that originates from within the targeted group and will have an easier time getting through or already have access to that groups information making them potentially more dangerous then an external threat that would have to break through the security.
Level of Sophistication refers to the amount of organization, and expertise that
are attributed to the particular attacker.
What also helps to determine the effectiveness of an attacker is the amount of resources and funding that are available to them.
Where a Script Kiddie would have little to none to pull from, a Nation State would have
resources from the government that employed them.
Intent is also important in assessing a threat as an attacker seeking to expose government secrets will be assessed more dangerous than an attacker seeking to deface a public website.
Open-source intelligence (OSINT) is publicly available information that any corporation or individual can utilize in order to keep up to date on many types of attacks and threats.
OSINT is simply any openly available information to the public.