We all are evidence of various tumultuous 2020 cyber incidents. Today, our personal and business affairs have shifted to the online platform, which has provided hackers with great opportunity. Internet Usage Statistics points that 89.4% of America has the highest internet penetration rates, with over 3,138,420 GB of internet traffic generated every minute. Every session on the internet, from our personal to our word usage, everything is at great risk all the time. Even though we try not to be the victim of cyber-attack, cybercriminals always seem to be seeking ways to stay ahead of the game.
Organizations are clear about the motivations of cybercriminals but tend to show less effort to understand their long-term attack methods and plans. “Threat actor” - an individual or a group posing a threat to impact the organizational or individual security. Cybercrime is hard to stop and cyber threat actors are targeting every public, private business as well as government agencies.
In 2015, The World Economic Forum estimated the economic cost of cybercrime to be $3 trillion worldwide. Now, Cybersecurity Ventures says that the global cybercrime costs will grow by 15 percent per year over the next five years, reaching $10.5 trillion annually by 2025. Therefore, the cyberattack has disabled the economy of an entire nation especially the United States, which constitutes one-fourth of the world economy and is the world’s largest economy with a nominal GDP of $21.44 trillion.
So, let’s learn the different types of threat actors and alert ourselves to fall into the traps.
Be Aware of Insider Threat Actors
We have heard about many cases where the company’s security is compromised by their employees. The insider has more rights to access control or administrative policies. Therefore, they perform the attack by themselves or are lured by bad actors to perform such activities. For example, The Russian allegedly attempted to bribe the Tesla employee with a $1 million to deliver malware to computer systems at the Gigafactory.
Today companies are more focused on remote functionality after this COVID-19. There are more reports of behavioral issues where users/employees/developers are randomly clicking and downloading the random stuff spreading malware. Hence, bad actors try to reach those and turn them against the company. Therefore, Company must maintain its visibility into their employees and their network activity. They must be continuously monitored and alert if there’s any malfeasance activity.
Pay Attention to Espionage Agents
The recent attack “SolarWinds attack” was espionage. The attack was believed to be a state-sponsored attack by Russian hackers who were directed and funded by Russian Intelligence. They were able to install the malware to SolarWinds' Orion product, which was distributed to approximately 18,000 customers. The state-sponsored threat actors' main aim is to spy and steal sensitive information military/political information. Hence, to combat the insider threat it is very necessary to implement the principle of least privilege, encrypt critical data and be aware of tactics like spear-phishing password attack, data exfiltration, remote access trojans, etc.
Cyber criminal’s Organization Aiming to Gain Profit
They are an organized group of cybercriminals who are a great threat in a long term. They usually steal data and sell them on the black market or hold it for ransom. In this digital world, there are more than 1,300 cryptocurrencies. Consequently, cryptocurrencies have not only attracted cyber criminals but also encourage them to break all the security protocols for their benefit. In addition to it, cybercriminals chose ransomware to earn money in a short timeframe. In 2020, according to Cybersecurity Ventures, a company was attacked every 11 seconds. Companies including individuals must be aware of their techniques like Business Email Compromise, Social Engineering, Phishing botnet, ransomware, scams, etc.
Hacktivism to Expose Secrets
We are very familiar with whistleblowers whose ideology is to target private, public, or government organizations to expose their secrets. For example, In 2013, Edward Joseph Snowden, an American whistleblower, copied and leaked highly classified information from the National Security Agency. WikiLeaks exposed over 20,000 confidential emails and 8,000 file attachments from the Democratic National Committee (DNC), on July 22, 2016. There have different tactics, techniques, and procedures (TTPs) and we must stay vigilant against DDoS attack, website defacements, and doxing.
Knowing about these cyber threat actors will help organizations to know who their targets may be, and which data/assets are threat actors keeping an eye on. These characteristics also provide companies to have insights as well as understand their innovative attack plans.