A threat actor is an individual or an entity that is capable of (potentially) compromising the safety and security of others. In cyber security, cyber terrorism, and cyber threat intelligence, threat actors are people or groups of people that attempt and/or succeed in intentionally or unintentionally breaching and/or stealing personal data and information from various companies, organizations, enterprises, or individuals.
There are four main types of threat actors: cyber criminals, hacktivists, state-sponsored actors, and insiders. The most important reason why these types of attackers target the US is the fact that, as a developed economy, the country is heavily dependent on the use of various computerized machines and the Internet. Therefore, it is prone to frequent cyber attacks. In 2018, the former director for cyber-security policy at the Obama White House, Rob Knake, stated that "America is politically and technically the most susceptible nation in the world to digital attacks." Furthermore, statistics show that the average cost of cybercrime in the US is $17.36 million.
1. Cyber criminals: Cyber criminals are threat actors and attackers who gain access to personal, health, and financial data and information by using various techniques and tools like phishing or ransomware. Phishing is most often used for identity theft, as it allows the attacker to access and steal private data by sending a fake email to an unsuspecting user, claiming that it’s from a legitimate source, which redirects the user to a fake website where they have to enter their personal information, such as credit card numbers or social security numbers.
Why cyber criminals attack: Cyber criminals attack for financial gain. They steal personal data in order to sell it on the black market and make money. They operate behind anonymous networks and use various encryption methods and digital currencies to hide their communications and transactions. One of the most famous examples of cybercrime in the US was the attack on Equinox (a company that enables access to credit) in 2017, in which the personal information of nearly 148 million Americans was stolen and used for malicious purposes.
2. Hacktivists: Hacktivists are threat actors that steal and publicize private and even classified information from individuals or websites to damage their reputation. They manage to do this through distributed denial of service attacks (DDoS), using botnets, in which they flood the targeted website with a lot of traffic, causing it to crash. Nearly twenty-two percent of cyber attacks in the US have been done through DDoS.
Why hacktivists attack: Hacktivists are motivated by a political, social, or economic cause. Their goal is to expose a company’s weakness, to embarrass an individual whose ideology they do not agree with, or simply to commit vandalism. The most famous examples of hacktivist attacks in the US are the iCloud leaks of celebrities, in which countless photos of celebrities are leaked to the public in order to damage or clear their reputation.
3. State-sponsored actors: State-sponsored actors are well-funded attackers who commit cybercrime with the help and sponsorship of governments, nations, states, and other big entities. They manage to steal sensitive data and intellectual property by gaining access to the IT infrastructure. State-sponsored threats are usually difficult to detect, and organizations are often advised to develop strong security systems.
Why state-sponsored actors attack: State-sponsored actors attack to advance the socioeconomic, political, or cultural interests and agendas of the entities that sponsor them. Thus, they conduct intelligence, surveillance, and espionage. For instance, in “March 2018, the FBI and Department of Homeland Security issued a joint technical alert to warn of Russian cyber attacks against US critical infrastructure. Targets included energy, nuclear, water, aviation, and manufacturing facilities.” Fifty-four percent of all cyber attacks in the US are state-sponsored attacks, or cyber espionage.
4. Insiders: Insiders are threat actors that knowingly or unknowingly provide personal and confidential data and information to others. They do this by mistake, by not following the rules and principles of the organization or the individual, by being deceived, or by intentionally sharing the data to others, usually for money.
Why insiders attack: When they share private information with others knowingly, insiders attack mainly for personal reasons, like revenge, or for financial gain. For instance, cyber-criminals can use employees in a certain company as “moles” so that they can gain access to the desired data and information. One of the most controversial examples of an insider attack in the US was the 2018 cyber-attack on Nuance (a speech-recognition software company), in which the personal records of 45,000 patients from one of the company’s medical transcription platforms were leaked. The cybercrime was committed by a former employee of Nuance, who hacked into the servers to access the patients’ data for personal reasons.
https://www.csis.org/programs/technology-policy-program/significant-cyber-incidents
No comments:
Post a Comment