Welcome to CyberHygiene, my weekly newsletter, where I share tips and actionable data to help everyone stay safe online.
1. Who are the cyber attackers?
Cyber attackers can refer to a wide variety of individuals, groups, or organizations who use technology to gain unauthorized access to systems, networks, or devices for malicious purposes. They can be characterized by their motivations, the tactics they use and their targets.
Script-kiddies are individuals who lack the technical knowledge and expertise to develop their own hacking tools or exploits, but instead rely on using pre-existing tools and scripts to carry out their attacks. These individuals often use automated tools and scripts to scan networks and systems for vulnerabilities, and then use readily available exploits to exploit these vulnerabilities and gain unauthorized access to systems or data.
Insiders are attackers who have authorized access to a system or network but use their privileges for malicious purposes. Their tactics may include stealing data, installing malware, or causing damage to systems. Their targets are typically their own organizations or employers.
Opportunistic attackers are motivated by the opportunity to exploit vulnerabilities in systems or networks, and they typically use automated tools to scan for and exploit weaknesses. Their tactics may include phishing, malware, or exploiting unpatched software. Their targets can be almost anyone with an internet-connected device.
Hacktivists are motivated by social or political causes and use hacking as a form of activism. Their tactics include website defacement, DDoS attacks, and data leaks. Their targets are typically organizations or governments that they see as standing in opposition to their cause.
Financially motivated attackers are driven by financial gain and often use tactics such as phishing, malware, and ransomware to steal money or sensitive information. Their targets are typically businesses and individuals with valuable assets or financial information.
Cybercriminal organizations are motivated by financial gain and operate like businesses, with specialized teams focused on different types of attacks such as credit card theft, fraud, or ransomware. Their tactics vary depending on their goals but may include phishing, malware, or social engineering. Their targets are typically businesses and individuals with valuable information or assets.
State-sponsored attackers are motivated by political, economic, or military goals. They often use advanced techniques such as zero-day exploits and custom malware to gain access to sensitive government or corporate data. Their targets are typically government agencies, defense contractors, and other organizations with strategic importance.
Advanced Persistent Threats (APTs) are a specific type of cyber attacker that differs from other types in their tactics, targets, and motivations. APTs are typically highly skilled and well-resourced attackers who use advanced techniques to infiltrate and maintain long-term access to specific targets, such as government agencies, defense contractors, or large corporations.
2. How do cyber attackers choose their targets, and what factors influence their decisions?
Cyber attackers use various methods to choose their targets, such as scanning for vulnerabilities in software, hardware, and systems. They also pay close attention to individuals or organizations that have weak passwords, outdated software, or unsecured wireless networks, as these vulnerabilities make it easier for them to gain unauthorized access.
Perceived value is another factor that can influence a cyber attacker’s decision to target an organization or individual. Financial institutions, healthcare providers, and government agencies are often targeted because they store sensitive or valuable information. Additionally, cyber attackers may target high-profile individuals or organizations to gain notoriety or cause reputational damage.
Social engineering is another tactic that cyber attackers frequently use to target individuals based on their roles or behaviors. For example, they may use phishing emails or phone calls to trick employees into revealing login credentials or other sensitive information.
Motivations for cyber attacks can vary widely, from financial gain to political or ideological goals. As such, it’s important to have a comprehensive approach to cybersecurity that includes technical controls, employee training, and incident response planning. By understanding how cyber attackers choose their targets, organizations can take proactive steps to better protect themselves against cyber threats.
4. What resources are available to help you better understand and defend against cyber attackers?
1) Books
Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground - by Kevin Poulsen
Cybercriminals (True Books) - by Wil Mara
Cybercriminal Networks: Origin, growth and criminal capabilities - by Rutger Leukfeldt
Forensics To Expose Cybercriminals A Complete Guide - 2019 Edition - by Gerardus Blokdyk
Cyber Mercenaries: The State, Hackers, and Power - by Tim Maurer
2) Courses
Introduction to Cybercrime by Udemy
3) Certifications
4) Documents
5) Podcasts
