Cybersecurity Threat Actors

APT (advanced persistent threat) actors have become very busy over the last decade, as 20-30 countries wage cyberwar against each other for political, military, economic, and commercial gain. 

Think of APT groups as industrial or nation-state spies engaged in espionage, political manipulation, and IP theft. They typically target politicians and political groups, the defense industry, government institutions, and large strategic businesses.

APT threat actors are difficult to detect primarily because they tend to use custom malware or zero-day vulnerabilities that security systems cannot identify or recognize.

APT groups also engage in cybercrime for financial gain. The North Korean government-sponsored APT group Lazarus likes to engage in theft from financial organizations and SWIFT bank cyber robberies as a way of generating funds for their regime.

Sometimes, employees turn against employers, which can have a devastating impact on a business and security. Because they enjoy privileged insider access to systems and networks, they can be a much more serious threat actor than cybercriminals or APT groups. 

However, don’t just think about insider threat actors as malicious. They can also become threats through their own negligence or even through their own unintentional mistakes. According to IBM, human error is the main cause of 95% of security breaches.

To ensure your employees are a strong last line of defense against threat actors,  supply them with regular security awareness so security is top of mind.

The cybersecurity world contains a large number of individuals who want to hack computers just because they can. We call these lone-wolf hackers ‘script kiddies’.

Usually, they are younger people who acquire hacking tools built by more talented hackers. Script kiddies use those tools for fun because they can. 

There are more capable and talented lone wolf hackers who also want to hack IT infrastructure because they can, but both represent a serious threat to organizations. A good example is a former Amazon employee who, for no apparent reason, hacked CapitalOne and caused a data breach impacting 100 million CapitalOne customers. 

There are countless examples of lone-wolf hackers engaging in this sort of behavior. It's what makes this threat actor group the most unpredictable as their attacks seem to come out of the blue. 

Hacktivists, aka hacking activists, are hackers with a cause. Because their motives are often political, they do not try to be stealthy, rather send their message as publicly as possible.

Hacktivists choose targets because of their politics, the kind of business they engage in, or the kind of customers they have. 

Hacktivist groups like LulzSec and Anonymous have attacked the CIA and governments in the past with DDoS attacks. They have also attacked a large number of businesses and public organizations by defacing their websites and taking over their Twitter feeds to post political messages about their cause.

Since they're known to deface websites and social media feeds, it's crucial you have strong password protocols in place and implement MFA (Multi-Factor Authentication) and 2FA (Two-Factor Authentication).