Information security awareness focuses on raising consciousness regarding risks from the continuous evolving threats to organizations, businesses, and individuals.
Attackers evolve their capabilities and develop more technically advanced attack methods, and are acting on more diverse motives.
The goals of security awareness is to raise conscious with everyone that they are vulnerable to the challenges in today’s threat landscape, change human risk behaviors, and implement a security culture.
In this post, we take a look at threat actors and attacks to provide an overview of the current threat landscape.
A threat actor is a person or entity that is responsible for an event that impacts the safety or security of another entity. The term is used to describe the individuals and groups that perform malicious attacks against organizations of various types and sizes. Actors are categorized as external or internal an can be intentional or unintentional.
The following categories are a general overview. Threat actors are in reality more complex in their motivation and backgrounds.
Hacktivism is mainly portrayed as the evolution of meatspace civil disobedience into cyberspace.
The common motivation is the fight against censorship and the support for the freedom of information but some hacktivists work for personal and or political gains.
Typically hacktivists see themselves as vigilantes who use hacking to enact social justice and policy change.
Industrial espionage aims at stealing intellectual property, data, and secrets to use them for a competitive advantage.
Actors in this category are usually well-financed and use a mix of cyber and physical actions to achieve their goals.
Criminals are motivated by making money. The digital equivalent of kidnapping or robbery offers greater scalability and much lower risks.
The organized crime has been quick in adapting themselves to the opportunities of making money with online activities. Ransomeware and cryptojacking allow criminals to hide their identity and digital currencies make the laundering of money risk free.
The malicious intent of employees can have a devastating impact on the security posture of an organization. Valid accounts and knowledge of applied controls make it difficult to detect harmful actions or distinguish them from regular work.
Insider threats can be motivated by revenge, competition, money, or just by opportunity. Negligence or incompetence of employees can cause similar outcomes to the actions of a malicious actor inside the organization.
State-backed hackers are not exclusively focused on hacking into military systems. Nation-state attacks have been documented against critical infrastructures like financial institutes or energy providers with the intent to destabilize another country.
With almost unlimited financial potential these attackers use sophisticated techniques to disrupt organizations by leaking confidential information or attacking the availability of critical systems.
The following is a list of attack methods that are a threat to organizations and individuals working in both public and private sectors.
Distributed Denial of Service (DDoS)
DDoS attacks target the availability of systems. Its effectiveness is based on the coordinated usage of many computer which act in sync to attack a single endpoint. DDoS attacks try to exhaust the resources of systems by flooding them with requests. As a result, legitimate requests can no longer be answered or at least the service becomes too slow to work with.
The attack is executed from many different IP addresses to prevent blacklisting and therefore distributed.
Malware or malicious software is intentionally developed to cause damage to a computer, clients, or network. Malware comes in various types including worms, viruses, trojan horses, ransomware, adware, backdoors, and spyware.
Malware targets the weaknesses of other software systems or relies on users to install them by pretending to be regular software.
Advanced malware will try to conceal itself by using polymorphic approaches. This means that the signature of such software will mutate over time, making it difficult to detect.
Advanced Persistent Threat (APT)
This term describes a targeted attack against an organization or business with defined goals. Operators executing the attack have a full spectrum of techniques at their disposal.
These include open-source or commercial computer intrusion technologies, but can also extend to a state financed intelligence and intrusion program. APTs use continuous monitoring and interaction to achieve defined objectives.
APT attacks are coordinated human activities, rather than the execution of automated code. The operators have a specific objective and are organized, motivated, skilled, and potentially well funded.
This is an attempt to gather sensitive information such as email addresses and passwords by disguising oneself as a entity of trust.
Phishing is a social engineering technique used to deceive users. Users are lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.
While phishing describes a broad and automated attack, the so called spear-phishing is a customized attack on a specific employee or organization.
Gathering Threat Intelligence
Security teams need to be proactive and improve their ability to properly defend themselves against current threats to the organization.
Developing a detailed threat profile helps organizations with a clear illustration of the threats that they might face and supports an appropriate and tailored security program.