Cybersecurity Committee: Identify and Understand Cyber Threat Actors and Typical Methods of Attack
March 11, 2021
For a more visual presentation, download the Cybersecurity Committee’s Step Two infographic here. Otherwise, read the blog below!
The primary threat for most SMB, commercial and government entities is by criminals looking to make money! With Crimeware-as-a-Service (CaaS), organized crime is franchising cybercriminal underlings with toolkits, resources and hosting services. The risk associated with conducting cybercrime is dramatically imbalanced relative to the reward in favor of these criminals as very few are identified, apprehended, and prosecuted.
Motivation: Financial gain or reputation enhancement
Affiliation: Individuals or with collaborators
Common Tactics, Techniques and Procedures (TTPs): Phishing, social engineering, business email compromise (BEC) scams, botnets, password attacks, exploit kits, malware and ransomware
Nation States – Advanced Persistent Threat (APT) Groups:
Threat Actors have evolved over the last decade. The most significant threat to the world is the Nation State / APT Threat Actor. These Cybercriminals are highly organized and have unlimited funding and resources. The disparity of threat versus defense against the Nation State is so extreme it is almost immeasurable.
- Russia 52%
- Iran 25%
- China 12%
- North Korea and other countries 11%
Motivation: Espionage, political, economic or military
Affiliation: Nation-states or organizations with nation-state ties
Common TTPs: Spear-phishing password attacks, social engineering, direct compromise, data exfiltration, remote access trojans and destructive malware
Insider Threat
Those under your company employ or contract that exfiltrate precious or sensitive information out of the company for nefarious objectives. Insiders undermine cybersecurity and physical security because they often have legitimate access to data and can carry out their criminal intent while appearing to conduct normal work activity.
Motivation: Financial gain or to seek revenge
Affiliation: Current or former employee, contractor or other partner who has authorized access
Common TTPs: data exfiltration or privilege misuse
Hacktivists
a.k.a. Ideologically-Motivated Criminal Hackers, target high-profile entities / victims to garner notoriety and publicity and to make political or social statements, often in effort to affect change.
Motivation: Political, social or ideological
Affiliation: Non-governmental individuals or organizations
Common TTPs: DDoS attacks, doxing and website defacements
Terrorist Organizations
These groups are designated by the U.S. Department of State. Their cybercrime is typically disruptive and or harassing in nature.
Motivation: Political or ideological; possibly for financial gain, espionage or as propaganda
Affiliation: Individuals, organizations or nation-states
Common TTPs: Defacements and claimed leaks
For more information: Reference PSA CIS controls Whitepaper CIS Controls – Organizational Control 17
To learn more from the PSA Cybersecurity Committee, visit PSAEducation.com!