We talk a lot about “cybersecurity bad actors” on our blog, and we do so consciously. While the stereotype is of a hacker in a black hoodie, there are many different types of cybersecurity threats. In fact, we’re not fans of the word “hacker” at all because it’s such a generic term that draws a negative connotation; in a lot of ways, we’re hackers ourselves!
Today, we’re here to clear up some of the ambiguity and define who we’re really talking about when we discuss the bad actors that are a threat to your organization and its assets. We’ll cover some of the most common cybersecurity bad actors and the industries they’re most likely to target.
The Most Common Cybersecurity Bad Actors
These are the stereotypical “hackers” portrayed in pop culture, usually sitting in a dark room hammering away on a keyboard. They are out there, often acting alone or in small numbers, trying to exploit cybersecurity vulnerabilities through online robbery and extortion or by stealing credentials in data breaches.
They may be acting on their own behalf, but these can also be hackers-for-hire, with an emphasis on customer service and reliability, as long as the price is right. Black hats put everyone from public sector to retail, finance and banking to manufacturing and industrial control systems at risk.
None of the bad actors actually wants to be referred to as a script kiddie. It’s used as an insult referring to a newcomer or amateur, one who doesn’t abide by the typical ethics and practices of professional hackers. They may have some programming skills, but they don’t yet have the experience to write their own programs exploiting vulnerabilities.
Still, script kiddies can wreak havoc on your cyber defenses. After all, this amateur is aspiring to greatness and looking to establish a reputation. Plus, they need to learn as they go. This wildcard element is a big part of the problem as their attacks are indiscriminate and often sloppy. They will try to compromise any computer they can crack.
In the past two years ‘hacktivism’ has seen a dramatic rise. You know them by their more popular names like Anonymous or WikiLeaks, whose members use their computer skills to access networks with a political or social agenda in mind. As TechCrunch observed, “new technologies gave protesters a convenient and powerful means to spread their messages and mobilize action globally.”
These data breaches are more personal and pointed. These ideological bad actors are typically targeting state and local governments, leaking insider information to the press, or seeking to interfere with processes they disagree with (the cyber equivalent of a street protest or sit-in).
There are examples of hacktivists using denial of service attacks to take aim at:
- Michigan’s main state site to draw attention to the water crisis in Flint
- North Carolina government sites to protest the controversial law for transgender bathroom use
- Baton Rouge’s website after the fatal shooting of a black man.
“It’s digital disobedience. It’s hacking for a cause,” Dan Lohrmann, chief security officer for Security Mentor, a national security training firm that works with states, told PBS.
Hacktivists have also gone after everyone from foreign governments and corporations to drug dealers and pedophiles. When they’re not shutting down sites, they might alter them, or they might make hack into private or confidential documents to make them public.
The mob has a whole new look. Today, there are highly motivated groups of criminals looking to exploit cyber technology and digital information. According to Malwarebytes, “The New Mafia: Gangs and Vigilantes,” have caused close to a 2,000% increase in ransomware detections since 2015, rising to hundreds of thousands of detections in September 2017 from less than 16,000 in September 2015.
Even traditional organized crime groups have recognized that cybercrime can lead to spectacular profits. According to the Financial Times, “in one court case in Brussels, a Dutch-Turkish group importing heroin from South America persuaded two techies to hack into the port of Antwerp and manipulate the unique nine-digit PIN numbers that every seagoing container is allotted. Using this they were able to digitally mark the containers with cocaine as having been customs cleared.”
Thus, while many would expect organized online criminals to go for the money, targeting financial companies in particular, there are many other potential targets that could help them carry out their nefarious deeds.
Insider threats are dangerous and widespread. Whether they’re rogue employees acting with ill intent or employees or contractors making mistakes, they often have access to key applications, storage systems, networks and more.
In fact, The Ponemon Institute tells us the average yearly cost of insider threats is $8.76 million. Employee or contractor negligence are the most common cause (64%). Yet the threat is increasing. Since 2016, the average number of incidents involving employee or contractor negligence has increased by 26 percent and the cost to contain an incident in North America has risen to $11.01 million.
An ObserveIT study further found, Generation Z poses the highest overall cyber security risk, as more than one third (34 percent) of 18-24-year-olds report didn’t know what was included in their company’s cyber security policy. This group was also most likely to report that they do not follow the company’s cyber security policy, even if they do understand it.
We read a lot about public sector and commercial breaches due to insider threat, but this is, once again, a non-discriminant type of risk.
RedTeam Can Help
Ultimately, what this article confirms is that all kinds of entities and enterprises need to prepare to fight a diverse range of online and physical attacks. According to PwC’s 2016 Global Economic Crime Survey,17% of businesses faced financial loss from an attack, 19% faced regulatory risks and 23% faced legal, investment and/or enforcement costs. RedTeam Security’s experts can help identify your vulnerabilities through red teaming and penetration testing and help you take steps to mitigate your cybersecurity risk.
Getting a quote for your project is painless–just click the button below and answer a few questions to get started. We look forward to meeting you.