Understanding the Threat Landscape: Cyber-Attack Actors and Motivations

By Josh Ray
Josh Ray

The threat landscape has rapidly expanded over the past few years, and shows no signs of contracting. With major establishments in both the public and private sectors falling victim to cyber-attacks, it is critical for organizations to identify the motivations, modus operandi (MO) and objectives of adversaries in order to adequately and effectively defend their networks.

Understanding the taxonomy of cyber-attacks is the first step in preparing an organization against exposure to them. Verisign iDefense Security Intelligence Services classifies cyber-attacks into three categories: hacktivism, cyber crime and cyber-espionage.


Hacktivism is primarily politically or ideologically motivated, based on a desire to wreak havoc on the victim organization or cause harm to its reputation, with the ultimate goal of drawing attention to a specific topic or event. These attacks can be triggered by real-world events, and for the most part are not built on the anticipation of financial gain.

Common hacktivist attack vectors include:

Cyber Crime

While the term "cyber crime" is broad and can refer to any criminal act involving a computer system, in this instance the term refers to crime carried out for the purpose of financial gain. Financial institutions and their clients are most frequently targeted by cyber criminals, and payment card and online banking fraud are the lifeblood of this type of attack (e.g., miscreants offering DDoS-for-hire services).

Cyber criminal enterprises vary in size and typically involve persons working together, though they may not know each other in real life. They rely on Web-based forums, ICQ , Jabber and Internet Relay Chat (IRC) for communication and for the recruitment of prospective partners. Data stolen in cyber crime attacks is often circulated on the black market where it is made available for purchase via forums and automated Web shops.

Data cyber-criminals frequently seek includes:


The primary goal of cyber-espionage is gaining and maintaining access to target networks to exfiltrate intellectual property, personally identifiable information (PII) and financial and targeted strategic information from governments, corporations and individuals.

Threat actors behind these operations select their targets based on a specific set of goals or criteria, known as collection requirements. These requirements can range from specific technologies, such as unmanned aerial vehicle technology, to broad goals for economic advancement. Unlike hacktivism and cyber crime campaigns, cyber-espionage is carried out by many different individuals and organizations seemingly operating in accordance with their own established collection requirements.

Read more about the cyber threats and actors you should be most focused on in 2015 here.

By Josh Ray, Vice President of Cybersecurity Intelligence at Verisign

Related topics: Cyberattack, Cybercrime, Cybersecurity, DDoS Attack, Networks


Typically, motivation has a financial dimension too. Alex Tajirian  –  Jun 19, 2015 6:01 AM PST

Typically, motivation has a financial dimension too. Hacktivism, which causes direct harm to reputation, also causes indirect financial damage; so does cyber-espionage. Thus, you may frame the treats within (what you call) “collection requirements.” Hence, (thinking loud) you may want to map a 2x2 relationship matrix between technology and what I would call “threat touch points,” with each quadrant representing the types of required defenses. Just a thought :)