Home / Blogs

Understanding the Threat Landscape: Cyber-Attack Actors and Motivations

Josh Ray

The threat landscape has rapidly expanded over the past few years, and shows no signs of contracting. With major establishments in both the public and private sectors falling victim to cyber-attacks, it is critical for organizations to identify the motivations, modus operandi (MO) and objectives of adversaries in order to adequately and effectively defend their networks.

Understanding the taxonomy of cyber-attacks is the first step in preparing an organization against exposure to them. Verisign iDefense Security Intelligence Services classifies cyber-attacks into three categories: hacktivism, cyber crime and cyber-espionage.

Hacktivism

Hacktivism is primarily politically or ideologically motivated, based on a desire to wreak havoc on the victim organization or cause harm to its reputation, with the ultimate goal of drawing attention to a specific topic or event. These attacks can be triggered by real-world events, and for the most part are not built on the anticipation of financial gain.

Common hacktivist attack vectors include:

  • Distributed Denial of Service (DDoS) attack: A malicious attempt to debilitate networks, Web-based applications, or services by using a large number of networked computers to overwhelm these assets with resource requests, or impair them in some other way.
  • Website defacement: Changing the appearance of a website via unauthorized access such as through a cross-site scripting vulnerability.
  • Information disclosure: Publicizing information about the targeted institution that was not previously publicly known or releasable.
  • Doxing: The publication of personally identifiable information (PII) about a specific person for malicious purposes.

Cyber Crime

While the term "cyber crime" is broad and can refer to any criminal act involving a computer system, in this instance the term refers to crime carried out for the purpose of financial gain. Financial institutions and their clients are most frequently targeted by cyber criminals, and payment card and online banking fraud are the lifeblood of this type of attack (e.g., miscreants offering DDoS-for-hire services).

Cyber criminal enterprises vary in size and typically involve persons working together, though they may not know each other in real life. They rely on Web-based forums, ICQ , Jabber and Internet Relay Chat (IRC) for communication and for the recruitment of prospective partners. Data stolen in cyber crime attacks is often circulated on the black market where it is made available for purchase via forums and automated Web shops.

Data cyber-criminals frequently seek includes:

  • ATM and point-of-sale (PoS) skimming: Stealing bank and PIN information when cards are used at ATMs, credit/debit card terminals and other card readers.
  • Random Access Memory (RAM) scraping: Stealing credit/debit card information when the card information is stored in the server's memory system.
  • Code injection: Introducing malicious code into a computer program to redirect the system's actions.
  • Keylogging: Using a program to record computer keystrokes in order to gain confidential information.
  • Phishing: Creating fraudulent, socially engineered electronic content (websites, emails, etc.) that is from a seemingly legitimate source, enticing victims to provide confidential information.

Cyber-Espionage

The primary goal of cyber-espionage is gaining and maintaining access to target networks to exfiltrate intellectual property, personally identifiable information (PII) and financial and targeted strategic information from governments, corporations and individuals.

Threat actors behind these operations select their targets based on a specific set of goals or criteria, known as collection requirements. These requirements can range from specific technologies, such as unmanned aerial vehicle technology, to broad goals for economic advancement. Unlike hacktivism and cyber crime campaigns, cyber-espionage is carried out by many different individuals and organizations seemingly operating in accordance with their own established collection requirements.

Read more about the cyber threats and actors you should be most focused on in 2015 here.

By Josh Ray, Vice President of Cybersecurity Intelligence at Verisign
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Typically, motivation has a financial dimension too. Alex Tajirian  –  Jun 19, 2015 7:01 AM PDT

Typically, motivation has a financial dimension too. Hacktivism, which causes direct harm to reputation, also causes indirect financial damage; so does cyber-espionage. Thus, you may frame the treats within (what you call) “collection requirements.” Hence, (thinking loud) you may want to map a 2x2 relationship matrix between technology and what I would call “threat touch points,” with each quadrant representing the types of required defenses. Just a thought :)

To post comments, please login or create an account.

Related

Topics

DNS Security

Sponsored byAfilias

New TLDs

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC