One of the greatest inconsistencies in Information Security is how we collectively describe the various threats that are out there. Often times industry folks say threats and give a vague general reference to whatever is in the news at the time. There are three types of threat actors: Nation State, Criminal, and Hacktivist/Ideological Attackers. It is my intention to give you a brief summary of them below, to help you better identify the threat that may pose the greatest risk to your enterprise.
The first and probably the most sophisticated of the three threat actors is the Nation State Threat Actor. The most well known are the US, the UK, Germany, Russia, and China; but to be honest, the list goes on and on. If the nation is considered industrialized, it is safe to say, it has several teams that have a variety of skills and, frankly, an “interest” in the capability of being such an actor, in anything from incident response to offensive “hacking” teams. These teams focus on protecting their respective nations from all types of threats. It is also safe to say that most nations focus on gathering information, (intelligence) as opposed to causing harm.
The second type of actor is known as the Criminal Threat Actor. This group is often painted with a narrow brush and is associated primarily with the theft of identities. However, they have done considerable damage through the theft of Intellectual Property (IP), as well.
The third, and most publicly known of the threat actors, is the Hacktivist/Ideological Attackers. This set of threat actors remind me of the old quote, “One man’s terrorist, is another man’s freedom fighter.” For my part, I look at this characterization with both humor and trepidation. The attackers are typically out to make a point, and once made, they are more than willing to display what they have been able to accomplish. The question can be asked, are Hacktivist/Ideological Attackers heroes or are they villains? An example of this is when the Egyptian government shut down all communication to and from the country. It was the group, Anonymous, who found old copper wires running under the mediterranean to facilitate communication. They also created “care packages” that they digitally sent with instructions on how to get around the communication blockade. On the other side of the coin, look at the example of the Syrian Electronic Army who took advantage of poor security practices to send various messages through Twitter to cause considerable disruption to the stock market.
Next month we will further explore the Nation State threat actor; what is currently known and what has been observed.
About the author: McCall Paxton is the Enterprise Security Testing Lead for Pondurance. Pax, as he likes to be called, is a veteran security operator and advisor, having built a Security Operations Center (SOC), an open source intelligence program involving state and federal agencies and provided counsel to C-level staff and Board Members. Pax’s past experience also includes penetration testing, risk/crisis management, forensics work and force protection/anti-terrorism advisory.