Analysing The Evolution of Threat Actors
Hacking started in the 1960s with phone freaking, or phreaking, which refers to using various audio frequencies to manipulate phone systems. At that time, telephone switches used various tones, or tone dialling, to indicate different functions.
Early threat actors realized that by mimicking a tone using a whistle, they could exploit the phone switches to make free long-distance calls.
In the mid-1980s, computer dial-up modems were used to connect computers to networks. Threat actors wrote “war dialling” programs that dialled each telephone number in a given area in search of computers, bulletin board systems, and fax machines.
When a phone number was found, password-cracking programs were used to gain access. Since then, general threat actor profiles and motives have changed quite a bit.
There are many different types of threat actors.
#1 Street Kiddies
Script kiddies emerged in the 1990s and refer to teenagers or inexperienced threat actors running existing scripts, tools, and exploits, to cause harm, but typically not for profit.
#2 Vulnerability Brokers
Vulnerability brokers typically refer to grey hat hackers who attempt to discover exploits and report them to vendors, sometimes for prizes or rewards.
Hacktivist is a term that refers to grey hat hackers who rally and protest against different political and social ideas.
Hacktivists publicly protest against organizations or governments by posting articles, videos, leaking sensitive information, and performing distributed denial of service (DDoS) attacks.
Cyber criminal is a term for black hat hackers who are either self-employed or working for large cybercrime organizations.
Each year, cyber criminals are responsible for stealing billions of dollars from consumers and businesses.
State-Sponsored hackers are threat actors who steal government secrets, gather intelligence, and sabotage networks of foreign governments, terrorist groups, and corporations.
Most countries in the world participate to some degree in state-sponsored hacking. Depending on a person’s perspective, these are either white hat or black hat hackers.
Cyber criminals are threat actors who are motivated to make money using any means necessary. While sometimes cybercriminals work independently, they are more often financed and sponsored by criminal organizations.
It is estimated that globally, cybercriminals steal billions of dollars from consumers and businesses every year.
Cybercriminals operate in an underground economy where they buy, sell, and trade exploits and tools.
They also buy and sell the personal information and intellectual property that they steal from victims.
Cybercriminals target small businesses and consumers, as well as large enterprises and industries.
Threat actors do not discriminate. They target the vulnerable end devices of home users and small-to-medium-sized businesses, as well as large public and private organizations.
To make the internet and networks safer and more secure, we must all develop good cybersecurity awareness.
Cybersecurity is a shared responsibility that all users must practice.
For example, we must report cybercrime to the appropriate authorities, be aware of potential threats in email and the web, and guard important information against theft.
Organizations must take action and protect their assets, users, and customers. They must develop and practice cybersecurity tasks such as those listed in the figure.
Cyber Threat Indicators
Many network attacks can be prevented by sharing information about indicators of compromise (IOC).
Each attack has unique identifiable attributes. Indicators of compromise are the evidence that an attack has occurred. IOCs can be features that identify malware files, IP addresses of servers that are used in attacks, filenames, and characteristic changes made to end system software, among others.
IOCs help cybersecurity personnel identify what has happened in an attack and develop defences against the attack. A summary of the IOC for a piece of malware is shown in the figure
For instance, a user receives an email claiming they have won a big prize. Clicking on the link in the email results in an attack.
The IOC could include the fact the user did not enter that contest, the IP address of the sender, the email subject line, the URL to click, or an attachment to download, among others.
Indicators of attack (IOA) focus more on the motivation behind an attack and the potential means by which threat actors have, or will, compromise vulnerabilities to gain access to assets.
IOAs are concerned with the strategies that are used by attackers. For this reason, rather than informing response to a single threat, IOAs can help generate a proactive security approach.
This is because strategies can be reused in multiple contexts and multiple attacks. Defending against a strategy can therefore prevent future attacks that utilize the same, or similar strategy.
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.
I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.
CRMNUGGETS is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.