Threat Actors On The Dark Web
by David Wren
In last month’s issue of SBM, I introduced the concept of the dark web, how to access it, and why ominous and illicit activity takes place in this dark cyberspace. In this article, we will focus on threat actors and some of their motivations.
First, multiple types of threat actors exist and reflect a variety of motivations. Here are the most popular and active types:
Organized Crime – These are common criminals as well as the new mafia. Criminal organizations have been quick to adapt from traditional crimes such as bank robbery, kidnapping, extortion, and manipulation to digital equivalents such as ransomware, business email compromise, and data theft—which happen to a far greater degree in the digital world. The proliferation of this activity is due to relatively lower risk. Criminal organizations hide their activity through encrypted channels on the dark web and can launder financial gains to overseas accounts and digital currency.
State Actors and Advanced Persistent Threats (APTs) – Nation states around the world are engaged in cyber warfare, and your laptop, desktop and personal devices are the new battleground. State actors possess government and organizational resources that provide a high level of skills and tools without the need for immediate financial gain. Their motivations are typically to disrupt the political, military, economic and commercial infrastructure of a targeted country. Tracking such activity is very difficult, and many nation states often emulate other states to hide their activity and further cover their tracks. Other motivations include theft of intellectual property, financial market manipulation and financial gain.
Insider Threats - Commonly, the human element of the computing world is known as the weakest link when it comes to security threat vectors. Insider threats are generally categorized as either intentional with malice or unintentional without malice. The latter includes cases in which an employee accidently emails a file to a wrong recipient and unintentionally discloses data or clicks on a malicious email and falls victim to stolen passwords and data or a misconfigured networking device. The former—intentional with malice--may take the form of a disgruntled employee who wishes to cause harm or one who has been recruited by organized crime, a nation state, or a competitor to steal intellectual property.
Hacktivist – This category of threat actor is on a mission, driven by political, environmental or ideological conviction. These actors communicate and organize in stealth mode. However, the intended outcome is to draw attention to their cause. They generally will call out a person, issue, or organization for positive or negative consequence. In general, hacktivist activity increases during presidential election years, natural catastrophes, and man-made disasters.
The Lone Wolf – Lone wolves are commonly individual actors who hack into other people’s “stuff.” This group is usually not highly motivated and is generally opportunistic. There have been a couple of local cases where teenagers accessed the dark web and bought a DDOS attack against his school to bring the network down to avoid an online test. This is not to say that lone wolves are a trivial threat. There have been cases in which expert IT professionals hacked into organizations or company systems, or developed malware causing millions of dollars in damages for no apparent reasons.
Understanding adversaries and their motivations is important while developing or improving your information security strategy. While common solutions exist that can prevent and protect your environment from each of these threat actors, specific targeted solutions exist for a couple of these categories, which should be deployed in your organization if you are targeted.
The best way to assess your organization’s overall security posture is to hire a firm to hack into your environment. Commonly referred to as ethical hackers, we hack into organizations to find the security gaps and develop strategic plans to protect against those threats, including a security and risk assessment with actionable deliverables to elevate your organization’s overall security posture.
Monitoring your threat vectors, educating your staff, and constantly testing your defenses will build a fortress around your data, employees and organization--making you a hardened target.
In next months’ issue, we will cover the marketplace on the dark web.
David Wren, CISM is President of Network Technology Partners, a regional Cyber Security Intelligence firm headquartered in St. Louis, MO. He can be reached at dwren@ntp-inc.com.
Submitted 4 years 118 days ago