Identifying Cyber Enemies: Types of Digital Threat Actors and What They’re After

October 6, 2022
Jonathan Barrett
MXDR Security Analyst
Identifying Cyber Enemies: Types of Digital Threat Actors and What They’re After

A 2020 report from the FBI recorded over 2 million complaints of cybercrime in the previous five years, with nearly 800,000 of those occurring in 2020 alone. These attacks originated from several sources and totaled more than $13 billion in total losses.  

As our online presence continues to grow, so does our vulnerability to cyber threat actors. With cyber threat actors possessing new and increasingly sophisticated means of attacking, it’s important to stay vigilant to prevent attacks and properly address cybersecurity shortcomings. There are also some general measures you can take to help minimize weaknesses.

  • Familiarize yourself with cyber threat actors: Learning about different types of cyber threat actors can help you prepare for, recognize, and respond to various types of cyberattacks.
  • Deploy Threat Detection and Response
  • Harness Security AI to automate threat detection and prioritization alleviating security analysts of alert fatigue and burnout.
  • Keep software updated: In addition to anti-malware software, it is important to keep operating systems and other crucial programs up to date. Many developers try to stay up to date on potential vulnerabilities and release software updates to address these issues.
  • Make frequent backups of crucial data: In the event of a compromised network, having recent backups can go a long way toward reducing damage caused by cybercriminals.

Find out more about cyber threat actors and what you should look out for.  

What Are Cyber Threat Actors?

A cyber threat actor is a loose term for a person or group of people that cause harm through malicious online activity. Since these cybercriminals have a variety of  

tactics, techniques, and procedures (TTPs), targets and goals, it’s tough to nail down a specific threat actor definition that covers every attacker. However, understanding threat actor motivations and tactics is a key step to reducing the danger they pose.

8 Cyber Threat Actor Types To Watch For

Aside from posing a cybersecurity threat, there is no one link between most cyber threat actors. Instead, each cybercriminal can be classified by their individual targets, goals, and motivations for attacking.

1. Cyber Terrorists

Similar to traditional terrorists, cyber terrorists aim to cause damage in service of a political agenda. While these attackers can be state-sponsored or lone wolves, cyber terrorism is generally understood to mean an attack or attacks intended to threaten or force a political or ideological change.

Cyber terrorists could cause mayhem in many ways, such as hacking into important infrastructure, blocking government sites and services, gaining access to military assets, and holding important data hostage. Effective methods of preventing cyber terrorist attacks include keeping important data secure and encrypted, blocking external access to a network, and using software to detect malicious or suspicious activity.

2. Government/State-sponsored Actors

The motivations of government-sponsored actors can be varied. Some attacks are politically motivated, and even a key component of modern warfare. Other cyberattacks seek to steal state secrets or achieve other espionage-oriented goals. While government servers can be quite secure from attacks, state-sponsored actors often exploit the weaknesses of cloud storage to gain access to insecure information.

3. Hacktivists

A hacktivist is a cyber threat actor whose attacks are generally meant to further a political or ideological goal. Typical acts of hacktivism include denial-of-service attacks that restrict access to a website or online service, vandalizing a site to display a politically motivated message, or other such attacks meant to target ideological opponents.  

It can be difficult to get into the mind of an attacker such as a hacktivist, but there may be some early indicators that you could be targeted. If companies in a similar field have been targets of hacktivist attacks, or if your company has been in recent high-profile news coverage, it could be time to look closely for suspicious activity.

4. Insiders

Because of their easier access to critical information, attackers within can be even more damaging than external threat actors. While some insider threat actors may be serving as whistleblowers, revealing some injustice or illegal activity, it is more common for an insider to be acting for personal gain, or out of negligence.  

An important step for avoiding an attack from a malicious insider is to consider what information and secrets might be targeted and for what reason. Understanding these things could help you identify factors that could serve as early warnings of malicious activity. However, many insider threat actors are acting unintentionally, known as internal user errors.

5. Internal User Errors

Because they are generally accidental, internal user errors differ significantly from other types of cyber threat actors. Though not malicious, internal user errors can still leave a system open for attack from outsiders in several ways. A careless or inexperienced user could click a suspicious link, or open an email that could give outside parties access to a computer network.

In many cases, these issues can be prevented. One of the best ways to avoid falling victim to these types of attacks is through education. Employees should be notified of some common sources of breaches and how to avoid them. This includes only opening emails from trusted sources, keeping passwords secure, and never clicking untrusted links.

6. Organized Cybercriminals

An organized cybercriminal typically seeks to make money by stealing company secrets, selling intellectual property data, or through ransomware. These cybercriminals gain access in many ways, including phishing, malware, or exploiting an insecure network.

Since cybercriminals are motivated by money, they are more likely to attack a company because it is insecure than to choose targets based on political or ideological reasons. For this reason, employing methods like activity-monitoring security software can help you prevent attacks from cybercriminals as well as other sources.

7. Script Kiddies

Unlike other threat actors who can be more creative with their methods, script kiddies rely on existing software to perform their attacks. However, since a script kiddie usually lacks the expertise to customize their approach to the specific system they mean to attack, the best way to avoid an attack from a script kiddie is with the use of security software for a strong defense.

8. The Lone Wolf

Since lone-wolf attackers act on their own, they lack the financial backing of an outside source such as a government or other organization. They can still cause just as much damage as any other cyber threat actor. Lone-wolf motivations vary by individual, so avoiding attacks requires a combination of strategies.

Lone wolves may be unpredictable, but their methods of attack include the same tactics as other cybercriminals. Monitoring network activity, using software to detect attacks, and making efforts to keep data secure are all useful ways to reduce your company’s chances of falling prey to lone-wolf attacks.  

Avoiding and Preventing Future Cyber Threat Actors

Through the use of AI, sophisticated software can identify and prevent attacks as soon as they begin and before any damage can be done. For instance, ransomware attacks usually begin with a cyber threat actor gaining access to an account with high privileges in a system. Once inside, that actor will then look for important files to steal and encrypt, so it is vital to identify and stop such an attack as quickly as possible.

Additionally, it is important to consider what information a potential attacker would be interested in. Do you store government files that a state-sponsored actor would be interested in? Is that information adequately secure from outside attackers? Who has access to it? Could an insider leak information purposely or inadvertently? These factors can help decide how you treat the data you currently have, and can you help set future policies that can reduce the risk of future attacks.