When threat hunting, you must first understand the adversaries you’re facing. While their techniques may be very similar, what motivates them can be very different. Understanding these motivations can provide you with a better understanding of where and when a cyber attacker may strike or when an unwitting accomplice takes measures that present undue risk to the organization.
If you can determine who would want to do you harm and what you have that’s valuable to them, you can better protect your business. Let's take a look at 6 common adversaries that you could be pursuing during a hunt.
An insider attack that is malicious in nature, and is typically perpetrated by disgruntled, troubled, or just greedy insiders. This is a targeted attack, motivated by financial gain or grievance.
Hackers are actively advertising for help from specific company’s employees to join the dark side. Desperate people can do desperate things. Good people can do bad things. In fact, this survey showed that 20% of employees would sell their corporate credentials, 44% of which would be willing to do it for less than $1,000, and some for as little as $100.
Not all insider threats are malicious, sometime people just make mistakes, or fall victim to common social engineering tactics, such as phishing, vendor spoofing, or pretexting. People are typically the weakest link in security because human nature makes us vulnerable.
Motivations aside, these regular network activities, typically administrative and maintenance-related in nature, often conspire to introduce excessive security exposure that is at odds with the organization’s level of risk tolerance.
Hackers are opportunistic, and typically get a thrill from gaining access to secured systems. They are looking to prove themselves, and do it for bragging rights. There efforts don’t always have a malicious intent. Professional “white hat” hackers can be employed by companies to perform penetration tests to identify vulnerabilities and other weaknesses. Performing regular vulnerability assessments and penetration tests is an important part of your cybersecurity program and can help inform your cybersecurity strategy.
Cybercriminals are opportunistic, and are motivated by financial gain. The growth of cybercrime-as-a-service (CaaS) means little technological expertise is needed to become a very successful cybercriminal today. CaaS has become a thriving services economy, fueled by a global marketplace featuring a breathtaking range of services. It’s also swelled the criminal ranks, thanks to high salaries for developers, exploding revenues for CaaS companies, and complicit buyers, ever-more willing to show the money.
Hacktivist attacks are targeted, and are often perpetrated to promote a political agenda or a social change. They are often looking to disrupt services and bring attention to a cause, such as free speech, human rights, or freedom of information. Anonymous is well-known for their hacktivist activities.
According to this article, hacktivism can be described as digital disobedience or “hacking for a cause.” While some think of this as being a form of harmless protest, it can be disruptive. “It’s criminal trespassing.”
These targeted attacks are motivated by a political, religious, or ideological cause. The goal is to intimidate a government or a section of the public, and they can interfere with critical infrastructure.
According to TechTarget, the FBI defines a cyber-terrorist attack as explicitly designed to cause physical harm to individuals. Targets include the banking industry, military installations, power plants, air traffic control centers, and water systems. Some consider Stuxnet, the malicious worm used to attack Iran’s nuclear program, an example of cyberterrorism.
THE SAGE ADVICE GUIDE TO CYBER THREAT HUNTING
As cyberattacks continue to soar, it's time to get proactive when protecting your network. You can’t simply sit back and wait for an automated alert to let you know you’ve been breached. You need to actively seek out potentially malicious behavior on your network. That’s why we’re seeing a shift to a more proactive approach... Cyber Threat Hunting. Learn how to defend your network. Learn more in the Sage Advice Guide to Cyber Threat Hunting.