If you’re the victim of a cyberattack, you likely don’t care about the qualities of the attacker. Still, vulnerability researchers categorize cyberattackers to help them determine the motivations and resources available to the different types, and that work helps them find more insight into the methodologies – the tactics, techniques, and procedures used by individuals and groups to attack us. This is a brief view of the four, in increasing order of capabilities.
The “Script Kiddie”
Script Kiddies typically exhibit enough skill to use hacking tools others have written and get results, but they’re often not sophisticated enough to write their own exploits. Most of the tools they use are open source, meaning anyone can work with them.
While script kiddies are considered novices, they can cobble together enough knowledge, skill, and use of others’ work to get results. If your business or home isn’t secured and they find it and notice it’s insecure, they will likely find a way in and make trouble, even though they may not (but may) be able to cover their tracks.
Training is available online to help people learn how to hack, and that training is used by both the defenders and the attackers.
The Hacktivist
Hacktivists are hacking to make a statement. They often seek to deface websites in the name of a cause or cause other Internet mischief and trouble, including more serious attacks like Denial of Service attacks or changing code or data. You might remember the Hacktivist group Anonymous, which was active for a long time, peaking in about 2012, when even Time magazine wrote about them.
Hacktivist group members may not know each other in real life, or IRL or even know each other’s names. Another group you may want to research is named LulzSec, who attacked the CIA website.
For hacktivist groups, their level of sophistication and resources vary from group to group.
The Organized Criminals
Ransomware is in the news. Big companies are sending letters about data breaches – Ticketmaster was a recent one. Who’s doing these cyberattacks and profiting so boldly?
Typically the attackers are either in groups of organized crime cyberattackers or nation state actors (we’ll get to them next).
Organized crime and cybercrime fit together nicely. Most of the criminal groups are located outside of the United States and frequently operate in countries with which we have limited or no extradition capabilities.
The level of sophistication within these criminal groups can be exceptional, sometimes with group members who boast different specialties. For example, one set within the group breaks in, and another set goes to work to gain access to the entire network. Still a third set within the group might work to cover the tracks and gain a persistent foothold in the network.
With this much know-how and skill, the cybercriminal groups can pick their targets, plan for big paydays, and often get away with their crimes and their targets’ money. Recently in the news was an unnamed company who paid a confirmed $75 million ransom to the Dark Angels group. The website Krebs on Security details what can be found about that group, which isn’t much. They tend to keep a low profile, laser target companies, and go to work to part them from their money.
https://krebsonsecurity.com/2024/08/low-drama-dark-angels-reap-record-ransoms/
The Nation State Actor Group (Think Country)
Nation States like China, Russia, and North Korea spend an immense amount of resources to break into the United States’ networks – both government and companies.
They gain more than they spend, and this is cyberwar.
The United States does it as well. You may have read about Stuxnet, an attack devised, orchestrated, and carried out as a joint effort (most likely) by the US and Israel. The target? Centrifuges in Iran – to stop them from enriching Uranium.
This was a while ago, but accounts of what happened and how it unfolded are found all over the Internet. Wired’s online presence released an article in 2014, an excerpt from the book Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon.
To recap – nation states are heavily funded, and they are engaged in both attack and defense. To one nation, another country’s activities may be criminal. Spies are certainly involved, as is technology.
Would You Care Who Attacked You?
I wouldn’t care who attacked me. There are key steps we can take to minimize the risk of a successful cyberattack against us. I offer some resource videos on my site at https://www.heathernoggle.com – a good start.
I wish you improved cyber hygiene, and I hope you found this interesting.
By Heather Noggle
UniteNews Contributing Writer
hnoggle@codistac.com
https://www.codistac.com
https://www.linkedin.com/in/heathernoggle/