The top 5 threat actors in cyberspace - and what IT security measures you can take to protect yourself from them
by Svenja Koch
The fight against cyberattacks and cyberthreats requires a comprehensive, multi-layered approach. It's no longer "just" hackers and script kiddies who hunt down data, files and information - or paralyze entire networks for the sheer joy of criminal activity. Ransomware and advanced persistent threats are challenging IT security - and cyberattacks are increasing not only in scope but also in professionalism as technology continues to advance. We present the five most relevant threat actors in the field of cyber threats - and provide tangible tips on which strategies you can use to protect your network most reliably.
In 5th place: The Scriptkiddies
Scriptkiddies are casual hackers who target businesses and individuals for their cyberattacks without a specific goal. Scriptkiddies do not necessarily have to have sophisticated hacking skills - rather, many novice hackers resort to preconfigured phishing kits, which are often even distributed free of charge online. These phishing kits quickly and easily gain access to foreign networks. What at first sounds harmless and like a joke played by underutilized teenagers can nevertheless result in major damage.
Recommended IT security measures
Scriptkiddies do not use particularly sophisticated techniques and tactics to gain access to foreign computer systems. Implementing an Incident Detection and Response (IDR) solution will significantly speed up the analysis, detection and response to such cyber threats in your organization: the tools are designed to detect malicious activity on servers and clients in a local network. Usually, continuous monitoring of devices is relied upon for this purpose. In addition, every company should still implement specific anti-phishing strategies - which include regular training of all employees.
In 4th place: The ideologized cybercriminals
Hacktivists rely on cyberattacks via foreign networks to express their protest against political groups or to enforce their ideological goals. With DDoS attacks via botnets, a manipulation of corporate websites or the hostile takeover of social media accounts, the hacktivists want to draw attention to issues important to them. And the desired media attention is almost certain for the cybercriminals here - just think of the cyberattacks on Sony Pictures, the CIA or the governments of Thailand and the Philippines.
Recommended IT security measures
Ideologically motivated cyberattacks are mainly targeted at websites, social media accounts and applications. Therefore, in addition to implementing a modern, high-performance Incident & Response & Threat Hunting Service, it is essential for companies to have multi-layered protection for all social media accounts in use. A strong web application firewall should also be in place as an additional IT security building block. By continuously analyzing network traffic, anomalous requests, such as those that occur in the course of DDoS attacks, can be quickly identified and cyberthreats can be reliably contained as far as possible.
In 3rd place: The insiders
This type of cybercriminal does not need external access to a network to tap sensitive data or cripple IT systems. Insider attacks are often carried out by the company's own employees. Insiders often have extensive access rights to internal, secret company data, personal information from the HR department or even the ability to manipulate company accounts.
Recommended IT security measures
To prevent cyber threats from insiders, user behavior monitoring must be conducted with extreme rigor. If employees are accessing data that is not even needed for their actual work, this is an alarm signal - just like accesses that occur on weekends or in the middle of the night. The best way to prevent cyber attacks by internal perpetrators is to assign rights in accordance with the least privilege principle. Here, each user account is granted only the exact access rights that are relevant for performing the tasks of the corresponding role. No more and no less. The use of IT security tools that ensure maximum transparency within a network is also advisable. Of course, in addition, all devices on the network should be equipped with a powerful firewall and reliable media control. And let's not forget the danger posed by peripheral devices, such as USB sticks or Bluetooth access. Here, too, the danger from attacks from within can be contained with a strict assignment of rights. Have you already set up a sensible delegation model and ensured sufficient network segmentation, for example? What about your password policy? We show you your gateways for Ransomware & Co. with an Active Directory (AD) Security Check!
In 2nd place: Espionage and political power struggles
Advanced Persistent Threats (ATPs) are cyberattacks that target critical infrastructure and sensitive data. The hallmark of APTs is their duration - often these cyberthreats take place over an extended period of time. Advanced Persistent Threats often target large corporations, government agencies or governments. As a rule, the cybercriminals are well equipped and act in a highly professional manner, which makes the detection of the cyberthreats all the more difficult. Recently, medium-sized businesses have also increasingly become targets of Advanced Persistent Threats, whether due to sensitive company data or misuse as a middleman. Advanced Persistent Threats can cause extreme damage - whether it's IP abuse by intelligence agencies or the cybercriminals relying on zero-day vulnerabilities like EternalBlue.
Recommended IT Security Measures
Advanced Persistent Threats require powerful defenses. The basis for sufficient IT infrastructure security is IT security that specializes in proactive multi-layered incident detection and threat hunting solutions. In terms of basic principle, defense against advanced persistent threats requires similar strategies as the fight against "classic" cyber threats - but supplemented by a security risk assessment that specifically looks for assets in the company that would be attractive to professionally acting cyber criminals. One recommended approach for IT security would be to use frameworks such as MITRE ATT&CK - which lists all the necessary information on the techniques and tactics used by cybercriminals. This provides IT security with valuable starting points for detecting and subsequently combating advanced persistent threats.
In 1st place: Organized cybercriminals
Although advanced persistent threats already pose a challenge to a company's IT security, the greatest cyber threat currently comes from organized cybercriminals. The attackers want neither to spy nor to enforce an ideology - but to make money. A popular means to this end is the use of ransomware. Ransomware refers to a series of malicious programs that can encrypt a computer or even an entire network - and only release the data again upon payment of a ransom. Ransomware is not the only weapon used by organized cybercriminals, however. Cryptojacking is currently very popular. Here, third-party computers are taken over in order to mine cryptocurrencies using their computing power and bandwidth. This type of malware is so cunningly designed that it uses just enough system resources to remain undetected for as long as possible. Also popular is data theft followed by sale - an exceedingly lucrative proposition for cybercriminals.
Whether ransomware, cryptojacking or data theft, the online world offers cybercriminals the optimal "playground" to make a lot of money illegally in a very short time. Digital crime promises high returns with low risk at the same time. Cyber attacks are becoming increasingly sophisticated. This is due not only to the increasingly professional cybercriminals, but also to malware kits offered on the darknet, which in theory could turn any one of us into a hacker. The attackers are not choosy about their victims. Ransomware and the like can now hit anyone - from multinational corporations to government agencies to small businesses. Small and medium-sized enterprises are currently a particularly popular target for attackers. This is because economically interesting and therefore lucrative data and intellectual property meet a small IT security budget. A dangerous situation!
Recommended IT security measures
Ransomware, malware, data theft: organized cybercrime can no longer be stopped with traditional IT security tools. Traditional, signature-based endpoint protection solutions have had their day - because they can no longer counter the sophisticated attack methods of the professionals. Instead, IT security strategies must be adapted and expanded accordingly to put a stop to organized crime. With an Adaptive Security Architecture that not only consists of defense against and detection of cyber threats, but can also anticipate and actively manage attacks, the first foundation stone for reliable IT security has been laid. The goal of all measures in the area of IT security must be to gain executable know-how: cyber threat intelligence. Here, it is not necessarily necessary to expand the company's internal IT security. External, specialized IT security service providers can implement a powerful incident response & threat hunting service in a resource-efficient manner. And thus proactively hunt down cyber threats without driving up a company's staffing structure and thus costs. If abnormal behavior of the IT architecture is detected before or even during the execution of the cyber attacks, infected systems can be isolated quickly - and restored promptly using rollback functions.
Ransomware, data espionage or rowdy script kiddies: Cyber attacks are not only becoming more frequent, but also more professional. Traditional protection solutions are no longer sufficient to counter the new and diverse cyber threats. Instead, comprehensive IT and information security solutions are in demand. Threat intelligence adds the necessary expertise to the damage prevention options, while threat hunters actively go hunting in the networks. Small and medium-sized companies in particular shy away from the often high costs that an in-house IT security team entails. Here, it is worth looking at external service providers who specialize in the fight against cyber attacks of all kinds. Threat hunting teams rely on frameworks such as MITRE ATT&CK and specialized software to not only detect and eliminate network intrusions, but also to predict attacks. Multi-layered Incidence Detection and Threat Hunting solutions can be used to counter the new forms of cybercrime - and the better one's IT security is positioned, the fewer opportunities are offered to attackers.