Who are the cyber attackers?
23rd January 2019
With the global growth of cyber crime continuing into 2019, high-profile cyber attacks continue to be reported daily. Who are the cyber attackers and what motivates them to perform illegal and such potentially damaging activities?
Unknown and anonymous
Press reports in the business news tend to focus on the scale of the commercial impact of well know companies and product brands. The IT media revels in the technology of new exploits and attack strategies. With a few exceptions, the cyber attacker tends to remain unknown and anonymous.
Categories of hackers
- Cyber criminals – both individuals and organisations
- Nation states – engaged in cyber war and espionage
- Companies – competitive disruption and theft of intellectual property
- Hackivists – political and terrorist organisations
- Employees of companies – malicious, manipulated or by accident
- Hobby hackers – it’s just for fun
Just for profit
The ‘low-risk-high-return’ nature of cyber crime has attracted existing criminal organisations and nurtured the growth of a new generation of highly qualified entrepreneurial hackers. Independent research in 2017 by Bromium, confirmed that new criminality platforms and a booming cyber crime economy have resulted in $1.5 trillion in illicit profits being acquired, laundered, spent and reinvested by cyber criminals. Much of this activity has links to drug production, human trafficking and terrorism. The research also points to the emergence of platform criminality, mirroring the platform service model currently used by companies like Uber and Amazon.
Low-cost cyber crime services
Many cyber attacks are executed by inexperienced criminals who purchase specialist products and services from third party suppliers operating on the Dark Web. The availability of low-cost software tools and services is a key factor in the explosive growth in the number and success rate of current cyber exploits. They have also been shown to lower the ‘cyber crime entry threshold’ by simplifying the process, reducing the cost and making detection even more difficult.
State-sponsored cyber attack
The nature of warfare has shifted from physical to online and has produced a deluge of state-sponsored cyber assaults on countries throughout the world. It is widely agreed that Russia is one of the most accomplished nations in the world in its ability to perform state-sponsored attacks, disinformation and espionage. China, North Korea and Iran are also known to have dedicated cyber arsenals that are of an increasing threat to the West. The NCSC press release -20 Dec 2018 confirmed that UK government and its allies are holding responsible elements of the Chinese government for an extensive cyber campaign against large-scale service providers and integrators.
Despite considerable investment in technology and training, global law enforcement agencies remain under-resourced to cope with the investigation of cyber crime. Perpetrators are elusive, and arrests are rare. Stolen goods are immaterial volatile assets, such as data, cryptocurrency and personal information. Cyber crime straddles borders and legal jurisdictions, with the victim and criminal often residing in different countries, and only communicating through encrypted messages and bitcoin transactions.
Stephen Kavanagh, Chair UK Digital Policing Board at the National Chief Police Council, commented, “Unless we start moving at pace, it could become a crisis. Four years ago, I heard a chief constable say they didn’t have a digital crime problem. I don’t think there’s a chief constable in the country now who doesn’t recognise the scale of the issue now.”
Understand motive and start to win the cyber war
Police investigators will always try to identify the motive of a cyber criminal. This helps them both detect and prevent cyber crimes in the future. Understanding the reason behind your adversary’s action will help you plan, manage and implement more effective cyber security measures.
I recommend that all IT and security managers ask the following questions:
Financial: Can the cyber criminal make money directly (via an attack) or indirectly (by selling malware or ransomware as a service)? Are there competitors who may want to destabilise your company?
Ideological: Your adversary may want to harm your reputation, deny services to your customers, or sabotage your systems to further their propaganda. Are you aware of individuals, organisations or frustrated employees that could pose a cyber risk?
Political: Can the adversary benefit from knowing your next move or most intimate secrets as an organisation? Do you claim that you have impenetrable cyber defences? If so, you might be motivating an attacker to find a way to break through it.
Employees: Do you have effective security policies and staff awareness training in place? Do you carefully manage the access and permissions to access confidential information?
The Wizard Cyber security review provides an independent and in-depth assessment of the ability of an organisation to protect its information assets from the impact of cyber threats. The cyber security review aims to establish and validate the effectiveness of cyber security measures. It also identifies vulnerabilities in an IT system and matches them to potential internal and external cyber threats.