Threat Actors
Which threat actors are attacking is one of the fundamental questions that incident response attempts to answer when an attack is occurring. In order to answer this question, there are certain threat actors that we should know about. These include script kiddies, hacktivists, cyber criminals, nation state actors, and insider threats. The threats involved include defacement of websites, ransomware, DDoS attacks, and many others.
Script Kiddies
Script kiddies go more for bragging rights than anything and can use scripts that someone else has written. They are typically less sophisticated and have a low monetary value. An example would be a teenager that starts a DDoS attack using free tools or pre-existing scripts. Script kiddies are often low paid and are doing it for respect or bragging rights in the hacker subculture.
Hacktivists
These threat actors are more politically motivated and might do it for social or ideological reasons. The hacktivists are somewhat skilled but will more likely expose corruption, protest or make a political statement. Hacktivists could do something like website defacement or leak corporate data to the public.
Cybercriminals
These threat actors are more in it for the money with direct financial gain in mind. They may attack more illegally and tie themselves to organized crime. This could be something more like ransomware or phishing campaigns to get credit card information. There are also attacks that include individuals that turn to hacking for financial gain.
Nation State Actors
The Nation State Actors are usually the most well-funded. They may attack other groups or organizations and attack more for espionage or geopolitical reasons. These are highly structured and government-backed groups. There are some nation states that get a good portion of their government funds by sponsoring hacking groups like North Korea.
Insider Threats
Insider Threats are where the attack comes from within a group or organization. These are more rooted in sabotage or revenge. The insider threats could be current or disgruntled employees or contractors that have more data about the company network and may use this knowledge for personal gain.
Conclusion
While threat actors are out there, knowing which way they are attacking is something that will remain a question for incident response. The threat actors seem to evolve just like the technology that they are using evolves. These threats can be mitigated and the knowledge of them should help you in your IT journey. With threat actors, you can study them by using the MITRE ATT&CK framework. Study well and be a lifelong learner.