🔒

Understanding Threat Actors in Cybersecurity

May 25, 2025

Lecture on Threat Actors

Definition of a Threat Actor

  • Threat Actor: Entity that causes events affecting the security of others.
  • Often referred to as "malicious actors" due to negative impact on security.

Importance of Identifying Threat Actors

  • Useful in understanding the attack and its motivations.
  • Helps in strategizing defenses.

Characteristics of Threat Actors:

  1. Origin:
    • Can be internal (within the organization) or external.
    • External actors might use public resources to gain access.
  2. Resources and Financial Funding:
    • Varies from limited to extensive.
    • Financial resources influence attack capabilities.
  3. Level of Sophistication:
    • Ranges from unskilled (script kiddies) to highly skilled developers.

Motivations Behind Attacks

  • Data exfiltration, espionage, service disruption, political or philosophical reasons.

Types of Threat Actors

1. Nation-State Actors

  • Often a government or an arm of it, driven by national security.
  • Motivations: Data exfiltration, political/philosophical reasons, service disruption.
  • Resources: Enormous, with constant attack capabilities.
  • Known for Advanced Persistent Threats (APTs).

2. Unskilled Attackers

  • Use scripts without understanding underlying mechanisms.
  • Motivated by the attack itself, with limited resources and sophistication.

3. Hacktivists

  • Motivated by political or philosophical reasons.
  • Often external, but can become internal threats.
  • Generally tech-savvy but with limited funds.

4. Insider Threats

  • Internal actors exploiting existing resources.
  • Motivated by revenge or financial gain.
  • Medium sophistication, knowledge of internal systems.

5. Organized Crime

  • Profit-driven with significant resources.
  • Corporate structure for managing and executing attacks.
  • Involved in activities like ransomware.

6. Shadow IT

  • Internal groups bypassing IT department policies.
  • Use their own budgets for cloud services.
  • Limited technical background, high organizational risk.

Summary Table

  • External Actors: Nation-State, Unskilled, Hacktivist, Organized Crime.
  • Internal Actors: Insider Threat, Shadow IT.
  • Resource Availability:
    • High: Nation-State, Organized Crime
    • Low: Unskilled, Shadow IT
  • Level of Sophistication:
    • High: Nation-State, Organized Crime
    • Low: Unskilled, Shadow IT
  • Varying Motivations: Disruption, revenge, profit, political/philosophical reasons.

Conclusion

  • Understanding threat actors and their motivations aids in enhancing security measures and preventing access.

Full transcript