15 Jun, 2020

Understanding 5 Threat Actors And 7 Threat Actions

by nVisium

Actors and their actions are not always a function of Hollywood movies. If you use the Oscars as a measurement of public taste, then Hollywood seems to reward the villains more often than not. While you may have loved the Joker or even Hannibal Letcher, the threat actors and actions that impact corporations daily are as far from award winning as they come.

Actors commit cybercrimes

Put most simply, threat actors are the way that CISOS and the security community classify the “bad guys” of the IT security game. Stated more formally according to the Center for Internet Security a threat actor is:

“A Cyber Threat Actor (CTA) is a participant (person or group) in an action or process that is characterized by malice or hostile action (intending harm) using computers, devices, systems, or networks.  CTAs are classified into one of five groups based on their motivations and affiliations.

  1. Cybercriminals are largely profit-driven and represent a long-term, global, and common threat. They target data to sell, hold for ransom, or otherwise exploit for monetary gain.
  2. Nation-State actors aggressively target and gain persistent access to public and private sector networks to compromise, steal, change, or destroy information.
  3. Hactivists (a.k.a. Ideologically-Motivated Criminal Hackers) are politically, socially, or ideologically motivated and target victims for publicity or to effect change, which can result in high profile operations.
  4. Terrorist Organizations are designated by the U.S. Department of State. Their limited offensive cyber activity is typically disruptive or harassing in nature.
  5. Insiders are current or former employees, contractors, or other partners who have access to an organization's networks, systems, or data. Malicious insiders intentionally exceed or misuse their access in a manner that negatively affects the confidentiality, integrity, or availability of the organization's information or information systems”
You can breakdown the threat actors by internal versus external and while the common thinking is that internal actors can have a bigger impact. The 2020 Data Breach Investigations Report (2020 DBIR) from Verizon reported that 70% of breaches were caused by outsiders and only 30% by insiders. So now this begs the question of what are they doing that is causing harm?

actions exploit vulnerabilities

The 2020 DBIR reported that “86% of breaches were financially motivated” and “43% of breaches were attacks on web applications, more than double the results from last year.” It is pretty common knowledge that threat actions can be classified into 7 categories:

  1. Malware: is any program or file that is harmful to a computer user. Types of malware can include computer viruses, worms, Trojan horses and spyware.
  2. Hacking: refers to activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks.
  3. Social: is the psychological manipulation of people into performing actions or divulging confidential information.
  4. Misuse: is defined as the use of valid and trusted corporate resources or credentials for any purpose or manner other than that which was intended.
  5. Physical: In addition to natural disasters such as earthquakes, floods and fires this category encompass deliberate threats that involve proximity, possession, or force.
  6. Error: broadly encompasses anything done (or left undone) incorrectly or inadvertently including omissions, misconfigurations, programming errors, trips and spills, malfunctions, etc.
  7. Environmental: includes natural events such as earthquakes and floods, but also hazards associated with the immediate environment or infrastructure in which assets are located.

Of this list, one category stands out for special consideration. Specifically, the 2020 DBIR reported:

“Errors definitely win the award for best supporting action this year. They are now equally as common as Social breaches and more common than Malware, and are truly ubiquitous across all industries. Only Hacking remains higher, and that is due to credential theft and use.”

In other words, finding and eliminating those errors before they cause problems will reduce or even eliminate breaches. Ensure your developers know the latest techniques for each language and environment is the best way to handle this.

coding around threat actors and actions

nVisium empowers organizations to eliminate application and cloud security vulnerabilities before cyber threats exploit them with proven in-depth security assessments, remediation and training programs. Our experienced team of security-savvy developers and engineers guide organizations to build best practices with high ROI into their engineering and development lifecycles across applications, operating systems, networks, mobile, cloud and IoT through services, software solutions and R&D unique to business operations and compliance initiatives. Additionally, nVisium provides a fully managed platform for tracking and measuring performance as well as instructor-led and online training.

The good news is that you can actually protect your organization from threat actors and actions with strong coding best practices that accommodates DevSecOPs combined with security assessments to test the vulnerability of your applications, Internet of Things (IoT), networks, mobile and cloud.   Schedule a demo today.

devsecops threat action threat actor

You might also like:

Get Security Assessment Tips Delivered to your inbox