Cybersecurity adversaries

- [Lecturer] Security professionals must defend their organizations against many different types of threat. As you progress through a career in cybersecurity, you will likely encounter different types of attackers with different resources and motivations. Let's take a look at some of the ways that they differ. First, attacks can come from either internal or external sources. When we think of cybersecurity adversaries, our minds often first turn to external attackers, but internal attackers may pose even greater risks given their level of legitimate access to resources. I'll talk more about the insider threat later in this course. Attackers also differ in their level of sophistication, access to resources, motivation, and intent. They range all the way from a fairly unskilled lone wolf attacker who's out for the thrill of breaking into systems, to secretive government agencies with access to almost unlimited human and financial resources. Unskilled attackers are the least sophisticated threat. They're typically lone individuals who are simply hacking to see if they can break into systems. They're sometimes called script kitties because they often lack the technical skills to develop their own exploits and just run scripts created by other more sophisticated hackers. Unskilled attackers are easily defeated by basic security controls, such as regular patching, endpoint security software, firewalls, and intrusion prevention systems. Hacktivists may fall anywhere on the sophistication range. They might be no more talented than an unskilled attacker, or they might possess advanced technical skills. Hacktivists are distinguished from other hackers based on their motivation. The name hacktivist comes from a combination of the words hacker and activist, and these individuals are trying to use their hacking skills to advance a political or social agenda. Organized crime also has ties to the world of cybercrime. Criminal syndicates are believed to be behind some ransomware attacks and other forms of cyber extortion. They may possess advanced technical skills and then use them primarily for financial gain. Corporate espionage is also a motivation for attackers. Competitors may target a business seeking to obtain proprietary information that would give them a business advantage. This type of corporate espionage isn't limited to the business world either. For example, the St. Louis Cardinals baseball team was severely punished in 2017 for conducting a hacking attack against the Houston Astros in an effort by former scouting directors to steal crucial player scouting information. Nation-states are among the most advanced attackers, often sponsoring advanced persistent threat or APT groups consisting of hundreds or thousands of highly skilled and well-funded individuals. APT groups are often military units or have military training. These state actors employ extremely advanced tools and can be very difficult to detect. Some people believe that APT hackers only target other governments, but that's not true. While governments certainly do target each other's cybersecurity defenses, they also go after civilian targets that may possess information or control resources that are valuable to advancing their interests. For example, in 2023, hackers believed to be sponsored by the Chinese government targeted major US infrastructure companies in an attempt to prepare for future cyber attacks. Cybersecurity professionals commonly referred to hackers using a system of hack colors that's derived from old cowboy movies where the good guys wore white hats and the bad guys wore black hats. Nowadays, some people find these terms insensitive and prefer not to use them, but you do still hear them quite a bit, so I'm going to share both the old and new terms with you. White hat hackers, now called authorized attackers, are those who work with the full permission of the target company and have the motivation of finding security flaws that they can fix. Black hat hackers, now called unauthorized attackers, or those who don't have permission to hack and do so with malicious intent. Grey hat hackers or semi-authorized attackers fits somewhere in the middle. They don't have permission and their activity is usually illegal, but they're hacking with the motivation of helping their victims improve their security. It's important to recognize that this is not legal, and grey hat hacking is frowned upon by both security professionals and law enforcement. As you prepare for the exam, you should understand the nature of each of these types of attackers. Understanding the motivation of your adversary is critical to successfully defending against their attacks.