Security professionals must defend their organizations against many different kinds of threats. In this video, Mike Chapple explains the differences between script kiddies, hacktivists, organized crime, and advanced persistent threats, as well as the motivations of different attackers.
- [Instructor] Security professionals must defend their organizations against many different kinds of threats. As you progress through a career in cybersecurity, you will likely encounter different types of attackers with different resources and different motivations. Let's look at some of the ways that attackers might differ. First, attacks may come from either internal or external sources. When we think of cybersecurity adversaries, our minds often first turn to external attackers, but internal attackers may pose even greater risks given their level of legitimate access to resources.
I'll talk more about the insider threat in the next video. Attackers also differ in their level of sophistication, access to resources, motivation, and intent. Attackers range all the way from a fairly unskilled lone wolf attacker, whose out for the thrill of breaking into systems, all the way to secretive government agencies with access to almost unlimited human and financial resources. Script kiddies are the least sophisticated threat.
Script kiddies are typically lone individuals who are simply hacking to see if they can break into systems. They're called script kiddies because they often lack the technical skills to develop their own exploits and simply run scripts created by other, more sophisticated hackers. Script kiddies are easily defeated by basic security controls, such as regular patching, endpoint security software, firewalls, and intrusion prevention systems. Hacktivists may fall anywhere on the sophistication range.
They might be no more talented than a script kiddie, or they might possess advanced technical skills. Hacktivists are distinguished from other hackers based upon their motivation. The name hacktivist comes from a combination of the words hacker and activist, and these individuals are seeking to use their hacking skills to advance a political or social agenda. Organized crime is also believed to have ties to the world of cyber crime. Organized crime groups are believed to be behind some ransomware attacks and other types of cyber extortion.
They may possess advanced technical skills and then use them primarily for financial gain. Corporate espionage is also a motivation for attackers. Competitors may target a business seeking to obtain proprietary information that would give them a business advantage. This type of corporate espionage isn't limited to the business world either. For example, the St. Louis Cardinals baseball team was severely punished in 2017 for conducting a hacking attack against the Houston Astros in an effort by a former scouting director to steal crucial player scouting information.
Nation-states are among the most advanced attackers, often sponsoring advanced persistent threat, or APT groups, consisting of hundreds or thousands of highly skilled and well funded individuals. APT groups often are military units or have military training. They employ extremely advanced tools and are very difficult to detect. Some people believe that APT hackers only target other governments, but this is not true.
While governments certainly do target each other's cybersecurity defenses, they also go after civilian targets that may possess information or control resources that are valuable to advancing that government's interests. For example, it 2010, hackers believed to be sponsored by the Chinese government targeted Google and other major U.S. internet companies in an attempt to steal sensitive personal information about the customers of those services. As you prepare for the exam, you should understand the nature of each of these types of attackers.
Understanding the motivation of your adversary is critical to successfully defending against their attacks.
- Comparing viruses, worms, and Trojans
- Backdoors and logic bombs
- Understanding the attacker
- Attack types: from denial of service to brute force attacks
- Preventing insider threats
- Wireless attacks
- Understanding cross-site scripting
- Preventing SQL injection
- Social engineering
- Scanning for vulnerabilities
- Penetration testing
- Assessing the impact of vulnerabilities