From the course: CompTIA Security+ (SY0-601) Cert Prep: 1 Threats, Attacks, and Vulnerabilities
Cybersecurity adversaries
From the course: CompTIA Security+ (SY0-601) Cert Prep: 1 Threats, Attacks, and Vulnerabilities
Cybersecurity adversaries
- [Instructor] Security professionals need to defend their organizations against many different kinds of threat. As you progress through a career in cyber security, you will likely encounter different types of attackers with different resources and motivations. Let's look at some of the ways that they differ. First, attacks may come from either internal or external sources. When we think of cybersecurity adversaries, our minds often first turn to external attackers, but internal attackers may pose even greater risks, given their level of legitimate access to systems and resources. We'll talk more about the insider threat in the next video. Attackers also differ in their level of sophistication, access to resources, motivation and intent. Attackers range all the way from a fairly unskilled lone wolf attacker who's out for the thrill of breaking into systems to secretive government agencies with access to almost unlimited human and financial resources. Script kiddies are the least sophisticated threat. They're typically lone individuals who are simply hacking to see if they can break into systems. They're called script kiddies because they often lack the technical skills to develop their own exploits and simply run scripts created by other more sophisticated attackers. Script kiddies are easily defeated with basic security controls, such as regular patching, endpoint security software, firewalls and intrusion prevention systems. Hacktivists may fall anywhere on the sophistication range. They might be no more talented than a script kiddy, or they might possess advanced technical skills. Hacktivists are distinguished from other attackers based upon their motivation. The name hacktivist comes from a combination of the words hacker and activist. And these individuals are seeking to use their hacking skills to advance a political or social agenda. Organized crime is also believed to have ties to the world of cyber crime. Criminal syndicates are believed to be behind some ransomware attacks and other forms of cyber extortion. They may possess advanced technical skills and they use them primarily for financial gain. Corporate espionage is also a motivation for some attackers. Competitors may target a business seeking to obtain proprietary information that would give them a business advantage. This type of corporate espionage isn't limited to the business world either. For example, the St. Louis Cardinals baseball team was severely punished in 2017 for conducting a hacking attack against the Houston Astros in an effort by a former scouting director to steal crucial player scouting information. Nation-states are among the most advanced attackers, often sponsoring advanced persistent threat, or APT groups, consisting of hundreds, or even thousands of highly skilled and well-funded attackers. APT groups are often military units or have some military training. These state actors employ extremely advanced tools and are very difficult to detect. Some people believe that APT attackers only target other governments, but that's not true. While governments certainly do target each other's cyber security defenses, they also go after civilian targets that may possess information or control resources that are valuable to advancing their national interests. For example, in 2010, hackers believed to be sponsored by the Chinese government targeted Google and other major US internet companies in an attempt to steal sensitive personal information about the customers of those services. We often refer to hackers using a system of hack colors that's derived from old cowboy movies where the good guys wore white hats, and the bad guys were black hats. In this scheme, we have three groups, white hat hackers are those who work with the full permission of the target, and have the motivation of finding security flaws that can then be fixed. Black hat hackers are those who do not have permission to hack and do so with malicious intent. Gray hat hackers fit somewhere in the middle. They don't have permission and their activity is usually illegal, but they hack with the motivation of helping their victims improve security. It's important to recognize that this is not legal, and gray hat hacking is frowned upon by both security professionals and law enforcement. As you prepare for the exam, you should understand the nature of each of these types of attackers. Understanding the motivation of your adversary is critical to successfully defending against their attacks.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.