Cyber attacks are a serious business risk: in 2015, the Malaysian Computer Emergency Response Team reported a staggering 9,915 cases of cyber security attacks. With scam (3,539) and cyber fraud (3,257) being the major contributors, it is vital to better understand the motivations behind these attacks.
The cyber threats organisations face are created by human beings, people who make mistakes and have foibles and weaknesses. At BAE Systems, we think that understanding the threat actors you face is the cornerstone of a strong business defence. These are the Unusual Suspects.
Whatever their cause, it’s a burning one – and the Activist takes their political, religious or social cause outside the rule of law and on to the Internet. The Activist targets adversaries with data theft, reputational damage and the defacement of web sites and social media accounts.
The Activist’s tactics can be crude and impulsive – but they’re also often singularly effective. They may also be a smokescreen for other activities and threat actors.
They’re too young to go to jail – and know that, even if they’re caught, they’ll get away with little more than a slap on the wrist for their actions.
Often blessed with merely basic hacking skills, the Getaway is curious, keen to learn, and also keen to impress peers or more senior cybercriminals. They may not understand the consequences or illegality of their actions.
The most difficult Suspect to counteract, the Insider might be a disgruntled or negligent employee, a commercial spy, victim of coercion or even a well-meaning innocent.
Their position inside the castle walls enables them to bypass security controls with ease, copying data onto USB drives, giving away passwords or even installing malware deliberately. Regardless, the Insider leaves a swath of destruction in their wake.
The Mule is a casual criminal or naive opportunist who makes up the final link in the cyber crime chain.
They’re the most vulnerable to arrest, as they turn the proceeds of Internet-based criminal activity into cold, hard, untraceable cash. That might involve selling goods bought with stolen credit card details, or turning funds transferred into their personal bank account into wire service cash.
The Nation State Actor
They’ve a ‘Licence to Hack’ - and they often work for a business bankrolled by, or connected opaquely to, those in power. The Nation State Actor rarely acknowledges their actions and often goes to great lengths to cover their tracks, while other Suspects loudly claim recognition for their labours.
Their tactics, tools and activities often represent the state of the art in cyber attacks, so are often mimicked or stolen by other Suspects.
They work at what looks like a legitimate ‘9 to 5’ job – but it’s anything other than law abiding. The Professional has built a career out of committing or supporting cyber crime, and is highly risk-averse.
They may run a botnet, maintain an organised crime supply chain, or sell cyber crime tools to others. In the process they will have built a criminal network of consultants, contacts and specialists.
What’s needed now, more than ever, is business defence
BAE Systems can defend your business against these new cyber threats. We take a different approach. We handle information security using the same techniques, analytics and intelligence we pioneered to defend nations. Our revolutionary approach brings military-class security to the protection of corporate assets. We call it business defence. Learn more.