When planning defensive cyber operations or anticipating a cyber threat, by understanding your adversary you can better align your cyber defenses.

#3: Criminal Hacking Organizations

Criminal hackers are your everyday cyber criminals that target vulnerable computers to launch cyber attacks. These cyber attacks can potentially deny, degrade, disrupt, or destroy information and information systems. Criminal hacking organizations like DarkSide were responsible for the recent ransomware attack that led to gas shortages in parts of America. With money being the prime motivator for criminal hacking organizations, ransomware attacks have become so widespread that the Department of Justice recently established a Ransomware Task Force. The adoption of cryptocurrency allows these criminal organizations to anonymously pay its members and fund future cyber attacks. As criminal hackers successfully breach the security of companies around the world, they sometimes bring to light the security culture of their victims.

Criminal hacking organizations, while dangerous, are sometimes a necessary evil. Criminal hackers publicly reveal organizations are not properly securing our data or updating their systems. They can also scare business to invest more in cyber security awareness training. While most cyber criminals use known exploits that target computers with missing software patches, the frequency of cyber attacks is causing a global panic.

#2: Nation State-Sponsored Hackers

Unlike criminal hackers that are motivated by money, nation state-sponsored hackers have a political agenda. Nation state-sponsored hackers are especially dangerous because of their interest in national security. These types of hackers are financially supported by their governments and have access to advanced cyber capabilities, including zero-day vulnerabilities. A zero-day vulnerability is a software flaw that was either discovered without notice to its vendor or the vulnerability is so new that its security patch hasn’t been developed. This allows hackers time to wildly exploit vulnerable systems until a security patch is released. Zero-day vulnerabilities can be purchased on the dark web and can cost up to millions of dollars.

Nation state-sponsored hackers are skilled in launching sophisticated cyber attacks involving multiple zero-day vulnerabilities. They sometimes will test their zero-day exploits on small businesses and even small countries. Nation state-sponsored hackers receive industry-leading training in computer hacking and they share their collected information with their government intelligence agencies. Because of their politically-driven agenda, their targets generally include governments, militaries, and large corporations. Nation state-sponsored hackers can potentially commit cyber crimes that support government espionage, and their governments can deny any involvement with the cyber attack.

# 1: Hacktivists

Hacktivists are criminal hacking organizations with a deep connection to a social or political ideology. This criminal organization operates similarly to terrorist organizations and are not bound by geographical limits. Hacktivist organizations have a strong rooted belief in their cause and they grow support through the dark web and sometimes through social media. Hacktivist organizations generally conduct campaigns around large public gatherings such as Super Bowls or World Cups. In 2018, the Olympic Committee spent over three years conducting over 20 rehearsals in preparation for imminent cyber attacks from hacktivist groups. Despite the years of preparation, hacktivists were able to take down the Olympic Committee’s official website, wireless networks, and television services as soon as the opening ceremony commenced.

Hacktivists specialize in deploying botnets with data flows large enough to take down most public networks. Supporters voluntarily infect their personal computers with malware that allows it to join the hacktivist organization’s botnet army. A botnet is a group of infected computers that can be controlled all at once. Botnets controlled by hacktivists cause disruptions that are difficult to defend against because their attacks comes from multiple regions and contain hundreds of thousands of computers, all aiming at a single target. Because of their unique ability to crowdsource support, hacktivist organizations can grow their strength in numbers large enough to be considered the most dangerous group of cyber criminals.

Conclusion

Everyday criminal hackers will continue to be motivated by money. We recently witnessed a small group of hackers earn over $250k in five days from a small-scaled ransomware attack. This motive fuels the booming ransomware-as-a-service industry, resulting in sophisticated cyber attacks to be developed by or sold to our adversaries. Governments and world leaders can be targeted by hackers to either gain a political advantage or to fulfill a moral obligation.