Show
The threat landscape is growing every day. It’s not just organizations like businesses that need to be concerned about the increasing sophistication of attacks aimed at their network; everyday home users should be worried about these as well, because the threat landscape isn’t going to leave your home computer alone. A component of the landscape you’ll hear often is the “threat actor.” This is anyone who has the potential to impact your security. The phrase ‘threat actor’ is commonly used in cybersecurity. To be more specific in the cybersecurity sphere, a threat actor is anyone who is either is a key driver of, or participates in, a malicious action that targets an organization’s IT security. But personal PCs and Macs are as susceptible to cyberthreats as an organization’s IT infrastructure. A threat actor can be a single person carrying out a security incident, as well as a group, an organization, or even a country involved in carrying out a cyberattack. Types of threat actorsCybercriminal: This is the most common type of threat actor. Their attacks are intended to steal data and make that data inaccessible to them until they pay a hefty ransom, or just disrupt an organization’s key processes. Working alone or in a group, money is their primary motivation. Their attack arsenal is made up of phishing attacks, ransomware, malware and other tactics and techniques. Insider threats: This usually in reference to a business situation , when an employee, third-party contractor, or partner wants to get at organizational data and/or compromise key processes. They sometimes maliciously and intentionally damage an organization’s cybersecurity infrastructure, sometimes this is unintentional. For example, a staff member might fall prey to a phishing attack and share sensitive company credentials that they shouldn’t be sharing. Can you have an “insider threat” at home? Sure. Your kids might unintentionally visit a website they shouldn’t and download some malware. Not every insider threat is motivated by greed or revenge. Nation states: There are countries out there who target institutions in other countries to steal data, either to disrupt their security, impede some governmental function, or damage the economy, for example. They might seek access to military secrets, try to commit acts of espionage, or more. There are also “hacktivists” who are not primarily motivated by money but rather by a need to publicize an organization’s misdeeds, or to be a part of a political or social movement. Terrorist organizations are also a type of threat actor when they indulge in cyber terrorism for propaganda and for political, ideological, and financial purposes. Why should you care?When we talk about threat actors, it’s often focused on businesses, but the fact remains home users like yourself are the target. Malicious actors are continuously looking for ways and means to infiltrate an organization’s network. You and your computer can be the conduit they can use. A threat actor might look at various ways to target the organization you are working for. They send a phishing message your way and trick you into sharing sensitive credentials through a cleverly worded message. Suddenly you’ve become a threat actor, though unintentionally. Awareness about the various types of threat actors and how they go about their dirty business enables you to take proactive steps to not fall into their traps. Protection against threat actorsMaintaining strict cyber hygiene is the low hanging protection fruit. Still, alone it’s not enough. Use an advanced antivirus solution to protect your home computer to safeguard all data on this computer and protect your computer from attacks launched by threat actors. Sophos Home aligns cutting-edge artificial intelligence malware detection, unbeatable exploit prevention, and advanced ransomware protection to keep known and unknown threats at bay. What are you waiting for? Let's get started!In addition to cybercrime, cyberattacks can also be associated with cyber warfare or cyberterrorism, like hacktivists. Motivations can vary, in other words. And in these motivations, there are three main categories: criminal, political and personal. Criminally motivated attackers seek financial gain through money theft, data theft or business disruption. Likewise, the personally motivated, such as disgruntled current or former employees, will take money, data or a mere chance to disrupt a company's system. However, they primarily seek retribution. Socio-political motivated attackers seek attention for their causes. As a result, they make their attacks known to the public—also known as hacktivism. Other cyberattack motivations include espionage, spying—to gain an unfair advantage over competitors—and intellectual challenge. Discover the Cost of a Data Breach Report and explore ways to help mitigate riskWho is behind cyberattacks?Criminal organizations, state actors and private persons can launch cyberattacks against enterprises. One way to classify cyberattack risks is by outsider versus insider threats. Outsider threatsExternal cyber threats include:
Insider threatsInsider threats are users who have authorized and legitimate access to a company's assets and abuse them either deliberately or accidentally. They include:
What do cyberattackers target? Cyberattacks happen because organizations, state actors or private persons want one or many things, like:
What are common types of cyberattacks?In the current, connected digital landscape, cybercriminals use sophisticated tools to launch cyberattacks against enterprises. Their attack targets include personal computers, computer networks, IT infrastructure and IT systems. And some common types of cyberattacks are: Backdoor TrojanA backdoor Trojan creates a backdoor vulnerability in the victim's system, allowing the attacker to gain remote, and almost total, control. Frequently used to link up a group of victims' computers into a botnet or zombie network, attackers can use the Trojan for other cybercrimes. Cross-site scripting (XSS) attackXSS attacks insert malicious code into a legitimate website or application script to get a user's information, often using third-party web resources. Attackers frequently use JavaScript for XSS attacks, but Microsoft VCScript, ActiveX and Adobe Flash can be used, too. Denial-of-service (DoS)
DoS and Distributed denial-of-service (DDoS) attacks flood a system's resources, overwhelming them and preventing responses to service requests, which reduces the system's ability to perform. Often, this attack is a setup for another attack. DNS tunnelingCybercriminals use DNS tunneling, a transactional protocol, to exchange application data, like extract data silently or
establish a communication channel with an unknown server, such as a command and control (C&C) exchange. MalwareMalware is malicious software that can render infected systems inoperable. Most malware variants destroy data by deleting or wiping files critical to the operating system's ability to run. PhishingPhishing scams attempt to steal users' credentials or sensitive data like credit card numbers. In this case, scammers send users emails or text messages designed to look as though they're coming from a legitimate source, using fake hyperlinks. RansomwareRansomware is sophisticated malware that takes advantage of system weaknesses, using strong encryption to hold data or system functionality hostage. Cybercriminals use ransomware to demand payment in exchange for releasing the system. A recent development with ransomware is the add-on of extortion tactics. SQL injectionStructured Query Language (SQL) injection attacks embed malicious code in vulnerable applications, yielding backend database query results and performing commands or similar actions that the user didn't request. Zero-day exploitZero-day exploit attacks take advantage of unknown hardware and software weaknesses. These vulnerabilities can exist for days, months or years before developers learn about the flaws. What can cyberattacks do?If successful, cyberattacks can damage enterprises. They can cause valuable downtime, data loss or manipulation, and money loss through ransoms. Further, downtime can lead to major service interruptions and financial losses. For example:
As an illustration, DarkSide, a ransomware gang, attacked Colonial Pipeline, a large US refined products pipeline system, on April 29, 2021. Through a virtual private network (VPN) and a compromised password (link resides outside of ibm.com), this pipeline cyberattack gained entry into the company's networks and disrupted pipeline operations. In effect, DarkSide shut down the pipeline that carries 45% of the gas, diesel and jet fuel supplied to the US east coast. They soon followed their shutdown with a ransom note, demanding almost USD 5 million in Bitcoin cryptocurrency, which Colonial Pipeline's CEO paid (link resides outside of ibm.com). After all, Colonial Pipeline hired a third-party cybersecurity firm and informed federal agencies and US law enforcement. USD 2.3 million of the ransom paid was recovered. How cyberattacks can be reducedOrganizations can reduce cyberattacks with an effective cybersecurity system. Cybersecurity is the practice of protecting critical systems and sensitive information from digital attacks, involving technology, people and processes. An effective cybersecurity system prevents, detects and reports cyberattacks using key cybersecurity technologies and best practices, including:
Prevent cyberattacksA threat management strategy identifies and protects an organization's most important
assets and resources, including physical security controls for developing and implementing appropriate safeguards and protecting critical infrastructure. Detect cyberattacksThe threat management system provides measures that alert an organization to cyberattacks through continuous security monitoring and early detection processes. Report cyberattacksThis process involves ensuring an appropriate response to cyberattacks and other cybersecurity events. Categories include response planning, communications, analysis, mitigation and improvements. Related solutionsCybersecurity solutionsTransform your security program with the largest enterprise security provider. Threat management servicesGet an intelligent, integrated unified threat management approach to help you detect advanced threats, quickly respond with accuracy, and recover from disruptions. Data security solutionsWhether on-premises or in hybrid cloud environments, data security solutions help you gain greater visibility and insights to investigate and remediate threats while enforcing real-time controls and compliance. Security information and event management (SIEM)SIEM solutions centralize visibility to detect, investigate and respond to your most critical organization-wide cybersecurity threats. Zero trust solutionsA zero trust approach aims to wrap security around every user, every device, every connection, every time. IBM Cloud Pak® for SecurityGain insights into threats and risks and respond faster with automation. Explore the integrated security platform. Flash storage solutionsSimplify data and infrastructure management with the unified IBM FlashSystem® platform family, which streamlines administration and operational complexity across on-premises, hybrid cloud, virtualized and containerized environments. ResourcesWhat type of attack occurs when the threat actor snoops and intercepts the digital data transmitted by the computer and resends that data impersonating the user?T/F A replay attack occurs when an attacker intercepts user data and tries to use this information later to impersonate the user to obtain unauthorized access to resources on a network.
Which threat actors violate computer security for personal gain?Threat actors who violate computer security for personal gain or to inflict malicious damage. Also known as ethical attackers, a class of hackers that probe a system with an organization's permission for weaknesses and then privately provide that information to the organization.
Which category of cybersecurity vulnerability is exploited by attackers before anyone else knows about it?The term “zero-day” refers to a newly discovered software vulnerability and the fact that developers have zero days to fix the problem because it has been — and has the potential to be — exploited by hackers.
What is a variation of a common social engineering attack targeting a specific user?Spear phishing – phishing attacks that target specific organizations or individuals.
|