At Data Center World, Devon Ackerman, managing director of cybersecurity and investigations at the corporate investigation and risk consulting firm Kroll, gave a talk on Cyber Threats and Trends, State of the Hack. He identified five tiers, or types of bad actors, that cause IT security professionals grief. Ackerman should know what he's talking about. Before teaming up with Kroll, he spent years fighting cyber crime with the FBI.
1. Hacktivists: These are the guys and gals normally associated with the moniker Anonymous and Guy Fawkes masks. Although a lot of these folks are something of whizzes when it come to hacking and cracking, Ackerman pointed out that in recent times they've been adding to their bag of tricks by learning from nation state actors (see below).
Mostly the hacktivists are motivated by a degree of save-the-world activism -- plus they like to thumb their noses at the establishment to tell them "your security sucks."
2. Espionage: This is the the stealing of secrets, whether those secrets be held by governments or corporations. Oddly, often the spying done on corporations is done by governments, trying to help native grown businesses gain an upper hand.
3. Organized Crime Groups: These days, criminals trying to make a dishonest buck in the cyberworld, have been getting back to basics with plain old fashioned email phishing routines. Why? Because it's cheap and effective, considering that emails don't require the cost of a stamp. In countries where the average wage is measured in pennies and dimes, the occasional win keeps beans on the table.
4. Terrorists: We're not talking about blowing up bridges or maiming innocent populations here. This is the type of terrorism that often ends up with sites being defaced and the like. According to Ackerman: "They're interested in advancing their particular religious or political views."
5. Nation State Actors: This is where it gets scary. Did you know that just before the Russians invaded Crimea in 2014 that a DDOS attack rendered the phone service being used by Ukrainian officials useless? The country being blamed for that attack are now deemed responsible for fake news.
Which of these tiers is most problematic? When asked, Ackerman said he'd put organized crime first, closely followed by nation state actors.