Know Who Your Cyber Enemy Is

One of the best chances we have at combating cybercrime is to get into the minds of the criminals. Who are our cyber enemies? And what are their motivations? Said differently, what have we identified as our most valuable (digital) assets? And who and what benefit would someone gain to the sensitive information? If we can answer these two questions, we can determine the most effective ways to protect ourselves, our systems and our information.

Outsiders

Most cybercrime, about 75%, is perpetrated by people or groups outside of the organization. These outsiders can be individuals, criminal organizations, nation-states, industry competitors and many others. To understand the threats that these outsiders pose to our organizations, we must first look to their motivations.

MOTIVE: Money

One of the simplest and easy-to-understand motives for breaching a company’s systems is to steal money. In February of last year, the Bank of Bangladesh lost $81 million when criminals used stolen credentials to wire themselves money; later that year, multiple local governments reported being the victims of e-mail fraud when scammers posed as legitimate vendors and requested payments for contracted work; and, just this year, ransomware attacks have demanded its victims pay a ransom before their systems would be restored. Each of these examples has a different twist on how the cyber thieves made off with the money, but their motivations were the same.

MOTIVE: “Hacktivism”

“Hacktivism” is a term coined in recent years to describe the practice of gaining unauthorized access to a system to further a person’s or group’s political or social goals. The TV show “Mr. Robot” follows a fictional hacktivist whose goal is to make the world a better place, and, in recent years, there have been instances of hacktivists groups exposing personal information about a political figure to undermine their credibility.

MOTIVE: Infamy

The promise of notoriety can be enough encouragement for hackers to commit cybercrime. In late 2016, there was a series of distributed denial-of-service (DDoS) attacks on the Dyn Domain Name System (DNS) that delayed or shut down big-name websites like Twitter, Paypal, Spotify and Reddit. Multiple hacker groups, including the “New World Hackers,” claimed responsibility for the crime, boasting that they broke records for perpetrating one of the largest DDoS hacks in history.

MOTIVE: To gain a political advantage

There are ever increasing examples of groups or nation-states who breach the systems of their opposition in hopes of gaining a political leg up. The most newsworthy example of this is the hackers who used a phishing scam to break into the Democratic National Committee (DNC) servers in 2016. The group stole private e-mails, campaign correspondence, and opposition research to reveal the inner workings of the DNC that the committee did not want made public.

Insiders

Cybercrime can also be committed by people internal to an organization. Often, these employees or contractors will use their own security privileges to commit the crime, making the breaches difficult to spot. The response time to discover one of these attacks can take years, as companies often lack procedures to detect internal abuses of power. While internal actors can have some of the same motivations as outsiders, there are a few other reasons they may choose to commit cybercrime.

MOTIVE: Revenge

People who feel wronged by their organization may use their security privileges to hurt the company as a form of revenge – they may pilfer money, expose something unsavory about their company or its leaders, or release customer files and other confidential information.

MOTIVE: Expose wrongdoing

Whistleblowers are not uncommon. Some employees will use their secure privileges to expose what they perceive to be wrongdoings by their organization. Edward Snowden, for example, said that his motivation for leaking US intelligence secrets was to inform the public that US officials were violating the public’s right to privacy.

By classifying our potential cyber enemies, understanding their motivations and anticipating the ways they perpetrate their crimes, we can prepare ourselves for their assaults. We discussed a few tactics you can take to prevent cybercrime in our Cybersecurity Breach 101 article.

This is our third article in a four-part series on cybersecurity in recognition of National Cyber Security Awareness Month. Stay tuned for our final article next week, which will explore why certain cybercrimes are more newsworthy than others.