Threat Actors – CompTIA Security+ SY0-501 – 1.3

The type and motivation of an attacker can vary dramatically. In this video, you’ll learn about the types of different threat actors and the motivations behind their attacks.

<< Previous Video: Cryptographic Attacks Next: Penetration Testing >>


There are people in organizations that are after your computers and your data. You can call these bad guys or ne’er do wells, but the formal term for them is a threat actor. You might also hear these called malicious actors.

There are many different kinds of threat actors. They come from different places in the world, and they all have different motivations on what they’re trying to get out of your systems. These threat actors will use as much information as they can from as many different sources as they can. There’s a huge amount of information available in the world as open source. You can go to Facebook or Twitter or LinkedIn to gather information that they can use against you.

One type of actor is the script kiddie. The script kiddie is someone who runs premade scripts to try to find vulnerabilities or things that they could exploit inside of your systems. In many cases, the script kiddie may not necessarily even know what these scripts are really doing to find these vulnerabilities. And although we call them script kiddies, this person may not necessarily be a kid.

A script kiddie could be someone on the outside or the inside of your network. Usually it’s somebody who is on the outside of your network trying to find these vulnerabilities. And they’re using scripts that they find from anywhere. These are not scripts that they’re creating themselves. So these scripts usually are not very sophisticated. These folks usually don’t have a lot of formal funding. They’re not a large organization. It’s usually an individual. They’re really just looking for vulnerabilities that are the easiest to exploit. They’re most often just motivated by the hunt to find these particular vulnerabilities and in some way to make a name for themself or make it so they can brag on the internet that they found that particular vulnerability.

A hacktivist is the combination of the word hacker and activist. So this is a hacker that has a mission. They have a goal. They’re trying to create social change or they might have a political agenda. Usually this is someone that is on the outside of your network. These can often be very sophisticated hackers to know exactly what they’re going after. Their goals may be to bring down your websites, that nobody can visit your website, or they may be going after a very specific piece of data that’s on the inside of your network. Although traditionally there hasn’t been a lot of funding available for hacktivists, these days it’s easy to gather funds on the internet and crowdsource. And we’re finding that more and more hacktivists have a lot more money that they can use towards these purposes.

If you’re looking for the professionals, then you’re really looking for somebody in organized crime. These are almost always somebody who’s on the outside of your network. And they’re almost always motivated ultimately by money. These are very sophisticated hackers because they have enough money to buy the best in hacking technologies. This is obviously crime that’s well organized. So you have an entire org chart where one person is hacking, another person is managing the exploits. A third person is gathering the data. And perhaps you even have a sales team that’s selling the data that’s being hacked. These folks generally have a lot of capital to fund these projects. And their goal is to make more and more money through these organized crime efforts.

Some of the most disruptive threat actors are governments where you have experts in hacking that are working for a governmental agency. They’re usually focusing on national security. And it’s usually a hack that’s being performed against an external organization or government. As threat actors, nation states have some very sophisticated hacking that they perform. Usually they are attacking military organizations or very large security sites. For example, the United States and Israel got together and destroyed a thousand nuclear centrifuges with a single worm. This is a good example of how a nation state can work on something called an advanced persistent threat, an APT. As a threat actor, these nation states have a huge amount of resources available. And they can spend as much time, people, and money as necessary to find these vulnerabilities on that victim.

One type of threat that’s very difficult to guard against are threat actors that are on the inside. If you’re on the inside of the network, they’re already past a lot of the security that you’ve put in place. We’re talking about more than people that are simply leaving their password on a yellow sticky note. We’re really talking about people with institutional knowledge. They understand the organization. They know where the servers are located. They understand the IP addressing schemes. They may even have access to a number of these systems. They can address their attacks to systems that are specifically vulnerable. And they can really pinpoint exactly what they’re going after.

They have extensive resources because they’re on the inside of your network. You’re effectively paying them to be there. And they’re going to spend as much time as possible to find the information that they’re looking for.

Practically every organization has a competitor, and the competitors are also a significant threat actor. They are usually trying to find ways to bring down your systems. Maybe they’re looking for some insider information with espionage, or maybe they’re just trying to make you look bad so that all of the customers will come over to their side. They usually have a high level of sophistication because they do have some significant funding. And they know that there is a competitive advantage to bringing you down so that the customers all come over to their site.

They usually have a lot of different intents for doing this. They may be trying to shut you down during your busiest times. Maybe they’re trying to steal your customer information, or maybe they’re just trying to corrupt all of your data and make it so that you can’t perform any functions as an organization.

So as you’re thinking about different ways that people can get into your systems, also think about these different thread actors and who it might be who’s trying to get into those systems.