What are Threat Actors?
A threat actor, also known as a malicious actor, is any person, group, or entity that creates all or part of a cybersecurity incident, with the intent to cause harm. Threat actors may cause damage by exploiting vulnerabilities, compromising user identities with elevated privileges, evading security controls, damaging data, deleting data, manipulating sensitive information, and more. Each type of threat actor has a specific target and a specific goal. Types of threat actors include:
Cybercriminals. Cybercriminals are individuals or groups, often motivated by financial gain, who use digital technology to conduct illegal activity. Cybercriminals typically employ social engineering tactics, such as phishing emails, to lure victims into clicking on a malicious link or downloading malware. Other examples of cybercrime include stealing data, tricking victims into transferring money, stealing login credentials, and making ransom demands.
Nation-state threat actors. Nation-state threat actors work at a national level, generally targeting intelligence in the nuclear, financial or technology sectors. This type of threat usually refers to government intelligence agencies or military, meaning they are highly trained, extremely stealthy and protected by their nation’s legal system. They may work with outside organizations to achieve their goals. Nation-state threat actors collect intelligence and may also attack critical infrastructure or attempt sabotage.
Insiders. Insider threats can be categorized into the following types:
Malicious Insiders. Malicious insiders are individuals who have access to the corporate environment and decide to turn against their employers by helping threat actors, usually for monetary gain.
Incautious Insiders. Incautious insiders are employees who may not have malicious intent but end up causing a data breach due to their carelessness. Careless acts might include clicking on a phishing email, installing unapproved software, or losing their corporate devices.
An insider threat actor could be a newly disgruntled employee or someone who purposely targets a business or government. Competitor governments or businesses pay insiders to steal intellectual property and trade secrets, but some insider threats aim to simply do damage to their employer. Insider threats have become more common in recent years, inflicting the most damage and being the most difficult to detect since they have legitimate access to infrastructure and data.
Hacktivists. Hackers sometimes target governments and businesses based on their opposition to their target’s ideology. These threat actors are generally not financially motivated, instead seeking to damage data or infrastructure for political reasons. Hacktivists can be external or insider threats, focused on performing malicious activities and disrupting normal business productivity.
Script kiddies. Script kiddies are threat actors who are relatively inexperienced, and often use scripts, code repositories, and malware that is freely downloadable for anyone to use. Even without coding and hacking skills, script kiddies can still harm an organization’s productivity and private data, and can also, unknowingly, add malware to the environment.