There are all sorts of types of ‘cyber threat actors’ aka ‘hackers’ (the bad guys on the internet), and just as many motivations for them to do what they do.
Below we will take a look at the different kinds of threat actors, their motivations, why we sometimes feel targeted by them and what we can do about it.
|Historic note: the term ‘hacker’ didn’t used to be a negative term, it just meant someone who liked reverse engineering things and making them work in different ways than they were intended. It has since been erroneously used in a negative context so many times that its definition has pretty much changed to mean someone who uses computers and the internet to inflict harm on others for their own amusement or gain. The term for this sort of person originally was ‘cracker’, but that term didn’t stick, so ‘hacker’ has effectively taken over.|
Who are they and what do they want?
Demographically, hackers can be anyone. Old, young, Russian, Canadian. There are of course the hooded stereotypes but they aren’t indicative of reality.
Overall you could group every hacker into the following three groups:
Black Hat (knowingly and maliciously break the law for personal gain)
White Hat (the black hat hunters, protectors, find vulnerabilities but then inform vendors so that they can fix them before the black hats use them against them)
Grey Hat (may sometimes violate laws, but not with malicious intent)
You can dig a little bit deeper though and categorize them further:
Individual Recreational Hacker - Hackers can be individuals working on their own for fun, out of curiosity or for profit. Stereotypical ‘Mom’s basement’ style hacker.
The Hacktivist - Chooses targets based on their political ideals and agendas.
They want to further the goals of their own cause and hinder the goals of their opposition.
Nation States – Well resourced hacking groups. Very skilled with all the tools and equipment they could ever need to carry out their mission.
They are generally always working to infiltrate other nations, to spy or collect information, or further their own causes in any number of ways. Some use hacking as a means to bring in a steady income stream for their country too. They break into banks or crypto-currency exchanges stealing millions of dollars at a time. (North Korea took $2 billion in cyberattacks to fund weapons program: U.N. report | Reuters)
Advanced Persistent Threats (APTs) – Hacker groups that are well organized and resourced. They can be nation states but don’t have to be. They vary from normal hackers in that they generally don’t quit until they get what they want. They are not easily deterred. They are very intelligent and have the money and tools to almost do anything they want. These APTs are all numbered and sometimes named as well, for example the group ‘Charming Kitten’ aka APT35, a hacker group based in Iran.
Their motivations are generally monetary however can be pretty much anything else: notoriety, political, adversarial to other APTs. The list goes on.
Hacking as a Service (HaaS) - Hacking ‘Businesses’ – Just like Gmail is an example of Software as a Service (SaaS) ie you don’t need to know anything about setting up and hosting an email server to be able to have and use an email account). HaaS is the same idea. You don’t need to know anything about hacking to attack a target. There are hacking groups that make very good money acting as contractors in this fashion. They provide the tools and expertise, the customer just needs to provide a target, intent and a large sum of money, generally cryptocurrency of some sort like Bitcoin.
Obviously the point here is monetary gain, and perhaps notoriety as well.
Botnet masters – infect computers with malware using all sorts of different methods and have them silently report back to their command and control servers. Botnet masters can then use these ‘zombie computers’ to do their bidding and help in large scale attacks, spam campaigns, or they could simply use them to silently mine Bitcoin on their behalf.
Spammers – Send junky spam email to the world at large, hoping to trick someone into falling for their scam and therefore making money off of them. They have a very low success rate, but the campaigns are so easy to get up and running that the return on investment is still worth it. Berkeley did a study in 2008 on the effectiveness of spam. They actually took over a botnet for the use of this study. They then sent out their own test spam of their own. Spoiler alert: they found that of all the people they emailed, only 0.00001% of them were tricked into buying their fake pharmaceutical product. Even with this dismal result, if extrapolated, it would provide roughly $3.5 million dollars of revenue per year. All for very little effort from the spammers perspective. (Spamalytics: An Empirical Analysis of Spam Marketing Conversion (berkeley.edu))
Spammers are generally in it for monetary gain, some can also just be trying to spread miss-information or their own agendas.
Why me though?
Generally speaking, you aren’t directly targeted. Your email exists out there on the web or dark web and has just been included in a massive list that the spammers have pieced together.
How did your email get out there in the open in the first place?
A perfect example is the Trent website. It has emails all over it. If someone looked, or programmed a bot to crawl our website and grab emails, it would get a whole lot of staff emails in particular. It’s not a bad thing. They’re there on purpose as transparency is important in the academic space. We just have to be aware that it could mean that these emails could be farmed for lists like this.
Another way people could get your email is through people you know. If someone you know has their username and password phished from them, it’s not uncommon for the attacker to access the account and steal all the contact information to add to their growing lists of email addresses.
One of the most common ways is from websites being breached/hacked and all the usernames/emails being collected by hackers to use in spam and phishing campaigns. We sometimes hear from Alumni saying ‘I only ever get spam to my Trent alumni account, what’s the deal?’ Student emails are not on our website like staff emails so they’re not getting out that way. This is most likely because during the age that you attend university, you are most likely creating accounts all over the internet at other websites, using your Trent email. Then, years pass, you become an Alumni, in the meantime one or more of those other websites get hacked or breached and all the usernames/emails and sometimes passwords are stolen from them and used for malicious purposes like scam or threatening webcam related emails.
All this is not to say that people are never explicitly targeted. Spear-phishing attacks are exactly that, directly targeted phishing emails directed at certain individuals for the info, money or power they possess. Sometimes people close to the target are targeted themselves first. If they can phish the executive’s close friend or co-worker and send an email from their account, the phisher has a much higher rate of tricking that original target. These attacks aren’t as common as blanket spam and phishing emails, but they are out there.
What can I do about all the bad things out there?
There are a multitude of things to keep in mind:
- Be hyper-vigilant of emails requesting your information.
- Hover over any links in emails to ensure they are going where they say their going and not something like bell.ca.criminalhacker.virus.com.
- Trust your gut, if an email feels off, it probably is. Is it from your friend but just doesn’t seem right? Call or text them ‘is this email from you? No? OK thanks, I'll delete it..’
- Keeping up with updates in Windows, Mac and your phone is the biggest bang-for-the-buck way to protect your devices.
- Stay away from sketchy websites. For example, don’t stream illegal TV. You’re not getting that service for free, somehow you are the product. This is also a great way to become part of a botnet masters’ army of computers!
- Protect your device or your whole house with a DNS Firewall like Canadian Shield. Simply put: it will not let you visit known-infected websites, and won’t let known bad addresses contact you either. (CIRA Canadian Shield) It’s like a safety net in case you or a family member accidentally do click a malicious link that would have otherwise infected you or your network. Fun fact: if you're browsing from Trent's network, you are already protected by this solution.
- Use unique, strong passwords. Pair that with MFA (multifactor authentication) and your account almost becomes nigh un-hackable. See the ‘Defending your account’ section of the our Protecting Your Online Accounts blog.
- More resources include our Safe At Home website: Cyber Security Resources for Working and Studying Remotely.
- As well as our other Cyber Security articles.
Best of luck, we’re all in this together.
Back to Cybersecurity Blog home.
Stavros Tzagadouris - Level 1 Information Security Officer - Trent University