Threat Actors
Threat Actors

In this brief Course we will look at how cyberattacks are carried out. We will also consider the various groups of people who have an interest in carrying out such attacks, otherwise known as threat actors. We will then look at ways of counteracting attacks through the use of ethical testing, as well as how to cope with an attack by implementing an incident response strategy.

Learning Objectives

  • Learn how an external attack is carried out and by which threat actors
  • Understand how ethical testing is used to evaluate IT security
  • Learn about security incident response

Intended Audience

This Course is intended for anyone who has limited knowledge of IT security and wants to learn more about the topic.


We recommend taking this Course as part of the IT Security Fundamentals learning path.


Now let’s look at threat actors. First, we have cyber criminals, and obviously they're interested in finance, that's why they get into it, in the long-haul. Otherwise what would be the point?

Then there are politically-motivated hacktivists that have political affiliations of their own, or desires that they'd like to see come about as a result of their actions. So, one example of that would be Anonymous. We’ve got state-sponsored attackers.

Next, we’ve got hackers. Now, they come in a couple of different flavors, you've got makers, you've got coders. Makers make things, coders write code, those are the versions of professional hackers. Then we also have some other folk called script kiddies. Now, script kiddies don’t make the sort of applications that hackers will write for themselves, but they know how to use them. They might not understand all the applications’ capabilities but they know how to use them, and this is where you find your 17 year olds, your 12 year olds, sometimes even your security professionals that are actually just script kiddies. The term “script kiddies” sounds sort of disparaging, doesn’t it, but they're still very, very powerful because they have tools that they can use to do significant things. They simply don’t write the tools themselves, like professional hackers do.

Journalists. They sometimes use hacking techniques for investigative purposes.

Employees, staff or contractors, these are either accidental or deliberate, and may be motivated by money, so an individual acting for personal gain. Or perhaps a disgruntled employee acting out of revenge.

And then finally, we’ve competitors, and competitors will carry out attacks to get what they want.. What do they want? They want your money, they want your documents, they want sensitive information, classified information, so that they can corrupt and change that information so that they can cause embarrassments, so that they can degrade your services and DDoS you to bits. They want to make it unavailable to you, they want to embarrass other organizations, damage reputations, gain political personal advantages for themselves.

Every organization is a potential victim, as we all have something of value or that is worth something to others, mainly data. All organizations connected to the internet should assume they will be the victim of such attacks and they will, every organization gets attacked, every single organization gets attacked daily - it doesn't stop. 

Okay, right. So we've got people-based threats, this could be losing data from a software vulnerability incident, or an accidental leak by staff. Accidental leaks by staff can be a number of things, it could be them using your software in a correct way but your software breaking, but it then it's still their fault because they were using it. It could also be them just not being trained and doing the wrong thing. 

Accidental leaks. Then, it could look like they're a malicious insider but they were just curious and they picked up a USB stick or they were told to do something, or they were socially-engineered to do something. That could also be accidental on their part, because they were duped, it's a breach. Then you've got malicious insiders, those that actually don't like you, but they're inside your organization and they've got access just like these guys, and they've got access and will carry out malicious activities in your network.

Next, we have acts of God: fire, flood, and explosions, etc. most of which are most definitely people-based threats, they can happen for various different reasons.

So, insider threats, they're inside an organization. How can we stop them? If they're accidental, then we can use training for our staff to avoid accidental threats. However, if they're intentional, there’s not really much we can do about that, they're in there to do bad stuff in the first place.

How can we spot these threats and stop them? We can train staff and we audit our systems, and we lock down our systems, thereby only giving people access to what it is that they actually need in order to do their job, which we call least privilege. The principle of least privilege.

About the Author
Learning Paths

Originating from a systems administration/network architecture career, a solid part of his career building networks for educational institutes. With security being a mainstay his implementation he grew a strong passion for everything cyber orientated especially social engineering. The educational experience led to him mentoring young women in IT, helping them to begin a cyber career. He is a recipient of the Cisco global cyber security scholarship. A CCNA Cyber Ops holder and elected for the CCNP Cyber Ops program.