Cybercriminals and hackers come in all shapes and sizes. Know your enemy and understand their motivations, skills, and modus operandi to keep your organization secure.
Here are some examples of the most prevalent threat actors businesses currently face.

Advanced Persistent Threats (APT)


APTs are hackers whose objectives include espionage and subversion for financial or political gain. Often state-sponsored, APTs are stealthy, cunning and leverage the most advanced attack vectors and malware.

MODUS OPERANDI

Nation state groups rely heavily on spear phishing to compromise a specific user. Escalating privileges and deploying malware to exfiltrate data is often the next step.

PREFERRED TARGETS

Cursus amet mauris Cursus amet mauris Cursus amet mauris

Public sector, utilities and critical infrastructure

EXAMPLES OF APT GROUPS

Cursus amet mauris

Unit 61398

Operating Since 2006
Origin Country China
Aliases APT1, The Comment Group
Case Background The cyberwarfare unit of the Chinese People’s Liberation Army that focuses on stealing trade secrets and confidential information from corporations worldwide.
Cursus amet mauris

Equation Group

Operating Since 1998
Origin Country USA
Case Background A cyberwarfare and intelligence-gathering unit associated with the NSA. Among many capabilities, it has the ability to compromise commonly used hardware such as routers, switches and firewalls.
Quisque lorem

Lazarus Group

Operating Since 2019
Origin Country North Korea
Aliases Hidden Cobra
Case Background Responsible for various attacks over the past decade, including Ten Days of Rain, the 2014 Sony breach and WannaCry. Spear-phishing campaigns to deploy malware is its specialty.
Vestibulum commodo

APT28

Operating Since 2008
Origin Country Russia
Aliases Fancy Bear, Pawn Storm, Sofacy Group
Case Background A cyber-espionage group associated with Russian military intelligence agencies and known for different exploits and spear-phishing attacks to deploy customized malware

Insider Threats


Disgruntled employees just aren’t bad for moral, they’re a clear and present danger whose objective is profit, shame or espionage.

Look for unauthorized hardware placed in sensitive areas, such as USB drives, rogue access points or network hardware plugged into other devices.

Typically, insider threats can fall into four categories:

Opportunist

A law-abiding citizen that seizes the moment and steal digital goods for profit

Disgruntled Employee

Motivated by the fact that their company was wronged them, they collect/steal sensitive data

Cashing Out

Employees who deliberately gain access to positions that allow them to commit fraud

Corporate Espionage

An individual who is employed by an organization with the sole purpose of stealing data and IP

Financially Motivated


Nothing motivates like money. Currently, there are three common types of cyberattacks motivated by money. Their tactics are as diverse as they are profitable.


RDoS

MODUS OPERANDI

RDoS sends an extortion demand to the victim and follow it with a sample DDoS attack.

PREFERRED TARGETS

Cursus amet mauris Cursus amet mauris

Small- and medium-sized businesses

EXAMPLES OF RDOS GROUPS

DD4BC

DD4BC

The pioneers of DDoS extortion tactics
Armada Collective

Armada Collective

Executed massive multi-vector DDoS attacks if not paid
XMR

XMR

First emerged in 2017 and leverages social media to seek fame and fortune
Phantom Squad

Phantom Squad

Spammed ransom demands but never followed through with an attack

Ransomware

MODUS OPERANDI

Malware that restricts access to user data by encrypting an infected computer’s files in exchange for payment

PREFERRED TARGETS

Cursus amet mauris Cursus amet mauris Cursus amet mauris

Business of all shapes and sizes


EXAMPLES OF RANSOMWARE

100M

WannaCry

One of the most famous ransomware campaigns in history, whose damages totaled over $100 million
10B

NotPetya

Encrypting ransomware discovered in 2016, that caused over $10 billion in damages
6M

SamSam

Targeted ransomware that earned attackers over $6 million
7.8M

Locky

Ransomware that first appeared in 2016 and spread via phishing emails that earned attackers over $7.8 million

Cryptojacking

MODUS OPERANDI

Infecting an unauthorized device to mine for cryptocurrency. This trend has recently erupted in popularity.

PREFERRED TARGETS

Cursus amet mauris Cursus amet mauris Cursus amet mauris

Anybody and everybody

EXAMPLES OF CRYPTOJACKING

Vestibulum commodo

ADB.Miner

targets Android devices
Vestibulum commodo

Smoinru

infects devices with a Monero miner

Be Proactive


Stay Ahead of the Threat Landscape

To safeguard your business means understanding the threats, but also your organization’s network.

Step 11

Step 1

Ensure regularly patched/updated hardware and software

Step 22

Step 2

Conduct a security audit of your network and its defenses

Step 33

Step 3

Understand how cybercriminals operate and their tools of the trade

Step 44

Step 4

Select the DDoS mitigation solution that fits your needs, budget and threats it will face