Threat actors and forms of cyber Attacks
What type of person would want to carry out a cyber-attack? Why would someone want to carry out such an attack? How does a threat actor execute an attack?
An attack can be carried out by a wide range of actors, ranging from individual, lone actors to state sponsored hacker groups, all with different intentions.
An individual/hobbyist hacker could carry out attacks to prove an ideological point or to expose and discredit an organisation’s activities. It could even be a disgruntled employee, upset that they didn’t get a promotion they felt they deserved. Your organisation may even be subject to attacks from ‘internet trolls’ who have no interest in monetary gain and are simply carrying out attacks for ‘fun’. Typically, individuals attempting a cyber-attack are the least sophisticated and use pre-existing scripts or tools to launch cyber-attacks, without an in-depth understanding of the underlying technology. These types of hackers are referred to as ‘script kiddies’. There are also ‘hacktivists’, which are groups of people who have banded together and use cyber-attacks as a means of making a political or social statement and may target government agencies, corporations, or other organisations.
Moving up the list, to a more sophisticated threat actor, we have cyber criminals.
These actors will usually carry out financially motivated attacks against an organisation and will utilise phishing campaigns or social engineering attacks to achieve their goals.
At the top of the list, and the most sophisticated, we have state sponsored groups or APTs (Advanced Persistent Threats). These threat actors are sponsored or backed by a nation-state, they are highly sophisticated and carry out targeted cyber-attacks. An APT will mainly focus on espionage, sabotage, or cyber warfare. Some notable APTs are:
- Lazarus Group – They are believed to be sponsored by the North Korean government. This group was responsible for the Sony Picture hack in 2014 and is expected to be behind the WannaCry ransomware attack in 2017
- Stone Panda/Red Apollo – This group is believed to be sponsored by the Chinese government. It is known to attack sectors such as aerospace, defence, and high-tech manufacturing.
- Turla – Believed to be sponsored by the Russian government and is known to target government and military organisations.
So, we’ve briefly touched on why threat actors may conduct a cyber-attack, but how do they do it? What form do they take?
A cyber-attack can come in many forms, a threat actor has a wide range of options to choose from when conducting an attack. Examples include:
- Ransomware – This is a type of malware that encrypts the victims’ files. The threat actor will hold the encrypted files as ransom, only restoring access once the ransom payment has been made.
- Distributed denial-of-service (DDoS) – This type of attack involves utilising multiple compromised machines to flood a website or other online service with traffic in an attempt to make it unavailable.
- Phishing – This is a type of social engineering attack. The attackers will use emails, or other forms of communication, to try and trick victims into giving out sensitive information, such as login credentials or financial information.
- Social Engineering – This attack vector has some crossover with over attack vectors, mainly phishing, as it often involves tricking people into breaking normal security procedures (The main way that threat actors will try and persuade the victim is via a phishing email i.e. impersonating an employee’s superior and asking them to break standard security practices, “I’m locked out of my account, send me your log in details so I can…etc.”
This is just a small list of examples from the many different types of attacks. The threat landscape is consistently changing, and new threats are emerging all the time
A threat actor will consider several factors (depending on their sophistication) before deciding on an attack vector, including;
- Vulnerabilities – Does the target system or network have any known vulnerabilities that can be exploited
- Difficulties – What are the chances of being detected? What are the required time and resources to carry out the attack?
- Impact – The attacker will consider the potential impact of the attack on the target, such as the financial cost, the reputational damage, or the disruption of business operations.
- Access – What level of access will the attacker gain through the chosen attack vector? Will they have access to the required resources to achieve their goal?
- Legal consequences: The attacker will consider the legal consequences of the attack vector, and how much they are willing to risk achieving their goal.
These are a few of the many factors a threat actor may consider when choosing an attack vector. The decision-making process of an attacker and what factors are important to them may change with the ever-changing threat landscape.
The Cost of a cyber attack
Businesses across the UK face a wide range of issues, from economic uncertainty to adhering to complex and constantly evolving regulations. There are various challenges that can impact the financial stability of businesses and cyber-attacks are a significantly growing factor. According to a Detica report, in partnership with the office of cyber security and information. The estimated economic cost of cybercrime to UK businesses is £21bn per annum. An eye wateringly large amount of money. The financial impact of these attacks is felt by businesses through various channels. Including intellectual property (IP) theft, which costs an estimated £9.2bn per year. Industrial espionage is another major financial burden for businesses, with an estimated £7.6bn in annual losses. Extortion also contributes to the overall cost of cyber-attacks, with an estimated £2.2bn in annual losses. Cyber-attacks can also lead to direct theft and data breaches resulting in the loss of customer information, leading to additional financial losses of £1.3bn and £1bn annually. These figures highlight the threat that cyber-attacks pose to businesses and stress the importance of robust cyber security measures to protect against these threats. These statistics demonstrate the substantial impact that cyber-attacks have on businesses and the need for strong cyber security measures to counteract these threats
As we can see, the monetary loss businesses may face following a cyber-attack is monumental, however, a cyber-attack can cause massive damage to a company’s reputation. The trust that a business has built can be severely impacted by a cyber-attack. This can lead to reputational damage that can have long-term, and possibly permanent effects on a company’s reputation. A prime example of this is when customers lose confidence in a company’s capacity to safeguard their personal information, following a data breach, which may lead them to seek out other options for their business. Real-world examples of the damaging effects of cyber-attacks can be seen in the case of Yahoo, which suffered a data breach in 2013 and 2014. This attack impacted the personal information of all three billion of the company’s users. Reputational harm can not only affect a company’s relationship with its customers, but also its partnerships, vendors, and investors. A more recent real world example Is the 2020 data breach experienced by the hotel chain the Marriott, where the personal data of up to 5.2 million guests were exposed leading to a decline in stock price and multiple lawsuits.
Loss of operations
Another consequence faced by businesses after a cyber-attack is the disruption of their operations, a consequence of this is a loss in productivity, loss in revenue, and increased cost. Systems that are critical to a business’s operation may be compromised and become unavailable. A ransomware attack can cause a significant disruption in business operations by preventing employees from accessing their critical files and meeting deadlines, leading to an inability to continue with normal business activities. A real-world example of this can be seen in the 2017 WannaCry ransomware attack. The attack impacted a vast number of computers across 150 nations and resulted in major interruptions to various critical sectors such as healthcare and transportation. A more recent example would be the 2021 Colonial Pipeline attack, where a ransomware attack caused the largest refined oil pipeline in the United States to shut down, causing widespread fuel shortages.
A business that fails to comply with data protection regulations may incur financial penalties from relevant regulatory bodies. The amount of the fine and the authority that issues it varies based on the location of the business. For instance, in the UK, businesses must answer to the Information Commissioner’s Office (ICO) for data protection breaches. Along with fines, organisations may also have to bear the cost of incident response and investigations, as well as compensation for affected customers, vendors, and partners. A real-world example is the 2018 data breach experienced by British Airways which was fined £183 million by the ICO for not protecting its customers’ personal and financial data.
This has a lot of crossover with the other sections i.e if an organisation is a victim of a cyber attack which resulted in a data leak, they can be subject to many negative consequences, like; a loss of trust from its customer base or partners, they may also face serious fines if they failed to adhere to strict data protection regulations, all while still having to deal with the monetary loss surrounded with a cyber-attack. A cyber-attack can have a cascading impact on a business, resulting in multiple costs and challenges. Let’s imagine a scenario to showcase the various costs that a business may incur following a cyber-attack.
ByteBuilders is a technology company that has been subject to a cyber attack leading to a data breach. Once the breach has been detected, the business then must launch an investigation to determine the extent of the damage and to prevent any further breaches from happening. During this time, the business may face several costs, such as hiring a cyber security team to carry out the investigation and implement additional security measures. They may also incur costs from informing impacted customers, partners, and investors, which can erode trust and potentially drive business to competitors, potentially altering the market hierarchy. ByteBuilders also failed to adhere to data protection regulations and as a result, must now bear the cost of compensating any claimants and paying fines imposed by the relevant regulatory bodies.
As you can see, a minor issue can quickly escalate into a serious and potentially devastating situation for a business.
Cost of bringing in an expert
The cost of rectifying the damage caused by a cyber-attack will vary depending on several factors, including the size and complexity of the affected organisation and the type and scope of the attack. The following can influence the cost:
- Scale of attack – An attack that only affects a single department within a company would generally be expected to have a lower cost of remediation compared to an attack that has impacted the entire organisation.
- Impact of attack – The cost of remediation for a cyber-attack that has caused extensive business interruption or harm to reputation, may be higher than the cost of fixing an attack that caused minimal damage
- Type of attack – The cost of remediation for cyber-attacks can vary depending on the type of attack. For instance, rectifying the damage caused by a phishing attack may be more cost-effective compared to addressing a complex ransomware attack.
- Type of industry – UK healthcare organisations must abide by the General Data Protection Regulation (GDPR) which could raise the cost of fixing any damages resulting from a cyber-attack.
Typically, the cost of remediation following a cyber-attack can vary greatly. With the above-mentioned factors playing a part. It’s worth noting that, the remediation costs incurred by a business does not solely come from hiring a third party expert, but also from the potential fines and legal fees.