Cybersecurity Time Machine Series: The Evolution of Threat Actors
By: Brittany Holmes, Corporate Communications Manager
In an interconnected world, the digital landscape has become the breeding ground for opportunities and dangers. Cybercriminals have taken advantage of this evolution every step of the way and have become more prevalent. As a result, all organizations are now targets. Staying one step ahead is imperative. For organizations to protect themselves and their assets effectively, they need to understand how threat actors adapt and refine their strategies.
The 2023 Cybersecurity Awareness Month’s theme celebrates 20 years of cybersecurity awareness. In relevance, we want to look back on the past 20 years to shed light on the significance of understanding a few prominent threat actors’ evolutions.
Threat Actors in The Early 2000s
During the early 2000s, the internet was crawling with cybercriminals and script kiddies as primary threat actors. A script kiddie is a cybercriminal who uses existing code or computer scripts to hack into a computer. They usually lack the knowledge to come up with it on their own.
Motivated by a thirst for knowledge and the desire to showcase their technical skills, these individuals exploited vulnerabilities across networks. Their targets varied, encompassing everything from corporate entities to personal computing systems. Using a wide range of techniques, script kiddies mimicked the actions of their more experienced counterparts on a less sophisticated level. As time went on, their motivations began shifting towards financial gain.
As a result, advanced phishing and malware attacks started gaining traction within the digital world. These malicious actors honed their skills in deceiving unsuspecting individuals, often using highly sophisticated techniques to harvest personal information and turn it into profits. This transition marked a turning point in the world of cyber threats, setting the stage for more organized and financially driven attacks in the years to come.
Rise of Nation-State Actors 2005-2010
The rise of nation-state actors has significantly impacted cybersecurity. One trend is the emergence of state-sponsored cybercriminals, who are employed by governments to sabotage operations and carry out cyber espionage. These cybercriminals are motivated by various factors, including gathering intelligence, financial gain, and gaining a competitive edge in certain industries. Their targets often include government agencies, defense contractors, and critical infrastructure.
Two Notable Cyberattacks:
- In 2007, Estonia experienced a massive wave of distributed denial-of-service (DDoS) attacks, believed to be orchestrated by Russia in response to a diplomatic dispute.
- In 2010, the Stuxnet worm created a new era of cyber warfare by targeting industrial control systems (ICS) used in Iran’s nuclear program. It was later revealed to be a joint effort by the United States and Israel.
These incidents demonstrate the extent to which countries are now leveraging cyberattacks as a strategic tool for achieving their geopolitical goals.
Rise of Hacktivist Groups (2010-2015)
Between 2010 and 2015, groups such as Anonymous and LulzSec came onto the scene. Their targets and motivations were wide-ranging, as they aimed to challenge authority, expose secrets, and promote freedom of information. Using tactics like data breaches and DDoS attacks, these groups looked to disrupt and damage the systems and credibility of their targets.
Two Notable Hacktivist Groups:
- Anonymous, founded in 2003, is a group that often attacks with a justice philosophy in mind. They targeted corporations, governments, and organizations that they thought were corrupt, oppressive, or unethical. Their actions included taking down the websites of major financial institutions during the Occupy Wall Street movement.
- LulzSec focused on causing chaos and amusement within the online community. Operating as a small team of cybercriminals, they deployed various cyberattacks targeting high-profile organizations like PBS, Fox, the X Factor, and individuals. Their motivations were often driven by the pursuit of “lulz,” or laughter, as they exposed vulnerabilities.
Ultimately, hacktivist groups demonstrate cyber activism to challenge authority and expose injustices. Their actions, whether through DDoS attacks or data breaches, highlighted the potential power of the internet in promoting transparency and holding institutions accountable. This period also raised questions about the lines between activism, vigilantism, and criminal activity, forcing governments and corporations to adapt their cybersecurity measures in response to this new digital landscape.
Shift Towards Advanced Persistent Threats (APTs) and Ransomware (2015-Present)
Over the past few years, we have seen a significant shift in threats with a rise in APT groups. These groups have a specific goal and aim to infiltrate and maintain long-term access to systems and networks. Another growing threat in the cyber landscape is ransomware attacks. Unlike APTs, ransomware attacks focus on quickly encrypting or disabling systems data until a ransom is paid. The reason behind these attacks is usually financial gain. Ransomware groups target small and large businesses. What is particularly concerning about ransomware attacks is the evolution and sophistication of the strains being used.
Notable ATP Examples:
- Deep Panda: This group mainly targets US government institutions looking to steal intellectual property and state secrets. They focus on high tech, education, legal services, telecommunications, finance, energy, and pharmaceuticals. They have been known to be highly organized and remain undetected on networks for months at a time.
- GhostNet: This has been a large-scale cyber spying operation that tricked users into downloading a malicious file. Once the user interacts with the file, a remote access trojan, known as ‘Ghost Rat,’ is then installed on their computer. They are known to have breached over 1,200 computers belonging to foreign ministries, government offices, and embassies in 103 countries.
These attacks often target governments, corporations, and other high-value organizations, stealing sensitive information or conducting espionage.
Notable Ransomware Attacks:
- WannaCry: In 2017, malicious software spread globally, encrypting Windows operating systems. It encrypted files and demanded ransomware to restore access. These attacks went after hundreds of thousands of computers in over 150 countries.
- LockBit: In 2019, LockBit deployed advanced encryption algorithms to make files inaccessible and display a ransomware note demanding payment. There are various delivery methods, including gaining access to unauthorized networks, phishing emails, and software vulnerabilities. They use double-extortion methods, setting LockBit apart from other ransomware.
The overall evolution of threat actors will continuously change and become more sophisticated. They are growing in scale, posing a significant risk to organizations of all sizes. Educating yourself and your organization on the latest threat actors can help prepare you.
Take Proactive Security Measures
The past two decades have shown a significant evolution in the cybersecurity landscape, particularly in the sophistication and complexity of threat actors. The market has shifted and now every organization, big or small, is a target. Organized groups have emerged, adding a new level of threat to mid-market organizations that previously believed they were too small to be targeted. The financial gains associated with cyber threats have become the main motivator, and it is crucial to recognize the evolving nature of these attacks in order to stay protected.
Stay tuned for our blog next week to explore the next steps to protect your organization from cyber threats.
Adlumin’s Spot the Lurker Challenge
Unleash the power of knowledge and stand a chance to win big in the ‘Defeat the Lurker’ contest. Download Adlumin’s 2023 Threat Report Round-Up, shine a light on hidden threats and equip yourself with the tools to protect your network while entering for a chance to win amazing prizes.
Subscribe to Adlumin’s blog series and gain access to actionable advice and step-by-step guides from cybersecurity experts.