Threat Actor Motivations

(OBJ 2.1)

Intent vs. Motivation

There is a difference between the intent of the attack and the motivation that fuels that attack

• Threat Actors Intent
  • Specific objective or goal that a threat actor is aiming to achieve through their attack
• Threat Actors Motivation
  • Underlying reasons or driving forces that pushes a threat actor to carry out their attack

Different motivations

• Different motivations behind threat actors

  • Data Exfiltration
    • Unauthorized transfer of data from a computer
    • Example: Steal contact information from a company
    • Uses of data:
      • Selling it on the dark web
      • Using it for identity theft
      • Leveraging it for a competitive advantage
  • Financial Gain
    • Achieved through various means, such as ransomware attacks, or through banking trojans that allow them to steal financial information in order to gain unauthorized access into the victims' bank accounts.
    • One of the most common motivations
  • Blackmail
    • Attacker obtains sensitive or compromising information about an individual or an organization and threatens to release this information to the public unless certain demands are met
    • Demands often involve a financial transaction
    • Cyber blackmail can take many forms:
      • Ransomeware
      • Doxing
      • Sextorsion
  • Service Disruption
    • Some threat actors aim to disrupt the services of various organizations, either to cause chaos, make a political statement, or to demand a ransom
    • Achieved by conducting a DDoS Attacks
    • Can lead to significantly financial or reputational losses
  • Philosophical or Political Beliefs
    • Attacks that are conducted due to the philosophical or political beliefs of the attackers is known as hacktivism
    • From website defacement to data leaks
    • Common motivation for a specific type of threat actor known as a hacktivist
  • Ethical Reasons
    • Contrary to malicious threat actors, ethical hackers, also known as Authorized hackers, are motivated by a desire to improve security
    • Penetration testers focus on identifying vulnerabilities with the intention of patching and mitigating those vulnerabilities
  • Revenge
    • It can also be a motivation for a threat actor that wants to target an entity that they believe has wronged them in some way
  • Disruption or Chaos
    • Creating and spreading malware to launching sophisticated cyberattacks against the critical infrastructure in a populated city
  • Espionage
    • Spying on individuals, organizations, or nations to gather sensitive or classified information
  • War
    • Cyber warfare can be used to disrupt a country's infrastructure, compromise its national security, and to cause economic damage