3 Types of Cyber Threat Actors and Their Motivations

Who's behind a cyber attack? A new report identifies the three main types of hackers.
By: | June 30, 2022
Topics: Cyber

Cybercrime is on the rise around the globe. Much of the attention is paid to large-scale attacks and high ransoms paid to restore systems and unlock data.

But according to a recent report from CyberCube, not enough focus is on the criminals behind the cyberattacks — and their motivations when they launch these cyber crimes.  

The report, “Understanding Criminal Cyber Threat Actors and Motivations,” detailed the three different types of cyber criminals companies should be aware of. 

According to the report, “Understanding Criminal Cyber Threat Actors and Motivations,” when you know your enemy, you can defeat them. The authors argue we should seek to better understand cyber threat actors and the motivations driving their actions to better fight cybercrime.   

“Our new report focuses on actors with whom the insurance industry should concern itself because they are most likely to inflict cyber attacks on Western democracies and businesses while creating systemic risk that leads to risk aggregation and large financial losses. A greater understanding of the key cyber actors will help the insurance sector predict how and where future attacks could arise and inform estimations of attack frequency and severity,” said Darren Thomson, a co-author of the report and head of cyber intelligence services for CyberCube

There are three types of cybercriminals defined in the report: state-sponsored actors, organized criminal gangs, and hacktivists.

 1) State-sponsored Actors 

State-sponsored actors represent a wide range of criminals with various motivations. What they have in common is their source of funding. State sponsorship is varied, but with government backing at its core, state-sponsored actors pose a significant threat to businesses and insurers. 

These attacks can be quite broad and challenging, and because state-sponsored actors are supported by a government they are also protected by that government. This can mean this set of criminals is well-funded and well-organized, capable of more sophisticated cyber-attacks.  

When you hear of a large-scale cyber-attack in the media, it is often perpetrated by a state-sponsored threat actor. The NotPetya ransomware attack in 2017, the 2020 SolarWinds cyber-attack, and the Microsoft Exchange breaches in 2021 were all attributed to state-sponsored cybercriminals.  

An emerging threat from state-sponsored criminals is from what CyberCube refers to as APTs, or advanced persistent threats, which are nation-states with advanced and persistent cyber attack capabilities. The growing threat from these APTs is a new area of concern, especially as many are growing their abilities rapidly.  

The targets of these state-sponsored threat actors tend to be larger entities where a breach causes a more significant disruption to operations, like governments, NGOs, and think tanks. These entities store valuable data that can be useful to glean insights into political and government strategies and plans.  

The motivation behind these types of attacks seems political for now, but economic gain is an incentive for some growing nation-state cyber criminal attacks. The report mentions countries with economic sanctions may seek alternate revenue sources in the future, using ransom demands along with cyber-attacks. 

Private businesses may not be the focus of attacks from sophisticated nation-states, but they can suffer from collateral damage when primary targets are attacked. The report referenced a recent cyber attack on an American satellite communications company that had vast, unintended consequences when it shut down the internet for thousands of Europeans and interrupted operations at 5,800 wind turbines in Germany.  

2) Organized Criminal Gangs 

Cyber crime is a lucrative enterprise for organized criminal gangs. Ransomware is currently the “go-to” method of cyber criminals seeking financial gain, with estimates predicting global ransomware damage costs will exceed $265 billion in 2031. Some experts estimate cyberattacks will happen every 2 seconds on businesses and individuals by 2031.  

Ransomware attacks are becoming more frequent and more expensive at the same time. Entities are paying more in ransoms, and cybercriminals have started employing double and triple extortion tactics. In double extortion schemes, the criminals threaten to release the data they have stolen if the ransom isn’t paid.  

Triple extortion is a creative way for criminals to demand more ransoms from a cyber-attack. Criminals demand a ransom from the business, but then also demand smaller, secondary ransoms from individuals whose data they breached.  

An example of this digital shakedown was the ransomware attack on a large Finnish psychotherapy clinic in 2020. The cyber criminals demanded a ransom from the clinic — then from patients who had their data stolen. The criminals threatened patients with the release of their therapy notes if they did not pay a €200 ransom directly to the cyber extortionists.  

Another emerging threat is a ransomware-as-a-service (RaaS) model organized criminal gangs are employing. Based on the popular SaaS (software as a service) model used by many tech companies, RaaS distribution models allow large, sophisticated criminal gangs to provide hacking tools to other criminal groups. This spreads the risk from the larger entities to the smaller ones, while in turn returning greater profits to the RaaS provider.  

3) Hacktivists Seek to Drive Social Change  

Hacktivists are an active global force trying to drive social and political change. Anonymous is perhaps the most famous “face” of hacktivist groups worldwide. Members have recently aided social causes like the Black Lives Matter movement and have supported Ukraine in the Russia-Ukraine conflict.   

And while hacktivists are generally focused on their political or social agendas, the effects of their efforts can harm private businesses and individuals.

For example, members may hack and obtain private information about individuals that they then release to the public or use in other ways. The people who have had their data breached are collateral victims in the hackers’ attempts to propel change.  

Building a better understanding of the types of cyber criminals acting in the world and their diverse motivations can help insurers fight back against these attacks.

Cybercriminals are creative, global, and often have vast resources and government support to conduct their activities, making it challenging to stop cybercrime. But by knowing and understanding criminal behavior and motivation, insurers can get one step further in the fight against cybercrime. & 

Abi Potter Clough, MBA, CPCU, is a keynote speaker, author and business consultant focused on Insurtech, leadership and strategy. She has over 15 years of experience at a Fortune 500 company with expertise in P&C claims operational leadership, lean management consulting, digital communications and Insurtech. As the past chair of the International Insurance Interest Group of the CPCU Society, Abi remains involved in many international initiatives and projects. She has published two books about change management and relocation. Abi can be reached at [email protected].

More from Risk & Insurance