Out-Law Analysis | 08 Feb 2017 | 11:18 am | 6 min. read
Having looked at the 10 things you always wanted to know about cybersecurity but were afraid to ask, we will share our findings in a themed series. Here we look at the kinds of people behind cybersecurity breaches and the methods they use.
Who are the attackers?
The sources of attacks are many and varied. The attackers behind some of the highest profile attacks in the past 18 months have ranged from a teenager with a basic skillset managing to infiltrate a major consumer brand, resulting in a record UK fine, through to an alleged state sponsored attack claimed to have influenced the presidential election of one of the most powerful countries.
Broadly, the sources of attacks can be grouped into one of four categories: script kiddies; hacktivists; organised crime; or nation states or their proxies.
Increasingly, attacks are being perpetrated by relatively unskilled individuals who use scripts or programs developed by others to attack computer systems and networks. These individuals are not professionals but merely exploit weaknesses in others’ computers or systems that have been exposed by others, with these weaknesses usually shared on the 'dark web'.
Sometimes these 'script kiddies' will attack entirely at random and often with limited understanding of the effects of their actions. They may do it purely for the thrill or to increase their reputation amongst peers.
An example of an attack perpetrated by a 'script kiddie' is the TalkTalk hack in October 2015. The attack, which reportedly cost the company £42 million and resulted in the ICO’s record fine to-date, was the work of a 17-year-old boy who claimed he was "just showing off" to friends.
Hactivists are individuals or groups whose objective is to create public interest and generate media hype, usually in order to bring attention to a political, social or ideological cause. Hacktivists tend not to be profit-motivated but aim to embarrass victims or expose controversial issues.
The April 2016 'Panama Papers' scandal, the breach of the Panamanian law firm Mossack Fonseca, was arguably an example of hacktivism: an ideologically motivated attack by an anonymous whistle-blower, seeking to expose the offshoring activities of a number of high-profile individuals. The exposure of some 11.5 million documents caused controversy and embarrassment worldwide.
Organised criminals behind cyber attacks are usually motivated by financial gain and aim to obtain financial data or to control payment systems. This may be by extortion in relation to sensitive or confidential data, or by the use of ransomware.
By way of example, in July 2014 attackers infiltrated the European Central Bank’s systems exposing emails and contact details in an attempt at extortion.
In relation to ransomware, in 2015 a group of computer criminals known as ‘DD4BC’ began threatening targets with massive distributed denial of service (DDoS) attacks unless they paid a ransom using Bitcoins. These attackers generally threaten to bring down vital business services and cause disruption and financial loss unless a payment is made via methods that are almost impossible to trace.
Nation state/state proxy
The high water mark of cyber attackers are those alleged attacks by nation states or state proxies, which tend to be motivated by political gain. Key objectives in such attacks tend to be to disrupt critical infrastructure, military operations or political stability.
For obvious reasons the details surrounding such events are shrouded in secrecy, however examples include the recent alleged involvement in the US election by the Russian state, and the Stuxnet cyber attack against Iran’s Natanz nuclear enrichment facility discovered in June 2010 which was alleged, but never confirmed, to be by US intelligence agents.
It is important to note the threat that insiders present too. Disgruntled existing or ex-employees may commit, or even invite, cyber attacks out of spite or personal revenge rather than for financial reward. Their aims might be to damage systems or to steal information or intellectual property. In 2015 a disgruntled Morgan Stanley employee allegedly removed approximately 730,000 customer details.
It is clear that the range of potential attackers is varied in nature, capability and motive, and includes both internal and external threats.
What are the common methods of attack?
Broadly, there are three categories of attack:
Motives for attacks generally fall into four categories:
The actual methods of attack commonly used are too numerous to list in their entirety and are continuously changing, but very many of them rely on employees being insufficiently aware of information security hygiene. It is much easier for attackers to socially engineer an employee than to carry out a brute force attack on the IT infrastructure of an organisation.
Typical methods of attack include the following:
Marc Dautlich and Philip Kemp are experts in information law and cybersecurity regulation at Pinsent Masons, the law firm behind Out-Law.com.