Cyberthreat on the Internet

Understanding the Threat Landscape: Cyber-Attack Actors and Motivations

The threat landscape has rapidly expanded over the past few years, and shows no signs of contracting. With major establishments in both the public and private sectors falling victim to cyber-attacks, it is critical for organizations to identify the motivations, modus operandi (MO) and objectives of adversaries in order to adequately and effectively defend their networks.

Understanding the taxonomy of cyber-attacks is the first step in preparing an organization against exposure to them. Verisign iDefense Security Intelligence Services classifies cyber-attacks into three categories: hacktivism, cybercrime and cyber-espionage.


Hacktivism is primarily politically or ideologically motivated, based on a desire to wreak havoc on the victim organization or cause harm to its reputation, with the ultimate goal of drawing attention to a specific topic or event. These attacks can be triggered by real-world events, and for the most part are not built on the anticipation of financial gain.

Common hacktivist attack vectors include:

  • Distributed Denial of Service (DDoS) attack: A malicious attempt to debilitate networks, Web-based applications, or services by using a large number of networked computers to overwhelm these assets with resource requests, or impair them in some other way.
  • Website defacement: Changing the appearance of a website via unauthorized access such as through a cross-site scripting vulnerability.
  • Information disclosure: Publicizing information about the targeted institution that was not previously publicly known or releasable.
  • Doxing: The publication of personally identifiable information (PII) about a specific person for malicious purposes.


While the term “cybercrime” is broad and can refer to any criminal act involving a computer system, in this instance the term refers to crime carried out for the purpose of financial gain. Financial institutions and their clients are most frequently targeted by cybercriminals, and payment card and online banking fraud are the lifeblood of this type of attack (e.g., miscreants offering DDoS-for-hire services).

Cybercriminal enterprises vary in size and typically involve persons working together, though they may not know each other in real life. They rely on Web-based forums, ICQ , Jabber and Internet Relay Chat (IRC) for communication and for the recruitment of prospective partners. Data stolen in cybercrime attacks is often circulated on the black market where it is made available for purchase via forums and automated Web shops.

Data cyber-criminals frequently seek includes:

  • ATM and point-of-sale (PoS) skimming: Stealing bank and PIN information when cards are used at ATMs, credit/debit card terminals and other card readers.
  • Random Access Memory (RAM) scraping: Stealing credit/debit card information when the card information is stored in the server’s memory system.
  • Code injection: Introducing malicious code into a computer program to redirect the system’s actions.
  • Keylogging: Using a program to record computer keystrokes in order to gain confidential information.
  • Phishing: Creating fraudulent, socially engineered electronic content (websites, emails, etc.) that is from a seemingly legitimate source, enticing victims to provide confidential information.


The primary goal of cyber-espionage is gaining and maintaining access to target networks to exfiltrate intellectual property, personally identifiable information (PII) and financial and targeted strategic information from governments, corporations and individuals.

Threat actors behind these operations select their targets based on a specific set of goals or criteria, known as collection requirements. These requirements can range from specific technologies, such as unmanned aerial vehicle technology, to broad goals for economic advancement. Unlike hacktivism and cybercrime campaigns, cyber-espionage is carried out by many different individuals and organizations seemingly operating in accordance with their own established collection requirements.

Read more about the cyber threats and actors you should be most focused on in 2015.

Josh Ray

Josh Ray

As Vice President, Verisign iDefense Security Intelligence Services, Josh Ray is responsible for developing operational plans for the organization, overseeing the fulfillment of client commitments and providing the strategic direction for the iDefense product line. He has more than 12 years of combined commercial, government and military experience in the field of Cyber Intelligence, Threat Operations, and Information Security.

Leave a Reply