Skip to content

The Threat Landscape

Picture of threat, risks, and actors that are manipulating our digital system. This mean harmful code, attempted intrusion, social engineering, and insider threat. Tech is changing, new threats is discovered and attackers are constantly evolving their methods, To protect both individuals and organizations, we therefore need to continuously monitor trends and attack vectors and translate them into practical defenses, training, and improved policies.

Cyber Threat Actors(CTA)

individuals or groups that penetrate the system with malicious or curious intentions. Their motives range from financial gain and political goals to outright vandalism.

Actor Types:

Explorer

  • Least malicious type. The driving force is more about recognition and curiosity than harm. actor who is skilled at finding vulnerabilities and exploiting them, similar to how a threat hunter actively searches for threats. They are happy to show what they can do, for example by modifying a web page. They often use social engineering, especially phishing, where the recipient is manipulated into giving up information or opening malicious attachments. To succeed, the message needs to appear harmless and create a sense of urgency. The spearphishing variation is aimed at a selected person or group, and the same basic principles also apply via telephone (vishing) and text message (smishing). Even if the explorer is not seeking maximum damage, the outcome can be noticeable if vulnerabilities are exploited effectively.

Hacktivist

  • Hacktivists are usually motivated by social justice, political change, government transparency, or anti-censorship goals. They aim to expose wrongdoing, protest policies, or support movements such as human rights or environmental causes. They often operate in loosely organized, anonymous online groups and build botnets to coordinate traffic from thousands of compromised nodes. Using a command-and-control (C2) server, they can flood a target with simultaneous requests in a distributed denial-of-service (DDoS) attack. Their resources are rarely unlimited, but high motivation can still cause significant disruption to visible targets.

Cyberterrorist

  • Acts of violence, disruption, or intimidation for political, ideological, or religious purposes. These acts can include hacking critical infrastructure like power plants, air traffic control, or financial systems to cause fear, panic, and significant harm.

Cybercriminal (Steal Money)

  • Cybercriminals are driven by profit. Their operations often involve identity theft, credit card fraud, and ransomware, where victims’ files are encrypted and released only after a payment, usually in cryptocurrency. Sometimes, different threat actors collaborate—criminal and state-sponsored groups may combine their skills, as seen in real-world cases. These overlapping motives make it harder to identify attackers and develop effective countermeasures.

Cyberwarrior

  • The cyber warrior is the most well-resourced. This actor operates for national interests and may be funded, protected, and equipped by the state. Their most effective tools include exploiting so-called zero-day vulnerabilities in common operating systems and applications. Because the vendor is unaware of the flaw, no patch is available. As a result, attacks can be executed with high precision against strategic targets, ranging from espionage to sabotage. This capability makes the cyber warrior particularly difficult to counter with baseline controls alone.

Hacker Categories (Hat Types)

White-hat

  • Works with permission to find vulnerabilities and improve them.

Black-hat

  • Act without permission to win/chaos.

Grey-hat

  • Brakes the rules but without malicious intent (may sometimes report what they find, although not always in an ethical manner.)

Blue-hat

  • Blue hats are external testers who are hired to test systems before or during operation.

Cybersecurity threats and attack vectors

A cybersecurity threat can be described as an action that exploits a vulnerability and harms a network or system. When analyzing an attack vector, we look at three parts: the vulnerability (the weak point), the mechanism (the tool or method that exploits the weakness), and the path (the channel the attacker uses to reach the target). A common example is an email that appears to come from a colleague, containing a “document” that actually installs malware when opened. In this case, the vulnerability is the user’s trust, the mechanism is the malicious code combined with social engineering, and the path is the email channel. Threats can be categorized as social engineering, malware, unauthorized access, or system design flaws. It’s important to note that a single incident often spans multiple categories. By building skills and procedures to identify, educate, update, and design properly, we can significantly reduce the likelihood of successful attacks.