Script Kiddie: This term describes a common type of threat actor who lacks a deep understanding of cybersecurity. Instead, they follow instructions from real hackers to launch attacks on systems or networks. Despite their limited knowledge, Script Kiddies can still cause significant damage, even though they don't fully comprehend the tools they use.
Hacktivist: Globally, various nations harbour diverse social and political agendas, garnering support or opposition from individuals and groups. Often, protesters arrange rallies, and marches, or resort to unlawful actions like defacing public property. Amidst this, a threat actor emerges—leveraging hacking prowess to further political or social objectives. This figure is known as a hacktivist.
Insider: Infiltrating an organization from the outside is increasingly arduous for threat actors. Instead, they often resort to an internal approach, exploiting individuals within the organization. Their tactic involves fabricating a false identity and résumé for a member of their group, intending to apply for a position within the target organization and subsequently becoming an employee. Once embedded, this type of threat actor gains entry to the organization's internal network, affording them deeper insights into network architecture and security vulnerabilities. This insider threat can then introduce network implants and establish backdoors, enabling remote access to critical systems. Such a threat actor is classified as an insider.
State-Sponsored: As warfare evolves into cyberspace, battles now extend beyond physical borders. In this era of cyber warfare, nations recognize the imperative to safeguard citizens and vital assets from malicious hackers and rival states. Consequently, governments engage state-sponsored hackers tasked with shielding the nation from cyber threats. Yet, this practice also serves as a conduit for some nations to gather intelligence on others, potentially compromising public infrastructure, utilities, and critical resources across borders.
Organized Crime: Just as criminal syndicates operate globally, the cybersecurity realm houses its own organized crime groups. Comprising individuals unified by shared objectives, each member possesses distinct expertise:
a. One conducts thorough target reconnaissance,
b. Another craft Advanced Persistent Threats (APTs),
c. A financier ensures ample resources for a successful attack.
This threat actor's aim is typically grand, involving large-scale data theft for lucrative gains through illicit data trade.
Blackhat: The blackhat hacker is a threat actor wielding skills for nefarious ends. These hackers, of diverse origins, may target systems or networks arbitrarily. Their motives range from tarnishing reputations and data theft to personal challenges driven by amusement, often without a defined purpose.
Whitehat: The virtuous figures of the industry, whitehat hackers, employ their expertise to protect organizations and individuals from malicious cyber threats. This breed of hackers includes ethical hackers and penetration testers, who utilize their skills for the greater good, ensuring security and acting in an ethical and constructive capacity.
Greyhat: Residing between whitehat and blackhat realms, the grey-hat hacker embodies a dual identity. By day, they operate as cybersecurity professionals on the side of good, while by night, they may leverage their skillset for less virtuous purposes, straddling the line between ethical and malicious intentions.