Defender vs attacker
In order to defend our infrastructure more effectively we first need to understand who could be actually attacking us, and what are their methods and motivations.
We can break the cyber attacks landscape down into the following actors:
The first group we need to consider is organised crime – the majority of attacks from these actors are for direct financial gain and involve phishing or malware targeting gathering personal data, ransomware or cryptomining.
The next major group of attackers work on industrial espionage. Often these attacks will be quite sophisticated, targeted and persistent. They will use a variety of tools and approaches, tailor made and zero-day exploits. A significant challenge in this area are insider threats – if a network cannot be successfully attacked from the outside, it can be much more easily compromised from the inside.
Another group of attacks involves state-sponsored campaigns – again, these are usually sophisticated and targeted, built on economic or political motives.
The final group we can consider is opportunistic attacks – these usually use off-the-shelf automated tools and bots, looking for easy targets and quick gain.
Not all of these will be of applicable to every organisation, as some of them are mainly aimed at individuals while others target large organisations and infrastructure. The grouping above is not exhaustive as of course there are many different variations of actors from these groups.
Verizon Enterprise publishes annual reports summarising its investigations over thousands of attacks and breaches. It provides a very informative overview of the cyber security world we live in today. Have a look at the reports from the last few years as well – you can see how the security landscape is changing as well as which types of attack methods have consistently been most widespread.
The National Cyber Security Centre also publishes reports on current cyber attacks on national infrastructure and organisations.
© Coventry University. CC BY-NC 4.0