Over 17 billion personal records were exposed or stolen in 2023, understanding who these threat actors are and their motives is crucial for protecting your digital assets. 

What is a Threat Actor? 

A threat actor, also known as a malicious actor or adversary, is an individual, group, or organization that engages in actions intended to harm or compromise information systems, networks, and data. These actors have varying motivations, skills, and resources, and their activities can range from simple, opportunistic attacks to highly sophisticated, targeted campaigns. Their aim is to exploit vulnerabilities for financial gain, espionage, disruption, or other nefarious objectives. 

Who are Threat Actors? 

Threat actors range from sophisticated nation-state groups to individual cybercriminals. Their methods and motivations vary, but they all pose significant risks to cybersecurity. Understanding the different types of threat actors helps in tailoring defense strategies. 

What are the 5 Types of Threat Actors? 

Threat actors in cybersecurity can be categorized into five main types: 

  • Cybercriminals: These are individuals or groups who commit crimes for financial gain. They use various types of cyber-attacks to steal data, extort money, or sell stolen information. (eg. Organized crime groups or independent hackers) 
  • Nation-State Actors: Sponsored by governments, these actors engage in espionage, sabotage, and disruption to gain a strategic advantage. (eg. State-sponsored groups like APT28 (Fancy Bear) or APT29 (Cozy Bear)) 
  • Hacktivists: Ideologically driven, hacktivists attack organizations to promote political agendas or social change. (eg. Anonymous or LulzSec) 
  • Insiders: Employees or associates with access to sensitive information who exploit their position to harm the organization. (eg. Disgruntled employees or contractors) 
  • Script Kiddies: Inexperienced hackers who use existing tools and scripts to launch attacks for thrill or recognition.  

Threat Actor Capabilities 

Basic Skills

  • Script Kiddies: Use pre-written scripts and tools to exploit known vulnerabilities. They lack in-depth technical knowledge but can cause damage by leveraging tools available on the internet. 
  • Common Activities: Defacing websites, simple DDoS attacks, basic credential theft. 

Intermediate Skills

  • Cybercriminals and Hacktivists: Often have a moderate level of technical expertise. They can develop and deploy custom malware, exploit zero-day vulnerabilities, and conduct sophisticated social engineering attacks. 
  • Common Activities: Ransomware deployment, phishing campaigns, data breaches, and hacktivist operations like doxxing and coordinated DDoS attacks. 

Advanced Skills

  • Nation-State Actors and APT Groups: Possess highly advanced technical skills. They employ a range of sophisticated techniques, including custom-built malware, advanced persistent threats (APTs), and exploits for zero-day vulnerabilities. 
  • Common Activities: Cyber espionage, intellectual property theft, infrastructure sabotage, and targeted attacks against high-value targets. 

What are Threat Actors After? 

Threat actors typically seek: 

  • Financial Gain: Through ransomware, phishing, and other forms of cyber fraud. 
  • Intellectual Property: Stealing proprietary information and trade secrets. 
  • Personal Data: Harvesting personal information for identity theft or resale. 
  • Disruption: Causing operational disruptions to gain competitive or strategic advantage. 

Who are the Targets of Modern-Day Threat Actors? 

Modern-day hackers target a wide range of entities: 

  • Businesses: Large and small enterprises are prime targets for financial theft and intellectual property espionage. 
  • Government Agencies: Nation-state actors frequently target government agencies to gain intelligence, disrupt operations, or sabotage critical infrastructure. The Canadian Centre for Cyber Security highlighted the ongoing threats to government systems, particularly in the context of geopolitical tensions (Canadian Centre for Cyber Security) .  
  • Healthcare Institutions: Healthcare organizations are frequent targets due to the critical nature of their operations and the sensitivity of patient data. In 2023, ransomware attacks on healthcare providers accounted for a significant portion of cyber incidents, with attackers knowing that these organizations are more likely to pay ransoms to restore operations quickly. 
  • Financial Organizations: Banks and financial institutions are prime targets for cybercriminals seeking financial gain. Methods include phishing, credential theft, and direct attacks on financial systems. The National Cyber Threat Assessment reported increased targeting of financial services due to the high potential for direct monetary theft. 
  • Individuals: Targeted for personal data, financial information, and identity theft. 

Types of Cyber Attacks in 2024 

The cyber threat landscape is constantly changing. In 2024, we are seeing the following types of cyber-attacks: 

  • Ransomware: Malicious software that encrypts data and demands payment for decryption. 
  • Phishing: Fraudulent attempts to obtain sensitive information through deceptive emails. 
  • DDoS Attacks: Overwhelming a network with traffic to disrupt services. 
  • Supply Chain Attacks: Compromising software or hardware through third-party suppliers. 
  • Zero-Day Exploits: Attacks on software vulnerabilities before they are known and patched. 

Threat Actor Trends in 2024 

  • Rise in Cloud Intrusions: There was a significant increase in cloud-focused attacks, with a 75% rise in cloud intrusions from 2022 to 2023. Threat actors are leveraging valid credentials to infiltrate cloud environments, making it harder to detect these breaches since they often appear as normal user activity. 
  • Stealth and Speed of Attacks: Adversaries have improved their speed and stealth, with the fastest recorded eCrime breakout time being only 2 minutes and 7 seconds. This indicates that attackers can move quickly from initial compromise to further network exploitation. 
  • Identity-Based Attacks: Identity threats continue to surge, with adversaries increasingly using techniques like phishing, social engineering, SIM-swapping, and MFA bypass to gain access. The market for stolen identities also grew, with a 20% increase in access broker advertisements selling valid credentials. 
  • Generative AI: The use of generative AI by threat actors has raised new concerns. Adversaries are using AI to create more convincing social engineering campaigns and develop malicious software, which lowers the barrier to entry for sophisticated attacks. 
  • Ransomware and Data Breaches: Ransomware attacks have seen a significant increase, with public ransomware incidents up by 84% across all sectors in 2023. Data breaches also spiked, with over 17 billion personal records exposed or stolen in 2023, marking a 34.5% year-over-year increase. 
  • Exploitation of Third-Party Relationships: Adversaries are targeting vendor-client relationships to maximize their impact. By compromising IT vendors or the software supply chain, attackers can spread malicious tools to multiple organizations through trusted channels. 

How to Identify Threat Actors 

Identifying threat actors involves: 

  • Monitoring Network Activity: Look for unusual patterns and anomalies. 
  • Employee Security Awareness Training: Educate staff to recognize phishing attempts and social engineering tactics. 
  • Threat Intelligence: Use threat intelligence feeds to stay informed about emerging threats. 
  • Incident Response Plans: Have a robust plan in place for identifying and responding to attacks. 

How to Stop Threat Actors 

Stopping threat actors requires a multi-faceted approach: 

  • Implement Strong Security Measures: Use firewalls, antivirus software, and intrusion detection systems. 
  • Regular Updates and Patching: Keep software and systems updated to close vulnerabilities. 
  • Access Controls: Limit access to sensitive information to only those who need it. 
  • Continuous Monitoring: Constantly monitor systems for signs of compromise. 
  • Engage Ethical Hackers: Ethical hackers can test your defenses and identify weaknesses before malicious actors can exploit them. 


Free Microsoft Sentinel Implementation