What Motivates Attackers to Come After You?

In order to strengthen the security for your organization you need to understand why attackers target you in the first place.

There is an infinite combination of factors that can motivate attackers to come after you or your organization. But by being aware of some of these factors you can develop better strategies to protect yourself and in some cases prevent the attack from happening altogether.

Today we’re going to talk about the motivations that drive attackers, how they select their targets, and strategies to defend yourself and your organization from them. These factors can be grouped into a handful of categories.

Financial Gain

The most common reason driving an attacker to break into your environment is financial gain.

These attackers tend to use phishing emails and easily exploitable vulnerabilities found on unpatched systems as their main methods of attack. These two methods are preferred because they require minimal effort to deploy, can be reused for several years without needing to be updated, and they consistently work.

These types of attackers don’t really have anything personal against you or your organization. They are just looking for an easy payday. Because of that you don’t have to work too hard to stay ahead of them. To avoid these types of attackers, keep your systems patched and carefully analyze emails before you respond or click on the links.

For Fun

Believe it or not there are lots of people out there who want to exploit your environment just for the challenge. They aren’t looking to exploit money from you, they are in it for bragging rights. These are the Kevin Mitnick’s of the world. The danger in these types of attackers is their potential skill levels and their persistence. The technical skills of these attackers can range from complete beginners to experts. And unlike the attackers that are looking for easy targets, this type of attackers may not give up easily.

The attack methods used by these attackers are as varied as their skill levels. The best thing you can do for these attackers is to change them from attackers and into security allies.

To do that, consider registering your organization in an established bug bounty program or develop your own. A bug bounty program provides would-be attackers with the recognition they may be looking for. The idea is that you make it more advantageous for a potential attacker to sign up for your bug bounty program than trying to exploit your environment on their own.

In most cases, they also receive monetary compensation for reporting security exploits and vulnerabilities they discover on your site. In return, you are provided with the details on how they found the vulnerability and recommendations on how you can fix them. This is a win-win for everyone involved. In addition, you can also stipulate rules of engagement, areas or systems they must stay away from, such as databases that contain sensitive information. In these cases I would recommend you create an identical dev of these systems that you will allow access to. This way you can ensure the “good guys’’ find any vulnerabilities first. Then you can apply the fixes to your production systems.

Insider Threat Actors

The core of the motivation of these attackers stems from feelings of disrespect or being demeaned in some way by your organization. The attacks are a way to prove their value or get revenge for a slight against them. These attackers are the most difficult to detect because they are usually authorized to access the systems they have compromised. Edward Snowden is a good example of an insider threat.

These attackers are the most difficult, because you usually can’t catch them until after they’ve compromised your environment. To fight these types of attacks consider segregating duties and access to sensitive information between multiple employees. Deploying a robust logging strategy and risk based access control protocols can also help.

Philosophical Righteousness

These attackers have a problem with, you, your industry, what your brand represents, or some other philosophical difference in how you operate. No matter if the attackers are liberal extremists or conservative radicals. What they all have in common is the belief that they are morally justified for wreaking havoc in your environment. The technical skill of these attackers also ranges from beginner to expert. Your normal security practices should help you stay ahead of these attackers. To understand who may want to compromise your environment for philosophical reasons, look to your competitors or other organizations in your industry. How have they been compromised in the past and by who? You can also take a look at the Mitre Attack Group list. This list is updated with various attacker groups, their motivations, and methods they use.

State-Sponsored

By now we should all be familiar with the 2016 Russian hacking of the US elections. This was a state-sponsored event. These attackers are highly skilled and have essentially an unlimited amount of resources and time to compromise a selected target. Their most used method is the advanced persistent threat technique. While all the other attackers will only target you for a finite amount of time, state-sponsored attackers continue to look for ways to compromise your environment until they are successful. Even if they are successful, they will continue to look for additional ways to compromise your environment, just in case you discover the first one. Most of you should not have to worry about these types of attackers. However, if you are in an industry that does, please reach out to me so we can discuss a strategy to protect your environment.

Written by

Gene Wright

When I'm not tanning in the glow of my monitor, I'm outdoors. Running, hiking, MTB, camping, and swimming are my favorites,