Understanding Direct and Indirect

Cyber Actors
In today's interconnected digital world, the landscape of cyber threats is vast
and multifaceted. At the heart of these threats are individuals, groups, and
entities known as cyber actors, who play pivotal roles in shaping the
cybersecurity landscape. These actors can be broadly categorized into two main
types: direct and indirect.
 DIRECT CYBER ACTORS
Direct cyber actors refer to individuals or groups directly engaged in various forms of cyber
activities, including hacking, cyber espionage, cybercrime, and cyber warfare. These actors
actively target computer systems, networks, and digital infrastructure to achieve their objectives,
which may range from financial gain and ideological motives to espionage or sabotage.
 INDIRECT CYBER ACTORS
Indirect cyber actors are individuals, groups, or entities that are not directly
involved in perpetrating cyber attacks but play a significant role in facilitating or
enabling such activities. Here are some examples of indirect cyber actors:
 Here are some examples of indirect cyber actors:
 Malware Developers: Individuals or groups who create and distribute malicious software (malware) designed to
compromise computer systems, steal data, or disrupt operations. While they may not directly carry out cyber
attacks, their creations serve as tools for cybercriminals to exploit vulnerabilities and perpetrate attacks.

 Exploit Vendors: Companies or individuals who discover and develop exploits for software vulnerabilities. These
exploits are then sold or distributed to cybercriminals, nation-state actors, or other malicious entities to be used in
cyber attacks. Exploit vendors indirectly contribute to cyber threats by providing tools that enable attackers to
breach systems.

 Botnet Operators: Botnets are networks of compromised computers (bots) controlled by a central command-and-
control (C&C) server. Botnet operators infect computers with malware, turning them into bots that can be used for
various malicious activities, such as distributed denial-of-service (DDoS) attacks, spam campaigns, or spreading
malware.

 Cybercrime Forums and Marketplaces: Online forums, marketplaces, and underground communities where
cybercriminals buy, sell, and exchange hacking tools, stolen data, and hacking services.

 Dark Web Marketplaces: Hidden parts of the internet, accessible only through specialized software like Tor,
where illicit activities, including the sale of drugs, weapons, stolen data, and hacking tools, take place. Dark web
marketplaces provide a platform for cybercriminals to buy and sell goods and services anonymously, making it
challenging for law enforcement to track and disrupt their activities.
 Direct cyber actors are motivated by various factors that drive their cyber activities. Here are some
common motivations:
• Financial Gain: Many cybercriminals engage in illegal activities such as stealing financial information, conducting ransomware
attacks, or selling stolen data on underground markets for monetary profit.
• Ideology: Hacktivist groups are often motivated by ideological beliefs and use cyber-attacks as a means to promote political or
social agendas. They may target government websites, corporations, or institutions that they perceive as oppressive or unethical.
• Espionage: Nation-states and intelligence agencies conduct cyber espionage to gather political, military, or economic
intelligence. This can include stealing sensitive government secrets, intellectual property, or classified information from foreign
entities.
• Revenge: Some cyber actors may be motivated by personal vendettas or grievances against individuals, organizations, or
governments. They may launch cyber-attacks as a form of retaliation or revenge for perceived injustices.
• Disruption: Cyber actors may seek to disrupt or sabotage critical infrastructure, services, or systems for strategic or political
reasons. This can include targeting utilities, transportation networks, or communication systems to cause chaos and destabilize
societies.
• Intellectual Challenge: For some individuals, hacking and cyber-attacks provide intellectual stimulation and a challenge to test
their technical skills and abilities. They may engage in cyber activities out of curiosity or to demonstrate their expertise within
the hacker community.

• National Security Objectives: State-sponsored cyber actors may conduct cyber-attacks to advance their nation's strategic
interests, assert dominance in cyberspace, or undermine the security of rival nations. These activities can include cyber
espionage, sabotage, or warfare conducted in support of broader geopolitical goals
TYPES OF DIRECT CYBER ACTORS
 TYPES OF DIRECT CYBER ACTORS
i. Cybercriminals
a. Organized Crime Groups
b. Lone Actors
c. Financially Motivated Hackers

ii. Hacktivists
a. Anonymous
b. LulzSec
c. Syrian Electronic Army

iii. State-Sponsored Actors

a. Advanced Persistent Threat (APT) groups
b. Nation-State Cyber Units
c. Cyber Militias
1.Cybercriminals
Cybercriminals are individuals or groups who use digital technology to
conduct illegal activity. They’re often motivated by financial gain. This type
of threat actor typically employs social engineering tactics such as phishing
emails to lure victims into clicking on a malicious link or downloading
malicious software (malware). Other examples of cybercrime include
stealing data, tricking victims into transferring money, stealing login
credentials, and making ransom demands.
2. Nation-States
Nation-states may fund threat actor groups to perform a variety of malicious
activities on the networks of other governing entities including espionage or
cyberwarfare. Since nation-state funded threat actors tend to be highly
resourced, their behavior is often persistent and more difficult to detect.
Targeting their opponents’ networks in stealth, nation-state-funded threat
actors typically seek to exfiltrate or corrupt sensitive data and assets, disrupt
critical infrastructure, or gather confidential intelligence.
3. Terrorist Groups
As with physical acts of terrorism, the goal of cyber terrorists is typically to
cause harm and destruction that furthers their cause. This type of threat actor
targets businesses, state machinery, and critical infrastructures or services
4. Thrill-Seekers
Thrill-seekers are threat actors who attack computer systems or networks for
personal enjoyment. Whether they want to see how much data and sensitive
information they can steal, or they are interested in how specific networks and
computer systems operate, thrill-seekers may not necessarily intend to do much
harm to their targets. However, they can interfere with computer systems and
networks or exploit vulnerabilities for more sophisticated cyberattacks in the
future.
5. Insider Threats
Insider threats are on the rise. These threats can be categorized into the following
types:
Malicious Insiders: Malicious insiders are individuals who have access to the
corporate environment and decide to turn against their employers by helping threat
actors; usually for monetary gain. Incautious Insiders: Incautious insiders are
employees who may not have malicious intent but end up causing a data
breach due to their carelessness. They might click on a phishing email, install
unapproved software, or lose their corporate devices.
6. Hackers
A hacker is someone who uses their computer skills to overcome a challenge or
problem, for better or for worse, while threat actors almost always have malicious
intent. Hollywood popularized the term to invoke images of nefarious individuals
with malicious intentions, such as causing disruption or breaking the law.
However, there are many types of hackers with different capabilities.
 Here are some examples of different types of hackers and what they can do:

•Black Hat Hackers

•Black hat hackers work against organizations or government agencies in an attempt to break into computer networks or
systems with malicious intent. Black hat hackers often work alone or with organized crime groups and employ a number
of techniques to hack their targets, including social engineering, hacking passwords, infecting devices with malware,
logging keystrokes, or creating botnets to execute a Distributed-Denial-of-Services (DDoS) attack.
•White Hat Hackers
•White hat hackers, also called ethical hackers, work with organizations or government agencies to identify vulnerabilities
and protect cyber systems from malicious hackers. Unlike other types of hackers, white hat hackers always have
permission from the organization or agency they work with to hack into computer networks or systems.
•Grey Hat Hackers
•Grey hat hackers fall somewhere in between white hat hackers and black hat hackers. Grey hat hackers hack into
computer networks or systems in order to draw the target’s attention to vulnerabilities or potential attack paths and then
charge a fee to fix the issues they’ve discovered. Most often, this type of hacker exploits security issues without malicious
intent, but it is done without permission and often through illegal tactics.
 Here are some examples of different types of hackers and what they can do:

•Green Hat Hackers

•Green hat hackers are beginners and often seek out information from more experienced members of the hacking
community. Although green hat hackers may not always have the necessary skills or knowledge to launch a
coordinated attack, they can still cause serious damage if they don’t have a clear understanding of what they’ve
done or how to fix it.
•Blue Hat Hackers
•Blue hat hackers are most similar to white hat hackers: they’re security professionals working at consulting firms
that are hired specifically to test a system prior to its launch. Sometimes, blue hat hackers also target individuals or
companies in retaliation for some wrongdoing without putting much thought into the consequences of their actions.
•Red Hat Hackers
•Red hat hackers are often seen as the “dark horses” of the hacking world, working alone or in private groups to
disarm black hat hackers. Unlike white hat hackers who turn black hat hackers into the authorities, red hat hackers
often focus on destroying resources and doing harm.
 Here are some examples of different types of hackers and what they can do:

•Script Kiddies
•Unlike other types of hackers, script kiddies are often motivated by boredom and don’t write their own
computer scripts or code. Instead, they insert existing scripts or codes into viruses or applications to hack
computer systems belonging to others. In the hacking world, script kiddies are notorious for being relatively
unskilled and immature compared to other types of hackers.
•Hacktivists
•Hacktivists are often considered black hat hackers, but their motivations for hacking are political. Whether
they’re concerned with preserving free speech or exposing instances of human rights violations, hacktivists
target individuals, organizations, or government agencies. Most of the time, hacktivists believe they’re trying to
enact a positive change in the world. For example, the hacking group Anonymous is well-known for its
numerous cyberattacks against several governments and have been called “freedom fighters” by their
supporters.
 DEFINATION OF CYBER
THREAT
Cyber threats refer to malicious activities or events that exploit vulnerabilities in
computer systems, networks, or digital infrastructure to compromise the confidentiality,
integrity, or availability of data, systems, or services. These threats encompass a wide
range of cyber attacks and security breaches perpetrated by cybercriminals, hackers,
hacktivists, state-sponsored actors, and other malicious entities .
 The impact of cyber threats can be wide-ranging and significant, affecting
individuals, businesses, governments, and society as a whole. Here are some
key impacts:
 Financial Loss: Cyber-attacks can result in significant financial
losses for individuals, businesses, and organizations. This can include
theft of funds, financial fraud, extortion payments, and costs
associated with remediation, such as repairing systems and recovering
from data breaches.
 Data Breaches: Data breaches expose sensitive information,
including personal, financial, and proprietary data, to unauthorized
parties. This can lead to identity theft, financial fraud, reputational
damage, and legal liabilities for affected individuals and
organizations.
 Disruption of Services: Cyber-attacks can disrupt critical services
and infrastructure, including communication networks, transportation
systems, and healthcare facilities. This can result in downtime,
operational disruptions, and economic losses for businesses and
governments.
• Regulatory and Legal Consequences: Organizations that fail to
adequately protect against cyber threats may face regulatory penalties,
legal liabilities, and compliance requirements. This includes fines,
lawsuits, and reputational damage resulting from non-compliance with
data protection regulations.
 Reputational Damage: Organizations that suffer from cyber-attacks
may experience reputational damage, loss of customer trust, and
diminished brand reputation. This can have long-term consequences
for customer loyalty, market competitiveness, and shareholder value.
 Intellectual Property Theft: Cyber-attacks targeting intellectual
property, trade secrets, and proprietary information can undermine
innovation, competitiveness, and economic growth. Stolen intellectual
property may be used for commercial advantage by competitors or
sold on underground markets.
 National Security Threats: Cyber-attacks targeting government
agencies, military infrastructure, and critical national systems pose
significant national security threats. These attacks can compromise
classified information, disrupt essential services, and undermine the
stability and security of nations.
 Psychological Impact: Individuals affected by cyber-attacks may
experience psychological distress, anxiety, and fear of further
victimization. This can have a profound impact on mental health and
well-being, particularly in cases of identity theft, cyberbullying, or
online harassment.
 DEFINATION OF CYBER
DEFENSE STRATEGIES
Cyber defense strategies refer to proactive measures and frameworks adopted by
organizations to protect their digital assets, systems, and data from cyber threats. These
strategies encompass a range of security practices, policies, technologies, and processes
designed to identify, prevent, detect, respond to, and recover from cyber-attacks and security
incidents effectively.
 CYBER DEFENES STRATIGIES
Here are some key cyber defense strategies organizations can implement to mitigate the risks posed by cyber
threats:
 Risk Assessment and Management: Conduct regular assessments to
identify and prioritize potential cyber risks to the organization's assets,
systems, and data. Develop risk management strategies to mitigate
identified risks effectively.
 Cybersecurity Training and Awareness: Provide comprehensive
cybersecurity training and awareness programs for employees to educate
them about common cyber threats, best practices for secure behavior, and
the importance of safeguarding sensitive information.
 Multi-factor Authentication (MFA): Implement multi-factor
authentication mechanisms to add an extra layer of security beyond just
passwords. This helps prevent unauthorized access to accounts and
systems, even if passwords are compromised.
 Regular Software Updates and Patch Management: Keep software,
operating systems, and applications up-to-date with the latest security
patches and updates to address known vulnerabilities and minimize the
risk of exploitation by cyber attackers.
 Threat Intelligence and Information Sharing: Stay informed about
emerging cyber threats and trends by leveraging threat intelligence
sources and participating in information sharing initiatives with industry
peers, government agencies, and cybersecurity organizations
 Network Segmentation: Segment network infrastructure to
compartmentalize sensitive data and critical systems from less secure areas.
This limits the scope of potential breaches and helps contain and mitigate the
impact of cyber-attacks.
 Firewalls and Intrusion Detection Systems (IDS): Deploy firewalls and
intrusion detection systems to monitor and control network traffic, detect
suspicious activity, and block unauthorized access attempts, thereby
enhancing overall network security.
 Data Encryption: Encrypt sensitive data both in transit and at rest to protect
it from unauthorized access in the event of a breach or interception.
Encryption helps safeguard data confidentiality and integrity, even if
attackers gain access to the data.
 Incident Response Plan: Develop and regularly test an incident response
plan to effectively respond to and mitigate cyber security incidents. This plan
should outline roles and responsibilities, escalation procedures,
communication protocols, and steps for containing and recovering from
incidents.
 Vendor Risk Management: Assess and manage the cybersecurity risks
associated with third-party vendors and service providers that have access to
the organization's systems or data. Implement contractual agreements and
security controls to mitigate vendor-related risks.
 Continuous Monitoring and Security Audits: Implement continuous monitoring practices and conduct regular
security audits to identify and address security gaps, compliance issues, and potential vulnerabilities proactively.

By adopting a holistic approach to cybersecurity and implementing these defense strategies, organizations can enhance
their resilience to cyber threats and better protect their assets, systems, and data from malicious actors.