So this week we’re kicking off a new series: meet the threat actors. Because who doesn’t want to find out about the gremlins hiding under your bed?
Let’s back up a second – first of all what is a threat actor?
Simply put, a threat actor is an attacker. They can be anyone. From your postman to a disgruntled ex-employee, but in security we’ve managed to create 5 rough categories for them. And those categories are:
- Script Kiddies
- Malicious insiders
- Organized crime
So why should you care about them? They’re actually surprisingly important.
Picture this: it’s the middle of the night and you wake up to go downstairs for a glass of water. SHOCK HORROR the TV in your lounge has gone! Suddenly you’re swimming in a sea of questions; how did my TV disappear? Was I burgled? Why didn’t the dog bark and wake me up? How will I be able to watch the super bowl now? How can I spend the insurance payout? Ok maybe not the last one but it’s important to know what you’re going after – if you can get a rough idea of the person that took your TV suddenly it’s a lot easier to track them down. After all you don’t want to chase down a hardened biker gang in your fuzzy slippers now do you?
The same thing applies to attacks online. Taking a leaf out of Sun Tzu’s book, know your enemy. If you can tell for example that a highly sophisticated attacker is partaking in a virtual smash and grab, you can tailor your defences to thwart their attempt.
And with that, we move onto the first of the 5 broad categories of threat actors. The script kiddie.
And yes. The image of a screaming toddler in your head is sort of correct.
A script kiddie is an attacker that’s pretty much at the bottom of the hacker totem pole. They’re not very sophisticated and don’t know that much about what they’re doing – typically using tools other people have written for their own nefarious purposes.
By now you’re probably breathing a sigh of relief – after all you could get your toddler into bed last night so what chance is a script kiddie gonna have? And that’s where they get you! Don’t be lulled into a sense of false security!
Just because they’re not that technically advanced doesn’t mean they don’t pack a punch! Much like that bottle of hot sauce you got given last Christmas, a script kiddie can be extremely dangerous when they apply themselves, or given enough time and resources. Take the infamous hack of a British internet service provider – TalkTalk back in 2015. Over 150,000 subscribers had their personal details grabbed by a fairly unskilled group taking advantage of a simple to exploit vulnerability in TalkTalk’s codecode. They hackhacked it and dumped the data using a tool someone else made but were able to wreak havoc by doing so.
On the subject of tools, script kiddies often use tools with very legitimate uses – for example tools that may be used in a red team, like we discussed last week. They typically break into organizations and vandalize sites not for the data but for the thrill of it, and as a way to increase their “street cred” amongst their peers.
The upshot of this is that because they’re just beginning and are relatively unskilled sometimes they make pretty blatant mistakes, and leave significant evidence behind that can lead to them being detected and then caught. Taking the TalkTalk hackers for example – they were caught trying to sell information about the vulnerabilities they had found onto other attackers. In other cases script kiddies have even been known to leave automatic crash reporting on on the software they use – leading to massive trails authorities can use to track down the miscreants.
So really what does this boil down to? Know your enemy. If you start to see signs of an attack, and the tactics the attacker is using seem to be fairly rudimentary, it’s possible you’re being targeted by a script kiddie. Time to bring out your incident response plan. (You do have one right?)
At Skye technologies we’ve got a wealth of knowledge in helping customers implement their response plans and are well positioned to offer advice on your systems to help boost their security – potentially making them more resistant to attacks from script kiddies. Get in touch today