The scammers and hackers that make up the dark web’s underbelly are known to cybersecurity experts as ‘threat actors’. These are very accomplished people who are very good at what they do. Unfortunately, most of us know very little about them and how they operate. Needless to say, they are far more than what Hollywood makes them out to be.
I would venture to say that most of us imagine threat actors as glamorous, culturally sophisticated social butterflies who spend comparatively little time plying their trades. They supposedly prefer quick scores so they can enjoy the good life.
In reality, threat actors are hardworking cybercriminals. They are constantly developing new ways to attack networks. They are always looking for vulnerabilities and new attack surfaces. But those committed to fighting them have their own tools and strategies. One such tool is open-source intelligence (OSINT).
What Motivates Threat Actors
DarkOwl, an industry leading provider of darknet intelligence and OSINT solutions, explains that threat actors are motivated by a long list of things. The obvious first choice is money. Some steal millions by launching ransomware attacks. Others perpetrate massive data breaches and then sell the stolen information on dark web marketplaces. But money is not the only motivation. There are others:
- Revenge – A certain volume of cybercrime is about revenge. An individual seeks revenge on an organization that wronged him. Perhaps a former employee targets the company that dismissed him. The possibilities are endless.
- Hacktivism – Some threat actors are hacktivists, so named because their motivations are related to politics or some sort of cause. They believe they can change the world via cybercrime.
- Geopolitics – Both individuals and state-sponsored groups utilize the internet for espionage, sabotage, and geopolitical influence. They are threat actors every bit as much as the petty criminal.
- Organized Crime – Threat actors may be motivated by organized criminal activity. Their online activities are not a crime unto itself but, rather, a tool for furthering their criminal enterprises.
Believe it or not, there is even a small group of threat actors the industry refers to as ‘script kiddies’. Whether their attacks are malicious or not, they do what they do for fun. Hacking is a game to them, a game through which they are amused.
The Role of OSINT Tools
Given the fact that threat actors are not the same people Hollywood has made them out to be, they are not going to be stopped by a heroic government agent who tracks them down and brings them to justice. That’s not the way the real world works. Still, organizations don’t have to be targets. They can fight back and win.
OSINT tools make the fight more successful. What are these tools? They are software solutions that constantly scour the internet and dark web for information indicating what threat actors are up to. The tools scrape dark web forms and social media. They search dark web marketplaces and websites.
All the information they scrape is aggregated and then analyzed. Context is added before the tools come up with actionable insights security teams can deploy to fend off future attacks.
OSINT is rooted in the understanding that threat actors leave behind digital traces. By learning to identify those traces and what they mean, security teams can better understand what threat actors are going to do before they do it. That is the point.
Threat actors are very real. But they are not the Hollywood types so many of us are used to. They are hardworking criminals dedicated to what they do. Cybersecurity experts need to treat them as such.
