Know Your Adversaries: The Top Network Bad Actors

The bad guys are out to steal your data, identity, money, and anything else they can lay their digital hands on. Here's a rundown of today's major adversaries.

Network Computing

September 9, 2022

2 Min Read
Know Your Adversaries: The Top Network Bad Actors
Alamy

Like it or not, cyberspace is loaded with as many bad actors as a discount, all-you-can-eat dinner theatre.

Motivation is a key element to keep in mind when considering bad actors, says Scott Riccon, principal consultant with global technology research and advisory firm ISG. "Financial, political, hacktivism, or personal interest can motivate bad actors' behavior and the targets they engage," he explains. Also important is sponsorship: the entities who fund, protect, and direct attacker activities. "Protecting against an individual is much easier than protecting against a group sponsored by a nation-state with significantly more resources than a single organization can typically bring to defend itself," Riccon observes.

Cyberspace is rife with bad actors. Four, in particular, are creating a massive amount of mayhem:

FIN7

Also known as Gold Niagara, ITG14, and Carbon Spider, FIN7 is a financially motivated threat group. The operation has been active since 2013, primarily targeting the U.S. retail, restaurant, and hospitality sectors, often using point-of-sale malware, Riccon says.

In 2020, FIN7 shifted operations to a “big game hunting” approach, Riccon says, including the use of REvil ransomware and their own Ransomware-as-a-Service (RaaS), Darkside. "Darkside was responsible for the Colonial Pipeline ransomware attack on May 7, 2021, which disrupted 45 percent of fuel to the East Coast of the United States," he says. "One analysis showed that Darkside received over $90M in ransom payments from at least 47 victims, with the average ransom payment of $1.9M."

Related:Ransomware Security for IT Pros: 2022 Report

FIN7 may be linked to the Carbanak Group, while REvil was effectively taken down in January 2022 by the Russian Federal Security Service at the request of the U.S. government. "Their footprint and legacy remain prevalent as many other groups are leveraging techniques developed by this group," Riccon notes. "These groups often shut down, regroup, and rebrand to continue their efforts."

Continue Reading on Network Computing

Read more about:

Network Computing

About the Author

Network Computing

Network Computing, a sister site to ITPro Today, provides community members with in-depth analysis on new and emerging infrastructure technologies, real-world advice on implementation and operations, and practical strategies for improving their skills and advancing their careers. Its community is a trusted resource for IT architects and engineers who must understand business requirements as well as build and manage the infrastructures to meet those needs.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like