Within the information security world, a threat actor is defined as an individual or group involved in malicious activity and can be categorised as state and non-state, hostile, intentional, non-hostile or unintentional.
The cyber kill chain (originally developed by Lockheed Martin) is an industry-accepted methodology for understanding how an attacker will carry out malicious activities in order to gain access and cause harm an organisation.
It is well documented that instances of cybercrime are on the rise in Australia with criminals increasingly targeting all levels of business. Unfortunately, it is only a matter of time before your business operations falls victim to a malicious cyber based attack. The Australian government has reported that over 60% of cybercrime attacks are aimed at Small to Medium businesses.
The Dark Web is a region of the Deep Web and is a domain where users are more inclined to be engaged in illegal and nefarious activity. Such activities include: drug dealing and trafficking, pornography, and hacker message boards and buying and selling sites.
An insider attack is a malicious act perpetrated on a network, computer system or unlawful release of information by a person with authorised access. Insiders that perform attacks have a distinct advantage over external attackers because they have access to sensitive company data and may be familiar with network architecture and system policies/procedures. There may be less security against insider attacks because many organisations focus on protection from external attacks.
No matter how secure a location or system is, there’s always a way to gain unauthorised access. While companies are learning how to strengthen their premises and computer systems with technical security measures, hackers and malicious actors will always target the weakest part of a security program - humans.
Malware - short for malicious software - is software designed to infiltrate, damage or obtain information from a computer system without the owner’s consent and attacks various operating systems, applications, ICT infrastructure and devices.