Like it or not, cyberspace is loaded with as many bad actors as a discount, all-you-can-eat dinner theatre.
Motivation is a key element to keep in mind when considering bad actors, says Scott Riccon, principal consultant with global technology research and advisory firm ISG. "Financial, political, hacktivism, or personal interest can motivate bad actors' behavior and the targets they engage," he explains. Also important is sponsorship: the entities who fund, protect, and direct attacker activities. "Protecting against an individual is much easier than protecting against a group sponsored by a nation-state with significantly more resources than a single organization can typically bring to defend itself," Riccon observes.
Cyberspace is rife with bad actors. Four, in particular, are creating a massive amount of mayhem:
FIN7
Also known as Gold Niagara, ITG14, and Carbon Spider, FIN7 is a financially motivated threat group. The operation has been active since 2013, primarily targeting the U.S. retail, restaurant, and hospitality sectors, often using point-of-sale malware, Riccon says.
In 2020, FIN7 shifted operations to a “big game hunting” approach, Riccon says, including the use of REvil ransomware and their own Ransomware-as-a-Service (RaaS), Darkside. "Darkside was responsible for the Colonial Pipeline ransomware attack on May 7, 2021, which disrupted 45 percent of fuel to the East Coast of the United States," he says. "One analysis showed that Darkside received over $90M in ransom payments from at least 47 victims, with the average ransom payment of $1.9M."
FIN7 may be linked to the Carbanak Group, while REvil was effectively taken down in January 2022 by the Russian Federal Security Service at the request of the U.S. government. "Their footprint and legacy remain prevalent as many other groups are leveraging techniques developed by this group," Riccon notes. "These groups often shut down, regroup, and rebrand to continue their efforts."
