Types of Hackers – And How to Defend Against Them
Not all hackers are created equal.
If you want to effectively protect your systems and data, you first need to understand the different types of adversaries you‘re up against. After all, a bored teenager hacking for fun poses a very different threat than a nation-state hacking group engaged in cyberespionage.
While the term "hacker" is often used as a catch-all, in reality there are several distinct groups of malicious actors in the cyber realm – each with their own motivations, targets, and techniques. Identifying which of these groups are most likely to target your organization is a key step in prioritizing your cyber defenses and making the most of limited security resources.
In this post, we‘ll break down the major types of hackers, from script kiddies to elite nation-state units. For each group, we‘ll examine what drives them, how they operate, and most importantly, what you can do to defend against their attacks.
Let‘s start with one of the most basic but still problematic threats: the script kiddie.
Script Kiddies: Hackers in Training
When you think "hacker", a pimply teenager in their parents‘ basement may come to mind. This stereotypical image actually describes a real type of cyber threat: the script kiddie.
Script kiddies are entry-level hackers with limited skills and experience. They get their name because rather than developing their own hacking tools or exploits, they rely on pre-made tools and scripts written by more sophisticated hackers.
While the term is used disparagingly, script kiddies can still cause damage, especially to improperly secured systems. What they lack in skill they can make up for in persistence and a desire to prove themselves in the hacking community.
Unlike financially motivated cybercriminals or politically driven hacktivists, script kiddies are primarily motivated by thrill-seeking and ego. They want to deface websites, take down gaming servers, steal data – anything to show off their "l33t skillz" to fellow script kiddies.
One of the most infamous script kiddie hacks targeted Microsoft‘s Xbox Live network. In the early 2000s, a group of young hackers known as the "Xbox Underground" gained notoriety for repeatedly infiltrating Microsoft‘s servers.
Using a combination of social engineering and off-the-shelf hacking tools, the teens were able to steal source code for the Xbox and Windows operating systems. While Microsoft eventually caught the culprits, the repeated intrusions were a major black eye for the tech giant.
So how can you protect your organization from pesky script kiddies? The good news is, script kiddies‘ reliance on existing tools and exploits means basic cybersecurity best practices can go a long way:
- Keeping all systems and software up to date with the latest security patches
- Using firewalls and antivirus/anti-malware tools
- Implementing spam filters and educating users on spotting phishing attempts
- Locking down open ports and limiting connections to key servers and databases
- Having an incident response plan in case of a successful intrusion
By reducing your attack surface and shoring up basic defenses, you can make your network a much harder target for rudimentary script kiddie attacks. But don‘t let your guard down – as a script kiddie grows their skills, they may graduate to becoming a full-fledged cybercriminal.
Cybercriminals: Hacking for Profit
When it comes to the seedy underworld of the dark web, cybercriminals reign supreme. Unlike script kiddies hacking for fun or hacktivists pushing a cause, cybercriminals are all about one thing: cold hard cash.
Cybercriminals are responsible for the vast majority of malicious cyber activity, from data breaches to ransomware attacks to credit card fraud. Verizon‘s 2021 Data Breach Investigations Report found that financially motivated cyber attacks accounted for nearly 80% of breaches.
While some cybercriminals work alone, many are part of organized crime groups that operate like corporations, with different employees handling different aspects of an attack. And business is booming for the cybercrime industry: by some estimates, cybercrime could cost the global economy over $10 trillion annually by 2025.
One of cybercriminals‘ favorite tactics is phishing – sending fraudulent emails to trick recipients into giving up sensitive information or downloading malware. Phishing is popular because it‘s cheap and easy to do on a mass scale, and even a tiny percentage of people falling for it can net big profits.
In recent years, cybercriminals have shifted to a strategy dubbed "big game hunting", targeting large enterprises with ransomware attacks. The criminals spend weeks or months stealthily infiltrating a company‘s network, then deploy ransomware to lock up key systems. With business operations crippled, the company faces intense pressure to pay a hefty ransom to get back up and running.
To protect against ever-evolving cybercriminal threats, organizations need to build layered defenses:
- Enforcing strong password policies and enabling multi-factor authentication
- Properly configuring and monitoring network firewalls
- Deploying endpoint detection and response (EDR) tools to detect anomalous activity
- Encrypting sensitive data, both at rest and in transit
- Developing and testing incident response plans for data breaches and ransomware
Cybercriminals follow the money – so making their job as costly and difficult as possible is key to keeping them at bay. But beware: the next hacker on our list has motives beyond money.
Hacktivists: Hackers With a Cause
Not all hackers are in it for profit or glory – some see themselves as activists fighting for a greater cause.
Hacktivists are hackers driven by ideology rather than money. They use cyber attacks to draw attention to political or social issues, influence public opinion, or simply punish those they see as enemies.
Hacktivists‘ causes are diverse, from free speech to environmentalism to anti-capitalism. And their tactics are just as varied, including:
- Distributed denial-of-service (DDoS) attacks to take down websites
- Website defacements to spread propaganda
- Leaking stolen data and emails online
- Doxing – publicly exposing personal information about their targets
One of the most famous hacktivist groups is Anonymous, a decentralized collective of hackers that originated in the early 2000s. Anonymous gained prominence for high-profile attacks in support of WikiLeaks, Arab Spring protestors, and the Occupy Wall Street movement, among other causes. Their most common tactic was DDoS attacks, taking down websites of targets like the Church of Scientology, PayPal, and various government agencies.
While Anonymous‘ attacks generated lots of headlines, most were fairly unsophisticated from a technical perspective – taking advantage of sloppy security rather than using advanced techniques. So how can you avoid becoming the next hacktivist target?
- Regular penetration testing and vulnerability scanning of public-facing websites
- Enabling DDoS protection from your hosting or service provider
- Monitoring social media for discussions of your brand in hacktivist circles
- Developing a crisis communications plan for responding to hacktivist threats
By taking proactive steps to find and fix your security weak spots, you can make your organization a less attractive target for hacktivists looking to make a splash. Up next: the threats that come from inside your own ranks.
Insider Threats: A Danger Within
There‘s an old saying: "There are two kinds of companies – those that have been hacked, and those that don‘t yet know they‘ve been hacked."
To that, we might add a third kind: companies betrayed by their own insiders.
Insider threats come from employees, contractors, and other trusted parties with access to an organization‘s systems and data. Insider attacks can be even more damaging than external hacks, since insiders can bypass many security controls and often have high-level systems access.
There are two main types of insider threats:
-
Malicious insiders who deliberately steal data or sabotage systems. These can be disgruntled employees looking for revenge or profit, or moles planted by competitors or foreign governments. Some insiders are even recruited by external hackers in exchange for a cut of the profits.
-
Negligent or accidental insiders who unintentionally expose data or systems through careless behavior. This could be falling for a phishing email, using weak passwords, or misconfiguring a database to be publicly accessible.
Insider threats can be especially difficult to detect since their activity may not trigger usual security alarms. Infamous insider attacks like NSA contractor Edward Snowden or accused CIA mole Joshua Schulte show how a single rogue insider can exfiltrate massive amounts of sensitive data.
To mitigate the risk of insider threats, organizations should focus on two key areas: technical controls and human factors.
Technical controls can help limit the damage potential of any single insider:
- Implementing the principle of least privilege, so users only have the permissions they need to do their jobs
- Requiring multi-factor authentication and strong password policies
- Encrypting data and using data loss prevention (DLP) tools to prevent exfiltration
- Monitoring for anomalous user behavior with user entity and behavior analytics (UEBA) tools
Just as important is addressing human factors that can create disgruntled or careless insiders:
- Conducting thorough background checks and security clearances for sensitive roles
- Providing security awareness training for all employees
- Creating a positive work environment and reporting mechanisms for employee concerns
- Having offboarding processes to revoke access for departing employees
While there‘s no silver bullet for stopping insider threats, a combination of robust technical safeguards and workforce risk management can help catch problems before they become major incidents. The final hacker on our list, however, is in a league of their own.
Nation-State Hackers: A Class Above
If the previous hackers were hungry sharks, nation-state hackers are the apex predators of the cyber ocean.
State-sponsored hacking groups have time, resources, and skills that put them head and shoulders above the average cyber threat. Drawing from the ranks of top computer science programs and elite military units, nation-state hackers go through extensive training to master offensive security techniques.
Nation-state hacking is a big business: a 2020 Council on Foreign Relations report counted 33 countries that have publicly acknowledged offensive cyber capabilities. Heavyweights like the United States, China, Russia, Israel, and North Korea have invested heavily in building formidable cyber arsenals.
Nation-state hackers‘ missions go beyond website defacements or credit card theft – they‘re conducting advanced espionage, intellectual property theft, and even laying the groundwork for devastating cyberattacks on critical infrastructure.
The techniques these groups employ are cutting-edge: stealthy supply chain attacks, exploiting zero-day vulnerabilities, developing custom malware. Their tools are designed to evade detection and maintain long-term access to compromised networks.
Nation-state attacks can be extremely difficult to detect and attribute given hackers‘ use of proxies, false flags, and other deception techniques. The 2020 SolarWinds breach, linked to Russian intelligence, compromised at least 100 companies and a dozen U.S. government agencies before being discovered – and that was likely just the tip of the iceberg.
For organizations looking to counter nation-state threats, the unfortunate reality is that if an elite state-sponsored hacker wants to compromise your network, they probably can. But that doesn‘t mean you should make it easy for them:
- Use threat intelligence services to stay abreast of nation-state hacking tactics, techniques and procedures (TTPs)
- Implement defense-in-depth security controls and monitoring across networks and endpoints
- Have detailed incident response and business continuity plans for worst-case scenarios of destructive attacks or ransomware
- Consider "out of band" backups and communications methods for emergencies
Faced with the daunting prospect of nation-state threats, it‘s important to remember that no organization can achieve 100% security. Adopting a risk-based approach – focused on protecting your most critical assets from your most likely adversaries – is key to getting the best bang for your cybersecurity buck.
The Bottom Line
Hackers come in many flavors, but they all spell trouble for unprepared organizations. From mischievous script kiddies to state-sponsored cyber warriors, the threat landscape is vast and constantly evolving.
To defend against these diverse adversaries, you need to first understand how they work. What motivates them? What are their targets and techniques of choice?
Answering these questions is the goal of threat modeling – identifying and prioritizing the most likely threats to your unique organization. Only then can you design and implement security controls to effectively counter those specific threats.
While the details may differ, the core principles of a strong cybersecurity program are the same regardless of hacker type:
- Identify and protect your most important assets
- Implement layered defenses to prevent, detect, and respond to attacks
- Proactively search for and reduce your attack surface
- Plan and practice your response to the inevitable incident
Cybersecurity can seem like a daunting challenge in the face of ever-multiplying threats. But by understanding your adversaries and building a threat-informed defense, you can level the playing field and keep the hackers at bay.