Threats and Attackers

Who the Attackers Are

Behind every threat is an actor with different motivations, capabilities, and resources. At the most sophisticated end are nation-state actors, government-backed groups that conduct espionage, sabotage of critical infrastructure, and intellectual property theft with patience and almost unlimited funding.

Organized cybercriminals operate with business logic: they seek financial gain through fraud, data theft, or extortion. They have industrialized crime to the point of offering "crime as a service." There are also hacktivists, motivated by political or social causes, and amateurs known as script kiddies, who use other people's tools without fully understanding them.

We must not forget insider threats: disgruntled or careless employees, or those whose credentials have been compromised. These threats are especially dangerous because the attacker already has legitimate access, allowing them to bypass many perimeter defenses.

Malware: Software with Malicious Intent

The term malware (malicious software) covers any program designed to damage, spy on, or take control of a system. Viruses attach to legitimate files and spread when executed; worms replicate across the network without human intervention; trojans disguise themselves as useful software to trick the user and open a back door.

Other variants include spyware, which secretly collects information from the victim; keyloggers, which record every keystroke to steal credentials; and rootkits, designed to hide their presence deep within the operating system. Botnets turn thousands of infected machines into a remotely controlled network, used to send spam or launch massive attacks.

Defending against malware combines technical solutions —antivirus, EDR, application allowlisting— with good practices: not running files from unknown sources, keeping software updated, and being wary of unexpected attachments.

Phishing and Social Engineering

Social engineering is the art of manipulating people into revealing information or performing actions that compromise security. Instead of attacking technology, it attacks the human being, who is often the weakest link. It exploits emotions such as urgency, fear, curiosity, or the desire to help.

Phishing is its most common form: fraudulent emails, messages, or websites that impersonate legitimate entities to steal credentials or data. Spear-phishing targets a specific person with a personalized message; whaling targets senior executives; smishing and vishing use SMS and phone calls. Business Email Compromise (BEC) impersonates an executive to order fraudulent transfers.

The best defense is awareness. Verifying the sender, not clicking suspicious links, confirming unusual requests through an alternative channel, and distrusting pressure to act quickly are habits that neutralize most of these attacks.

Ransomware: the Threat That Hijacks Data

Ransomware is a type of malware that encrypts the victim's files and demands a payment (ransom), usually in cryptocurrency, in exchange for the decryption key. It has become one of the most devastating threats to companies, hospitals, and governments because of its ability to paralyze entire operations.

Modern tactics make the problem worse with double extortion: in addition to encrypting the data, attackers exfiltrate it and threaten to publish it if payment is not made. The Ransomware-as-a-Service (RaaS) model lets criminals without technical skills rent ready-to-use platforms, which has multiplied the number of attacks.

Effective protection rests on three pillars: frequent, tested backups isolated from the network; rapid patching of vulnerabilities; and segmentation so that a compromised machine does not infect the whole organization. Paying the ransom is never guaranteed and, moreover, funds future attacks.

Anatomy of an Attack

Understanding that attacks follow phases helps you defend against each one. Models such as the Cyber Kill Chain or the MITRE ATT&CK framework describe stages like reconnaissance, initial access, execution, persistence, lateral movement, and exfiltration. Each phase offers an opportunity to detect and stop the attacker.

With this threat landscape in mind, the next lessons focus on concrete controls: robust authentication, cryptography, and protection of the devices we use every day.