Home Articles The Unusual Suspects: You have no idea where your next cyber attack...

The Unusual Suspects: You have no idea where your next cyber attack will come from


They’re the unseen, threatening, mysterious adversaries your business must defend against.

But holding them up to the cold light of day diminishes their power – and helps defeat their attacks.

The cyber threats organisations face are created by human beings, people who make mistakes and have weaknesses.

At BAE Systems, we think that understanding the threat actors you face is the cornerstone of a strong business defence.

These are the Unusual Suspects.

The Unusual Suspects image (3)

The Insider

The Insider comes in many guises: the disgruntled office worker, the blackmail victim in accounts, the spy, or the small supplier with trusted access to your network. The Insider may conduct their activities on purpose, through carelessness, or through outside influence falling for a scam or becoming the victim of blackmail, for example. This makes the Insider one of the hardest suspects to predict and defend against. The Insider’s position within the organisation can mean they can do just as much damage as the most sophisticated piece of malware.

The Professional

The Professional works a 9-to-5 day at a company that might look like a legitimate operation. However, it is anything but. The Professional is engaged in cybercrime or cyber-enabled crime, running phone support scams, writing software for other criminals, or helping prop up the cybercrime supply chain. At the top of the tree, the Professional may operate money-making resources such as botnets or exploit kits, as well as advertising them for hire.

The Getaway

Getaways have youth on their side – even if they get caught, they’re too young to go to prison. The Getaway’s hacking skills are generally basic, but they’re keen to impress their peers and will invest significant amounts of time in their dubious online activities, learning new skills and playing with the latest tools. On occasion, they can be used by more senior suspects as proxies or diversions.

The Activist

The Activist takes their political, religious or social cause to the Internet, actively setting out to target individuals or groups they disagree with using the power of their keyboard and hacker’s toolbox to harm reputations, steal data or target infrastructure. They are more likely to cause visible damage than to conduct their activities covertly.

The Mule

The Mule is a casual criminal – or even an innocent opportunist – used by others to launder the proceeds of cybercrime by taking stolen money and goods and turning it into ‘clean’ funds. They do this via Internet payments, money transfers or online auctions. They’re motivated by greed or desperation, and often work from home, internet cafés or free WiFi hotspots, relying on internet payment and bank accounts, as well as access to money transfer services in local shops. Mules run the highest chance of arrest or prosecution compared to other cyber criminal types, as their role is to provide the point at which virtual stolen goods are fenced or laundered into the physical world.

The Nation State Actor

The Nation State Actor has a ‘License to Hack’. They work for a government to disrupt, steal from or compromise target governments, organisations or individuals to steal valuable data or intelligence, and can create incidents that have international significance. They might be part of a semi-hidden ‘cyber army’ or ‘hackers for hire’ that work for companies that are either aligned to the aims of a government or dictatorship.

Rajiv Shah is the regional general manager, BAE Systems Applied Intelligence

rajiv shah