Beginner Fundamentals Updated on Jun 25, 2025

Attacker Types: Motivations and Capabilities

Knowing the attacker profile helps prioritize defenses. An opportunistic attack requires different controls than a state-sponsored operation.

Script Kiddie

Attacker without deep technical knowledge. Uses ready-made tools downloaded from the internet.

Motivation: curiosity, recognition on forums, vandalism
Capability: low — relies on public exploits
Target: systems with known, unpatched vulnerabilities

Effective defense: rigorous patch management, regular CVE scanning.

Ethical Hacker / Security Researcher

Authorized professional hired to find vulnerabilities before a real attacker does.

Motivation: compensation, recognition, security improvement
Capability: high — uses the same tools as attackers
Operation: within a defined scope in a contract (pentest, bug bounty)

Without formal written authorization, the activity is illegal even with good intentions.

Insider Threat

Internal threat: employee, ex-employee, or contractor with legitimate access.

Motivation: financial gain, revenge, corporate espionage, coercion
Capability: medium to high — knows internal systems
Risk: hard to detect, access already exists

Fictional scenario:
Terminated employee accesses the CRM system 3 days later with non-revoked credentials
→ Exports customer list
→ Sells it to a competitor

Defense: revoke access at termination, monitor behavioral anomalies (UEBA), principle of least privilege.

Organized Crime

Criminal groups with a clear financial objective: ransomware, fraud, data theft for resale.

Motivation: financial profit
Capability: high — resources, division of labor, infrastructure
Preferred targets: healthcare, finance, critical infrastructure

APT (Advanced Persistent Threat)

Sophisticated actor, usually state-sponsored, with long-term strategic objectives.

Motivation: espionage, sabotage, geopolitical advantage
Capability: very high — zero-days, dedicated infrastructure, patience
Characteristic: silent presence for months or years before acting

Comparative Summary

Type           | Motivation    | Capability  | Persistence
---------------|---------------|-------------|-------------
Script Kiddie  | Curiosity     | Low         | Low
Insider        | Varied        | Medium/High | Medium
Organized Crime| Financial     | High        | High
APT            | Strategic     | Very High   | Very High

Calibrate defenses according to the threat model relevant to your context.