Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
Reporting on intrusions or attacks often dwells on the method that the attackers used to breach the defenses of a particular organization. However, the goals of the attacker are the most relevant to how an organization can protect itself. The goals of attackers reflect the perceived value of the critical assets an organization has to the attackers, which is independent from the value these assets have to the organization.
The table below shows a carefully chosen sample of well-documented attacks on what attackers consider to be high-value or critical assets. It is worth noting the following attacks were performed by a mixture of nation states, mercenaries, nation state proxies, cyber criminals and hacktivists, showing a complex ecosystem. We do not aim to provide definitive attribution here, merely state which are the most likely candidates based on assessments from law enforcement or the wider community.
A common theme running through the above table is how attackers take the path of least resistance to their goals and in the cases where critical assets were not reachable, used a creative approach to monetize the access that they did have.
Some common themes concerning attacker goals emerge:
By understanding the goals of the attackers, defenders can understand which of their assets need to be safeguarded. Any breach investigation or incident response should attempt, where possible, to understand the goals of the attackers in order to gain insight on how attackers are targeting an organization’s assets.
Recent attacks like the Nyetna outbreak highlight the difficulty of certainty around attacker goals as there may be deliberate attempts by the attacker to obscure their true goals, in such cases the different plausible attacker goals must be considered.
We recently wrote a blog on five ways security engineering can help to protect these assets.