Security for Beginners
by Sergey Okinchuk
Threats, Vulnerabilities, and RiskNo System Is Perfectly Secure
Topic 04

Who Attacks, and Why

Concept

The movies gave us one picture of a hacker: a lone genius in a dark hoodie, typing furiously, breaking into anything for the thrill of it. It is a vivid image, and it is mostly wrong — and believing it makes you brace for the wrong kind of attack.

Real attackers are a range of people with ordinary motives. Most of the time the motive is simply money; the rest of the time it is information, disruption, or making a point. Knowing who would actually come after Olivia, and why, tells you far more about what they would try than any hoodie ever could.

The real cast of attackers — and what each is usually after
Criminals
Opportunists and organized groups chasing money — fraud, stolen cards, ransomware. The largest category by far.
Insiders
Employees or contractors who already have access and misuse it — for money, revenge, or by accident.
Hacktivists
People attacking to make a political or social statement rather than for profit.
State-backed
Government-funded groups after espionage or sabotage — well-resourced, patient, and quiet.

The Motive Is Usually Money

Strip away the drama and most attacks are simply criminal businesses. Stolen card numbers get sold; ransomware demands a payment; fake invoices trick companies into wiring funds. These operations are run for profit, with budgets, tooling, and division of labor, much like any other business — just an illegal one. When you understand that money is the usual goal, the methods stop being mysterious and start looking like what they are: low-effort, high-payoff ways to get paid.

The Real Cast

Beyond ordinary criminals, a few other groups round out the picture. Insiders are people who already have legitimate access — an employee, a contractor — and misuse it, sometimes maliciously and sometimes by mistake. Hacktivists attack to make a political or social point rather than for money. And state-backed groups, funded by governments, pursue espionage or sabotage with patience and resources far beyond a lone criminal.

Most people, most of the time, will only ever encounter the first category. But it is worth knowing the others exist, because they explain attacks that don't fit the "someone wanted quick money" pattern.

Targeted Versus Opportunistic

Here is the distinction that matters most for someone like Olivia. An opportunistic attack doesn't choose you — it sweeps everyone, automatically, and catches whoever happens to be exposed. When a website is breached and the stolen passwords get tried on thousands of other sites, no human picked Olivia; she simply reused a password that turned up in the pile. A targeted attack, by contrast, is aimed at one specific person or organization on purpose.

The vast majority of what ordinary people face is opportunistic. That is reassuring in one way — you are rarely singled out — and sobering in another: you don't have to be important to be caught in a net that was cast at everyone.

Opportunistic vs Targeted: two very different shapes of attack
Opportunistic
Automated tools scan or probe at scale. Anyone exposed gets caught — not because they were chosen, but because they were there. This is what most people face.
Targeted
An attacker picks one specific person or organization on purpose and researches them first. Rare for ordinary people, but common when someone holds high-value data or access.

Why Motive Predicts Method

Once you know what an attacker wants, you can guess how they will work. Someone after fast money sends phishing emails and deploys ransomware, because those pay quickly. Someone after secrets does the opposite — they stay hidden for as long as possible, quietly watching, because being noticed ends the espionage. The goal shapes the method, which is exactly why "who and why" is the first question a defender asks.

Common Confusions
  • "Hackers are lone geniuses breaking in for the challenge." Most attacks are run for money by organized groups using automated tools at scale — closer to a business than a prodigy in a basement.
  • "I'm not important enough to be attacked." Opportunistic attacks don't choose you; they sweep everyone and catch whoever is exposed. Importance has nothing to do with it.
  • "An attacker is always an outsider." Insiders — employees and contractors who already have access — are a major category, sometimes malicious and sometimes simply careless.
  • "All attackers want the same thing." A criminal wants quick money; a spy wants to stay hidden and watch. Different motives lead to very different methods, which is why motive matters.
Why It Matters
  • Knowing most attacks are automated and money-driven tells you what is realistic to defend against — and that ordinary, boring caution stops most of it.
  • The targeted-versus-opportunistic split dismantles the "I'm too small to be a target" belief that leaves people exposed.
  • Because motive predicts method, naming who would attack and why is the starting point for every defense decision in the rest of the course.

Knowledge Check

What is the most common motive behind attacks?

  • Money
  • The thrill of the challenge
  • Making a political statement
  • Government espionage

A website is breached, and the stolen passwords are automatically tried on thousands of other sites. Olivia is caught because she reused one. This is an example of:

  • An opportunistic attack that swept everyone
  • A targeted attack aimed specifically at Olivia
  • An insider misusing their access
  • A state-backed espionage operation

Why does an attacker's motive help predict how they'll operate?

  • Different goals lead to different methods
  • Because all attackers use exactly the same techniques, so motive doesn't change their approach
  • Because motive tells you precisely how skilled the attacker is
  • Because it reveals which country the attacker is in

You got correct