Attacker Classification Blog Post

[HockeyInJune]

Using publicly available information about different groups of attackers and their motives, build a taxonomy of different types of attackers and their motives, capabilities, resources, growth, and more.

Make sure to follow standard principles of economics, like an actor will take the path of least effort/resources/sophistication to achieve their goal. For instance, crimeware groups who are stealing bank account information don't need to use 0-day to install their malware so chances are, they won't.

This project is designed to help show laymen how and why attackers operate the way they do. And also to prevent bullshit and lies from ending up in the New York Times. :)

[moshekaplan]

Related info from the recent net traveler report (http://www.securelist.com/en/downloads/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf, page 4):
"during our analysis, we did not see any advanced use of zero-day vulnerabilities or other
malware techniques such as rootkits. it is therefore surprising to observe that such unsophisticated attacks can still be successful with high profile targets."