Threat Objectives
The Adversarial platform organizes cyber threats around six threat objectives, each defined by the motivation and intent of the adversary. These objectives form the foundation of an organization’s threat profile and drive how risks and incidents are categorized, scored, and prioritized across the platform.
The six threat objectives
Section titled “The six threat objectives”Extortion
Section titled “Extortion”Extortion covers a range of tactics used to coerce payment, including ransomware, “DDoS for Bitcoin,” and data theft followed by threats to leak. In today’s landscape, any organization with an internet-facing presence has an imminent-to-probable likelihood of extortion attempts.
Example: Adversaries gain root-level access to cloud servers, workloads, and storage, encrypt services, and hold production hostage.
Related AKRs: Controls for data exfiltration used in extortion, BYOD (bring-your-own-device) credential capture, and egress access management.
Sabotage
Section titled “Sabotage”Sabotage involves deliberate destruction or disruption of systems and services. Examples include destructive malware, targeted DDoS campaigns for ideological impact, and attacks on operational technology.
Related AKRs: Coverage for persistent, SRE-style access to core systems and pipelines; defenses against wiper malware; backup protection; DDoS resilience; cloud ingress hardening; command-and-control disruption; and safeguards against abuse of administrative privileges.
Data Disclosure
Section titled “Data Disclosure”Data Disclosure focuses on the unauthorized exposure of sensitive data such as PII, PHI, NPI, MNPI, transaction data, or intellectual property. Disclosure can occur through human error or malicious activity.
Related AKRs: Controls for company-managed devices, sensitive data access (remote and onsite), restrictions on writing to removable media, and other measures that limit adversary paths to data objectives.
Resource Hijacking
Section titled “Resource Hijacking”Adversaries misuse organizational resources — often cloud infrastructure — to send spam, mine cryptocurrency, or perform other compute-heavy tasks. Likelihood is notable for cloud-first environments, while impact is typically low to moderate and cleanup is straightforward. Risk is higher for computing-intensive operations such as data centers or crypto-mining platforms.
Related AKRs: Protections against email-borne malware, malicious links and drive-by downloads, and misuse of cloud management accounts stemming from configuration errors that lead to cloud compromise.
Customer Targeting
Section titled “Customer Targeting”Customer Targeting exploits trusted relationships or technical connectivity to compromise downstream victims. While high-profile examples include software supply chain breaches like SolarWinds, any organization storing sensitive customer data should consider the risk of adversaries viewing, editing, or deleting that data.
Related AKRs: Strong network segmentation, rigorous red-team testing, social engineering defenses (including IT impersonation scenarios), and protection of MFA backup and recovery mechanisms.
Fraud targets organizations with substantial financial transactions — premiums, payroll, commissions, or large disbursements. Threats include business email compromise, credential theft, and payment rerouting (such as payroll ACH fraud).
Related AKRs: Controls for check washing and wire fraud, executive impersonation and targeting, and BYOD-based credential protection.
How threat objectives are used
Section titled “How threat objectives are used”Threat objectives appear throughout the platform:
- Threat Profile — Select which objectives are relevant to your organization to define your cyber mission.
- Risk Register — Risks are tagged with associated threat objectives, either manually or via AI scoring.
- Incident Register — Incidents are mapped to threat objectives to maintain alignment between response activities and organizational priorities.