The Changing Face of Cybercrime—Know Your Enemy
By Rick Miller
10 October, 2017
As a cybersecurity professional, you are the guardian of data, the gate keeper, and the architect of defense. You live on the front lines of a digital battle against invisible enemies and advanced persistent threats.
It’s your job to find and protect any possible vulnerability or weakness that could be exploited anywhere in your organization at any time—24/7/365.
Your enemy’s job is to find one weakness. Just one!
Your enemy will exploit your infrastructure, your people, and anyone connected to you in order to get what they want. And they are evolving. They are more organized and sophisticated. They have more digital weapons, more money, more technology, and more opportunity and desire.
Security Professionals: Fighting the Good Fight
The Chinese warrior general Sun Tzu wrote over 2000 years ago that, “The good fighters of old first put themselves beyond the possibility of defeat, and then waited for an opportunity of defeating the enemy.” Today, that same principle holds true.
As protectors of the digital realm, we must be like “the good fighters of old.” We must proactively prepare to negate the possibility of defeat, while building plans and strategies to defeat those that would do us harm or put us out of business. This is the life of the cybersecurity professional. It’s a job that never ends, never stops evolving, and never rests.
In order to proactively prepare, we must first take time to understand our enemy. Who is looking to breach our defenses? What are their motives? What is their level of education? What is their technical prowess?
Hacker Profiling: Do You Know Who’s Attacking You and Why?
Building a cracker or hacker profile is not an easy task. While there is a fair amount of discord about terminology, when it comes to hackers and crackers, for the purpose of this blog, we will refer to hackers as either good guys, bad guys, or somewhere in between. Just for the record, hackers that use their skills for self-gain and malicious or unlawful purposes should be referred to as crackers, while hackers may be good guys or something in the middle, depending on their moral compass.
Hackers and crackers fall into several categories.
- Script Kiddies
As the name suggests, “Script Kiddies,” are typically fairly unsophisticated. They use copied scripts or code to launch viruses or DoSing and DDoSing attacks. These attacks typically overload the infected network and deny service to their victims.
- Green Hat
Green Hats are hackers that are referred to as “N00bz.” They seek to learn to become full-blown crackers or hackers.
- Blue Hat
These are typically Script Kiddies or Green Hats with a grudge. Blue Hats seek revenge and will use whatever means necessary to get it. They seek to shut down networks using DDoS attacks and other malicious code.
- White Hat
These are the good guys—they’re also known as ethical hackers. Most have technical degrees and certifications that allow them to offer ethical hacking services. They seek vulnerabilities so that they can mitigate them and create safe, secure environments.
- Black Hat
Black Hats are also known as crackers—they are the bad guys. They write or use others’ code to plan and deploy malicious attacks with the goal of gaining data to sell for profit. They may act as disruptors to governments (state actors), businesses, or individuals.
- Gray Hat
Gray Hat hackers live in both worlds, and make up the majority of hackers. They are more about the hunt and chase than the rewards, sometimes breaking laws but not with the malicious intent of the Black Hats.
- Red Hat
Fortunately, Red Hat hackers work for good—they are White Hat hackers on steroids. These guys are highly tech-savvy, preferring to hunt Black Hats rather than reporting them. Red Hats vs. Black Hats is a test of skill, talent, and stamina.
The constant media image of Black Hat hackers lurking in the Dark Web, living in their mom and dad’s basement, wearing a hoody and Chucks, smoking packs of cigarettes and drinking beer while digital characters float into space is the picture we have all been sold. In reality, this is far from the truth.
The Business of Cybercrime
Today, the threat landscape is much more organized and dangerous. The past few years have proven that cybercriminal activity has a low threshold for prosecution and a high threshold for profit. Cybercriminal organizations are well financed, have business plans, employees, target goals, strategies, HR departments, and the latest technology. As they grow, they are adopting big business models offering franchises, reseller partnerships, customer service, collaboration tools, and training. Cybercriminals are also working together to form global criminal communities.
In an article published on ZDnet Nathaniel Gleicher, head of cybersecurity strategy at Illumio®, explains: "You have people who are managing and distributing credit card information, people who are cracking bank accounts, people who are managing remote access toolkits, to people who specialize in social engineering. There are very specific skillsets."
But it's not just gangs of hackers anymore: the cybercriminal ecosystem has evolved to the extent that it supports roles you'd expect to find in any large business.
In the same article, Sian John, chief strategist for EMEA at Symantec®, adds: "Advanced cybercrime groups now mirror legitimate organizations in the way they operate, with networks of partners, associates, resellers, and vendors. Some groups even deploy call center operations to ensure maximum impact for their scamming efforts."
Protecting Yourself From Organized Crime
These trends suggest that hacking and cybercrime are no longer the domain of individuals seeking to make a nuisance of themselves. Cybercrime is now an industry involving major criminal groups, with ecosystems as well-structured as the corporations they're likely attempting to target. Organizations must therefore ensure their own defenses are up to fighting this threat.
As businesses seek to protect themselves from these threats, several key factors come into play:
- Plans to cover cybersecurity basics. This sounds easy enough, but even Equifax® didn’t have an adequate plan for automatic patch updates.
- Company-wide cybersecurity policies. Employees and management must be actively involved in creating a culture of security.
- Security awareness training. Creating a human firewall is an essential element in any cybersecurity plan. Hackers know all they need is “one click” or mistake by an employee to get in.
- The ability to identify risks. Vulnerability assessments are critical in identifying risks.
- Established cybersecurity governance. This is the glue that binds together all of the core elements of cyber defense and effective risk management.
- Secure company networks and information. Companies must utilize the latest advances in antivirus technology, encryption, backup, etc.
- Understanding of the risks associated with downstream vendors and partners. Do your partners and vendors have proper protection? Remember the Target® breach started with their HVAC vendor.
- An effective SIEM (security incident and event management) tool. This correlates data 24/7/365 to help a security operations center (SOC) detect suspicious activity.
- Company-wide risk management. Security is a company-wide responsibility. All managers should understand how data flows through the system and know how to protect confidential information from leaking to cybercriminal infrastructure. https://heimdalsecurity.com/blog/10-critical-corporate-cyber-security-risks-a-data-driven-list/
- A cyberincident response plan. Only 37% of organizations of all sizes have a cyberincident response plan.
- An effective electronic audit. This means scanning all systems searching for data that if exposed could cause damage to the company or anyone that does business with it. Performing a pre-emptive audit or scan allows you to identify any vulnerable data and protect it before a criminal hacker can steal it. Check out this blog post for more detail on this.
In the end, vigilance is the key. As IT security professionals, we must remain on guard and be prepared at all times. We must understand the risk, the players, the strategies, tools, and code of conduct that malicious hackers seek to employ to do us harm. The old stereotype of a lone hacker sitting in the dark should not be your biggest concern. The truth is hackers may just look like your neighbors getting up and going to work. The question is, what color hat are they wearing?
Remember if you are connected, you must be protected.
Rick Miller is COO and Partner of The Tek, an MSSP specializing in risk assessment, risk mitigation, protection, and education to SMBs. Rick is a long-term veteran in the IT industry. His success has been founded in propelling start-ups and turnarounds to success and profitability. His experience has helped to grow multiple companies from start-up to profitability.