They’re often portrayed as socially isolated, disaffected young men tapping keyboards in darkened basements. Motivated by the promise of global notoriety, they spend hours trawling for IT security weaknesses trying to cause disruption and destruction.
The reality of hackers today is somewhat different. Often highly educated, many work in loosely connected groups that share knowledge about targets, exploits and tools. Their motivation has shifted from making a name for themselves to boosting their bank balance.
Many of these hackers start their criminal lifestyle training while in university, focusing their education on running infosec programs. However, the ease with which money can be made through cybercrime, the fact that it holds very little risk with few hackers getting arrested, and the disparity in earning potential, leads those who traverse the gray at the edge of society towards a life of crime. Often, hackers will maintain contacts across groups to share information and sell vulnerabilities to up and coming hackers, or those looking for a particular weakness.
Acquiring skills
Hackers gain their skills in a variety of ways. Many are self-taught, having gradually acquired knowledge since their early teens by trawling the internet and learning from those already involved in the trade.
Starting as ‘script kiddies’ they learn from hacker forums and sites on the dark web. Often beginning with unsophisticated attacks on insecure systems, their abilities and enthusiasm grows over time.
Asia-based hackers, in particular from China, Vietnam, and Japan, are typically highly educated. Many countries in the region have university pipelines that run from InfoSec training programs to government agencies. Hackers can maintain the contacts they make across various groups and create their own personalised web of knowledge and influence.
Increasingly, hacking attacks are found to have been carried out by a small group of hackers working together toward a common goal. Each member has their own specific role to play based on their individual skills, network and areas of influence.
Finding a target
Techniques for finding potential targets vary widely. Some hackers may start simply by conducting a port scan against a group of IP addresses, which can quickly identify ‘low hanging fruit’. Others have a particular target in mind and then set about acquiring the tools needed to breach its defences.
Some might become aware of vulnerabilities within a particular operating system or application and then go hunting for access to those online. This might be achieved through an insecure employee portal or other internet-connected facility.
Hackers often make use of phishing or spear phishing attacks to secure their targets. These are in the form of emails that appear to have come from a legitimate source but instead contain malicious code that infects the recipient’s computer.
Often, the easiest way to start a targeted attack is through low-tech options such as phone calls. Humans are often the weakest link after all. They might call their target pretending to be from an IT support team and ask for confirmation of login details and passwords. If they manage to sound convincing, they can quickly be handed ready-made access to corporate systems.
Once inside their target’s IT infrastructure, skilled hackers can use tools and techniques to avoid detection while moving laterally between different systems. In some cases, hackers have been able to remain within systems for extended periods and steal large quantities of valuable data.
Social media bots have also been used as a distribution vector for initial malspam. The unwillingness of social media companies to act against bots has created an environment of impunity surrounding their use.
Maintaining security
While the profile and motivation of hackers has evolved, the steps organisations need to take to thwart their efforts remains constant. They include:
- Keep software up to date: Ensure all updates and patches are deployed as soon as possible. Many are issued in response to a vulnerability uncovered by hackers, so preventing them from taking advantage of their finds is vital.
- Have layered security: Either manage this yourself or outsource to a group of experts – but either way a firewall, email filter, next-gen AV, and backup solution are critical.
- Privilege management: Hackers often succeed in their efforts to infiltrate corporate IT systems by acquiring details of privileged accounts. Armed with these, they can gain access to multiple systems, install malicious code, and steal data. Keeping privileged account numbers to a minimum can help prevent this from occurring.
- Penetration testing: Conduct regular reviews of the IT infrastructure to ensure the protection mechanisms that are in place are up to the job. With the threat landscape constantly evolving, ongoing testing is essential.
- User education: Clicking on suspicious email attachments, visiting dubious websites, and connecting strange USB devices to a corporate PC are all activities that can launch an attack. Ensure all users are aware of the threats that exist and the steps needed to reduce their likelihood of success.
The hacking community will continue to evolve and make use of new techniques and tools. Indeed, it’s now possible for someone with little or no technical knowledge to acquire tools that can allow them to gain access to systems and cause disruption and damage.
Ultimately, organisations must maintain active vigilance to ensure they are secure and can withstand attacks should they occur. The eye of the hacker is constantly searching for the next target.
About the author
Jim Cook is the ANZ Regional Director of Malwarebytes, an anti-malware software company.