Are cyber-threats keeping you up at night? You are not alone, dear reader.
As hackers have become more skilled, there has been a rise in the number, severity and sophistication of cyber-attacks inflicting organizations of all sizes, all around the world. According to infosecurity-magazine.com, “there has never been a tougher time to be a Chief Information Security Officer (CISO). Any organization that suffers a data breach will be subject to a far larger financial penalty than before – something that no CISO wants to preside over.”
To make matters worse, threats now range from trouble-making, lonely teenagers taking down systems just for fun, to highly organized, highly dangerous criminal collectives that could wipe out an entire company’s reputation, causing severe financial damages.
Which is why organizations needs to familiarize themselves with the different types of threats, and more importantly, the different types of hackers that could threaten their wellbeing. To quote the brilliant Sun Tzu, “If you know the enemy and know yourself, you need not fear the result of a hundred battles”.
As a result, we’ve comprised a list of different types of hackers, what motivates them, as well as some of the most effective ways to avoid becoming their target.
Script Kiddies
Thrill-seeking, bored teens that hack alone; they don’t usually hack for themselves, thus exploiting existing code. And since they lack the skill to write their own code, they just cut and paste the code or scripts developed by others. It’s estimated that there are millions of script kiddies around the world, and even though they lack the maturity and experience of professional hackers, they can still cause just as much damage as their more professional counterparts.
According to Cybrary.it, “a common Script Kiddie attack is DoSing or DDoSing (Denial of Service and Distributed Denial of Service), in which they flood an IP with so much information it collapses under the strain”.
They scavenge the internet for victims with specific vulnerabilities that allow them to leverage their limited skill set. So, your best bet at staying safe is to stop them from getting in the door in the first place – because once they’re in, they can wreak some serious havoc. Keep your security system up-to-date, and deploy intrusion detection systems and you should be safe. You can also implement tools like chkrootkit Rootkit Hunter to prevent the more challenging rootkit problems.
Hacktivists
Collectives of politically-motivated hackers who often wish to expose wrongdoings, or exact revenge. Unlike regular hackers, they don’t seek financial gains, but rather look for attention, and even gratification. Which is probably why hacktivists, more than any other types of hackers, exploit social media accounts and disclose sensitive information to generate publicity and support for their efforts. However, this doesn’t make them less dangerous.
In terms of targets and modus operandi, hacktivists will leave a message on the homepage of a website that represents a political or religious affiliation they oppose. What’s more, in 75% of cases, hacktivists warn their targets ahead of time – something which rarely, if ever, happens with financially-motivated hackers. Anonymous for example, a notorious hacktivist group, some would even say the best-known hacktivist group, launched attacks against government websites and child-porn sites.
According to Turbofuture.com, “some of their more focused campaigns have been the Occupy Movement, anti-child pornography, and anti-Church of Scientology (some of which involved physical presence as well as an internet one). Although they have certain collective symbols, such as Guy Fawkes masks and taglines, there is no single person giving commands. If a person becomes too narcissistic and starts to use his or her own name for things, that person will be chastised and encouraged to leave”.
Hacktivists, also referred to as grey hat hackers, reside somewhere in the middle on the spectrum between black hat professionals and white hat hackers, which we’ll talk about in the following paragraphs.
Black Hat Professionals
A black hat hacker is an extremely gifted and experienced hacker who does this for a living, breaching security systems and developing avenues of attacks for money, prestige, or incriminating information. Also known as the criminals of the online world, black hat hackers “are the hackers who violate computer security for personal gain,” explains Shawn Pope, CCNA Security Engineer for Nuspire.
Their goal is to bypass security systems and create computer viruses. They’re also known as “crackers” because they tend to exploit security vulnerabilities to expose the personal and/or financial information of millions of customers.
And because they are financially-driven criminals that “have no regard for the law and often hack to commit other, bigger crimes”, black hats usually target companies with valuable intellectual property, companies with sensitive data, such as financial companies, hospitals and even healthcare facilities.
“Large industries such as pharmaceutical, chemical, and technology are popular targets because their IP is easily reproduced or monetized. But smaller, disruptive companies developing new ideas, technologies, and products to challenge existing businesses and entire industries are by no means immune to such cyberattacks”, says Raj Samani , Chief Technology Officer of Intel Security’s Europe, Middle East and Africa division.
One of the most effective ways to defend your organization from a black hat professional is to engage the services of a white hat hacker.
White Hat Hackers
White hat hackers, also known as the “good guys” of the cyberworld, are ethical computer hackers who “specialize in penetration testing and other methodologies to ensure that a company’s information systems are secure”, says Robert Siciliano, identity theft expert with BestIDTheftCompanys.com. They help companies and governments by hacking their systems to check for vulnerabilities and find holes in their networks before the bad guys do.
“If they do happen to find a security hole in the network or a flaw in software, they report these issues back to the organization so they can take the proper steps to address the vulnerabilities”, explains Shawn Pope, CCNA Security Engineer for Nuspire.
Organized Criminal Gangs
Think of organized criminal gangs as the Mafia, but with laptops and malicious code instead of Tommy guns; they are talented, resourceful hackers led by professional criminals, who abide by strict rules to ensure their crimes go undetected by law enforcement. Driven by financial motivation, these sophisticated gangs are drawn by how much easier cybercrime is compared to other fraudulent activities.
Interestingly enough, these professional cyber-criminals often chose to launch their attacks on Friday evenings, ensuring their infiltration goes undetected for longer, and thus causing more damage to their victims. What’s more, organized gangs treat their criminal activities like regular jobs, sticking to office hours and taking the weekends off.
So, how can you protect your assets from these criminal geniuses? Just make sure you maintain a strong security posture throughout the entire enterprise, and stay up-to-date on the latest information regarding cyber threats and vulnerabilities, including tools, tactics and strategies.
