Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

The 9 greatest IT security threats

Hacking has evolved from one-person crime of opportunity to an open market of sophisticated malware backed by crime syndicates and money launders

Article comments

Years ago the typical hacking scenario involved a lone attacker and maybe some buddies working late at night on Mountain Dew, looking for public-facing IP addresses. When they found one, they enumerated the advertising services (Web server, SQL server, and so on), broke in using a multitude of vulnerabilities, then explored the compromised company to their heart's content. Often their intent was exploratory. If they did something illegal, it was typically a spur-of-the-moment crime of opportunity.

My, how times have changed.

When describing a typical hacking scenario, these days you must begin well before the hack or even the hacker, with the organisation behind the attack. Today, hacking is all crime, all the time, complete with bidding markets for malware, crime syndicates, botnets for hire, and cyber warfare gone amok.

Here are the nine biggest threats facing today's IT security pros.

Threat No. 1: Cyber crime syndicates

Although the lone criminal mastermind still exists, these days most malicious hacking attacks are the result of organized groups, many of which are professional. Traditional organised crime groups that used to run drugs, gambling, prosecution, and extortion have thrown their hats into the online money grab ring, but competition is fierce, led not by mafiosos but several very large groups of professional criminals aimed specifically at cyber crime.

Many of the most successful organised cyber crime syndicates are businesses that lead large affiliate conglomerate groups, much in the vein of legal distributed marketing hierarchies. In fact, today's cyber criminal probably has more in common with an Avon or Mary Kay rep than either wants to admit.

Small groups, with a few members, still hack, but more and more, IT security pros are up against large corporations dedicated to rogue behavior. Think full-time employees, HR departments, project management teams, and team leaders. And it's all criminal, no more funny messages printed to the screen or other teenage antics. Most operate in the open, and some - like the Russian Business Network - even have their own Wikipedia entries. Kind of makes you wish for yesteryear, doesn't it?

Specialisation and division of labour are at the heart of these organisations. A single mastermind, or an inner circle, will run the collective. Sergeants and subdivisions will specialize in different areas, with an arm dedicated to creating malware, another dedicated to marketing, another that sets up and maintains the distribution channel, and yet another in charge of creating botnets and renting them to other evildoers (see below).

It's little wonder why popular IT security practices just don't work against today's malware, given that cyber crime has evolved into a multilevel, service-oriented industry with the blatant goal of fleecing companies and people out of their money and intellectual property.

Threat No. 2: Small-time cons - and the money mules and launders supporting them

Not all cyber criminal organizations are syndicates or corporations. Some are simply entrepreneurial in nature, small businesses after one thing: money.

These malicious mom-and-pop operations may steal identities and passwords, or they may cause nefarious redirection to get it. In the end, they want money. They initiate fraudulent credit card or banking transactions and convert their ill-gotten gains into local currency using money mules, electronic cash distribution, e-banking, or some other sort of money laundering.

It's not hard to find money launders. There are dozens to hundreds of entities competing to be the one that gets to take a large percentage cut of the illegally procured loot. In fact, you'd be surprised at the competitive and public nature of all the other people begging to do support business with Internet criminals. They advertise "no questions asked," "bulletproof" hosting in countries far from the reaches of legal subpoenas, and they offer public bulletin boards, software specials, 24/7 telephone support, bidding forums, satisfied customer references, antimalware avoidance skills, and all the servicing that helps others to be better online criminals. Many of these groups make tens of millions of dollars each year.

Many of these groups and the persons behind them have been identified (and arrested) over the past few years. Their social media profiles show happy people with big houses, expensive cars, and content families taking foreign vacations. If they're the slightest bit guilty from stealing money from others, it doesn't show.

Imagine the neighborhood barbeques where they tell neighbors and friends that they run an "Internet marketing business" - all the while social engineering their way to millions to the consternation of IT security pros who have done just about everything you can to protect users from themselves.

Threat No. 3: Hacktivists

Whereas exploit bragging was not uncommon in the early days, today's cyber criminal seeks to fly under the radar - with the exception of the growing legions of hacktivists.

These days IT security pros have to contend with an increasing number of loose confederations of individuals dedicated to political activism, like the infamous Anonymous group. Politically motivated hackers have existed since hacking was first born. The big change is that more and more of it is being done in the open, and society is readily acknowledging it as an accepted form of political activism.

Political hacking groups often communicate, either anonymously or not, in open forums announcing their targets and hacking tools ahead of time. They gather more members, take their grievances to the media to drum up public support, and act astonished if they get arrested for their illegal deeds. Their intent is to embarrass and bring negative media attention to the victim as much as possible, whether that includes hacking customer information, committing DDoS (distributed denial of service) attacks, or simply causing the victim company additional strife.

More often than not, political hacktivism is intent on causing monetary pain to its victim in an attempt to change the victim's behavior in some way. Individuals can be collateral damage in this fight, and regardless of whether one believes in the hacktivist's political cause, the intent and methodology remain criminal.


Share:

More from Techworld

More relevant IT news

Comments

DocSlow said: Traditional organised crime groups that used to run drugs gambling prosecution and extortion

DocSlow said: Prosecution



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *