The 9 greatest IT security threats
Hacking has evolved from one-person crime of opportunity to an open market of sophisticated malware backed by crime syndicates and money launders
By Roger A. Grimes | InfoWorld | Published: 17:28, 28 August 2012
Years ago the typical hacking scenario involved a lone attacker and maybe some buddies working late at night on Mountain Dew, looking for public-facing IP addresses. When they found one, they enumerated the advertising services (Web server, SQL server, and so on), broke in using a multitude of vulnerabilities, then explored the compromised company to their heart's content. Often their intent was exploratory. If they did something illegal, it was typically a spur-of-the-moment crime of opportunity.
My, how times have changed.
When describing a typical hacking scenario, these days you must begin well before the hack or even the hacker, with the organisation behind the attack. Today, hacking is all crime, all the time, complete with bidding markets for malware, crime syndicates, botnets for hire, and cyber warfare gone amok.
Related Articles on Techworld
Here are the nine biggest threats facing today's IT security pros.
Threat No. 1: Cyber crime syndicates
Although the lone criminal mastermind still exists, these days most malicious hacking attacks are the result of organized groups, many of which are professional. Traditional organised crime groups that used to run drugs, gambling, prosecution, and extortion have thrown their hats into the online money grab ring, but competition is fierce, led not by mafiosos but several very large groups of professional criminals aimed specifically at cyber crime.
Many of the most successful organised cyber crime syndicates are businesses that lead large affiliate conglomerate groups, much in the vein of legal distributed marketing hierarchies. In fact, today's cyber criminal probably has more in common with an Avon or Mary Kay rep than either wants to admit.
Small groups, with a few members, still hack, but more and more, IT security pros are up against large corporations dedicated to rogue behavior. Think full-time employees, HR departments, project management teams, and team leaders. And it's all criminal, no more funny messages printed to the screen or other teenage antics. Most operate in the open, and some - like the Russian Business Network - even have their own Wikipedia entries. Kind of makes you wish for yesteryear, doesn't it?
Specialisation and division of labour are at the heart of these organisations. A single mastermind, or an inner circle, will run the collective. Sergeants and subdivisions will specialize in different areas, with an arm dedicated to creating malware, another dedicated to marketing, another that sets up and maintains the distribution channel, and yet another in charge of creating botnets and renting them to other evildoers (see below).
It's little wonder why popular IT security practices just don't work against today's malware, given that cyber crime has evolved into a multilevel, service-oriented industry with the blatant goal of fleecing companies and people out of their money and intellectual property.
Threat No. 2: Small-time cons - and the money mules and launders supporting them
Not all cyber criminal organizations are syndicates or corporations. Some are simply entrepreneurial in nature, small businesses after one thing: money.
These malicious mom-and-pop operations may steal identities and passwords, or they may cause nefarious redirection to get it. In the end, they want money. They initiate fraudulent credit card or banking transactions and convert their ill-gotten gains into local currency using money mules, electronic cash distribution, e-banking, or some other sort of money laundering.
It's not hard to find money launders. There are dozens to hundreds of entities competing to be the one that gets to take a large percentage cut of the illegally procured loot. In fact, you'd be surprised at the competitive and public nature of all the other people begging to do support business with Internet criminals. They advertise "no questions asked," "bulletproof" hosting in countries far from the reaches of legal subpoenas, and they offer public bulletin boards, software specials, 24/7 telephone support, bidding forums, satisfied customer references, antimalware avoidance skills, and all the servicing that helps others to be better online criminals. Many of these groups make tens of millions of dollars each year.
Many of these groups and the persons behind them have been identified (and arrested) over the past few years. Their social media profiles show happy people with big houses, expensive cars, and content families taking foreign vacations. If they're the slightest bit guilty from stealing money from others, it doesn't show.
Imagine the neighborhood barbeques where they tell neighbors and friends that they run an "Internet marketing business" - all the while social engineering their way to millions to the consternation of IT security pros who have done just about everything you can to protect users from themselves.
Threat No. 3: Hacktivists
Whereas exploit bragging was not uncommon in the early days, today's cyber criminal seeks to fly under the radar - with the exception of the growing legions of hacktivists.
These days IT security pros have to contend with an increasing number of loose confederations of individuals dedicated to political activism, like the infamous Anonymous group. Politically motivated hackers have existed since hacking was first born. The big change is that more and more of it is being done in the open, and society is readily acknowledging it as an accepted form of political activism.
Political hacking groups often communicate, either anonymously or not, in open forums announcing their targets and hacking tools ahead of time. They gather more members, take their grievances to the media to drum up public support, and act astonished if they get arrested for their illegal deeds. Their intent is to embarrass and bring negative media attention to the victim as much as possible, whether that includes hacking customer information, committing DDoS (distributed denial of service) attacks, or simply causing the victim company additional strife.
More often than not, political hacktivism is intent on causing monetary pain to its victim in an attempt to change the victim's behavior in some way. Individuals can be collateral damage in this fight, and regardless of whether one believes in the hacktivist's political cause, the intent and methodology remain criminal.