Most network security management professionals have a pretty good understanding of the technology they employ to protect their company or data center from cyber-criminals. From UTM appliances offering the latest and greatest in compliance management and data security to wireless network security and BYOD device management, most people in the trenches know the clicks and feeds necessary to protect the mother-land. But do you know your enemy? I mean do you really know them; their personalities, friends, motives?
We just released an Infographic that profiles the three types of hackers that make network security management a challenge that is likely to become even more complex in the days and months ahead.
The Hacktivist – Hacktivists are politically motivated cyber-attackers. Activists, including the more extreme ones, have over the past five years, begun to realize the power of the Internet, and have started using cyber-attacks to get their political message across. Some examples include the infamous Anonymous, and the more recent Syrian Electronic Army. Most are decentralized and often not very well organized or with a central leadership.
While disorganized, these activist groups can cause significant problems for governments and businesses. They tend to rely on fairly basic, freely available “Skript Kiddie” tools – their most common weapon of choice being a DDoS attack, using tools like HOIC or LOIC. More advanced hacktivists also tend to rely on web application attacks (like SQLi) to steal data from certain targets, the goal being to embarrass —something they often call Doxing.
While hacktivists are not as sophisticated as other hackers, they still cause havoc for many large organizations as well as governments. Since these hacktivist’s political agendas can vary widely, even small businesses can find themselves a target depending on the business they are in or partnerships they have.
Cyber Criminals – Cyber criminals have been around longer and so more is known about them. This group’s motive is simply to make money using any means necessary.
Cyber criminals range from a few lone actors who are just out for themselves, to big cyber-crime organizations, often financed and headed by more traditional criminal organizations. The cyber criminals are responsible for stealing billions of dollars from consumers and businesses each year.
Cyber criminals participate in a wealthy underground economy, where they can buy, sell and trade attack toolkits, zero day exploit code, botnet services, and more. They also buy and sell the private information and intellectual property they and others steal from victims. Lately, they’re focusing on web exploit kits, such as Blackhole, Phoenix, and Nuclear Pack, which they then use to automate and simplify drive-by download attacks.
Their targets can vary from small business and even the individual consumer, whom they attack opportunistically, to large enterprises who they target with specific goals in mind. In a recent attack on the banking and credit card industry, a very organized group of cyber criminals was able to steal 45 million dollars from global ATMS in a very synchronized fashion. The attack was made possible due to an initial, targeted network breach against a few banks and a payment processing company.
Nation States (or State-Sponsored Attackers) – This is the newest, and most concerning new threat. They are government funded and guided attackers, ordered to launch operations from cyber espionage to intellectual property theft. These attackers have the biggest bankroll, and thus often can hire the talent to create the most advanced, nefarious, and stealth threats out there today.
A couple of recent examples of Nation State attacks that made headlines include:
- The Operation Aurora attack, where allegedly, Chinese attackers gained access to Google and many other big companies, and supposedly stole intellectual property, as well as sensitive US government surveillance information.
- The Stuxnet incident, where a nation state built an extremely advanced, sneaky, and targeted piece of malware that not only hid on traditional computers for years, but also could infect programmable logic controllers used in centrifuges. The attack was designed to damage Iran’s nuclear enrichment capabilities.
Unlike the other hackers’ tools, state-sponsored attackers create very customized and advanced attack code. Their attacks often incorporate previously undiscovered software vulnerabilities, called zero-day, which have no fix or patch. They often employ the most advanced attack and evasion techniques like using kernel level rootkits, stenography, and encryption to make it very difficult for you to discover their malware. They have even been known to carry out multiple attacks to reach their ultimate target. These advanced attacks are what coined the new industry term, advanced persistent threat (APT).
While you’d expect nation state attackers to have very specific targets, such as government entities, critical infrastructure, and Fortune 500 enterprises, they still pose some threat to average organizations as well, since many private organizations are government contractors and suppliers. To up the ante even further, their techniques and tools are slowly becoming visible to cyber criminals and hacktivits.
Today’s network security management professionals need to know more than just the technology available to stop threats, they have to really know who’s knocking at their back or front door. Check out the Infographic today and share it with your colleagues or make a poster out of it, but at the very least be sure to know your enemy. After all, they know you!