What is the philosophy and mentality of the modern cyber intruder (or "hacker", if you prefer)? Hacking is a cost-effective activity, everyone knows that. So the motives for cyber attacks seem to be changing, as is everything around us.
What are the current motives for attacks?
Incentives evolve in conjunction with the evolution of hacking groups. From individual script kiddies, we now see organized groups with skills, with state funding or funding from professional activities, often associated with other illegal activities.
The motivation for attacks was described by 2011 Richard Clarke, a former cyber security advisor for the White House, when he quoted the acronym CHEW. The initials come from the words: Cybercrime, Hacktivism, Espionage, War (cyber).
Cybercrime: Criminal attacks are usually motivated by money. Their number increases every day and takes place in all countries around the world. The skill level of these groups ranges from basic to fairly advanced.
Hacktivism: The motivation of hacktivists is usually not money, but the desire to protest or seek revenge on an entity. As with criminals, there are a large number of hacktivist groups. However, most of these groups have only basic skills. Few "stand out" and have people with advanced skills.
Espionage: These attacks are aimed at obtaining secrets in support of national security, for financial gain, or two. An increasing number of countries have the ability to use cyber-attacks for espionage. There are fewer groups associated with these activities, and their skills range from advanced to very advanced.
War (cyber): The fourth, and undoubtedly the toughest kind of attack: The motivation is the desire to destroy the opponent. An increasing number of countries have the possibility to use this form of "policy by other means".
As you can see, the hackers' motives are changing. Let's take a look at the hacker's finances.
The economic conditions favoring the hacker
We have a simple question: Why are cyber attacks with financial incentives on the rise?
The answer is equally simple: because there is money.
Based on some recent estimates, a exploit kit can yield over 25.000 dollars a month or more if it has proven to be particularly effective.
The Dark Web is known to be full of botnets - infected computer systems available to launch attacks - that can be rented for $ 50 a month.
In many cases, however, hackers want to be DIYers, meaning they want to launch their own stand-alone attacks instead of leveraging existing botnets. This can be easily done with tools starting at $20. These tool includes the base code to target multiple computers, which then become a botnet for said hacker.
Υπάρχουν μερικοί παράγοντες-κίνητρα και εδώ. Κατ ‘αρχάς, το μειονέκτημα για τα botnets που είναι διαθέσιμα προς ενοικίαση είναι ότι πολλά από αυτά είναι γνωστά από τη βιομηχανία ασφαλείας και ως εκ τούτου η διεύθυνση IP πολλών bots έχει προστεθεί σε μαύρες λίστες και άλλες βάσεις δεδομένων που εμποδίζουν την πρόσβαση. Το άλλο μεγάλο κίνητρο που δίνεται στους hackers, είναι ότι αναζητούν τρόπους δημιουργίας μιας δικής τους businesss with botnets, which they will then make available for rent on the Dark Web.
This approach saves an extra cost in opening up their business: free bandwidth. Although from 2010 to 2015, the cost of bandwidth has decreased by almost 90 percent, individual companies typically pay 10.000 dollars per month for 1 Gbps.
Information security professionals believe the damage that can be caused by these tools is enormous. The estimates we have seen from time to time from security firm surveys indicate that the economic impact of these attacks on average may be as high as $ 100.000 per attack. However, this amount varies depending on the company's activity. For example, in the financial services industry, which is very prone to these attacks, 10 can also cost millions of dollars.
There are many factors that go into estimating damage costs. The immediate loss of revenue is what most people think of. But there are also the longer-term effects, such as damage to reputation and brand name, loss of customer trust, breach of agreements and more because except apart from financial damages there are always emotional or moral consequences.
Consider the case of some of the recent attacks on hospitals, where the systems and data necessary for the clinical care of patients were essentially being held hostage for ransom. The financial cost of the $ 17.000 in Bitcoin demanded by the criminals was really too small for the hospital to prioritize the lives of the patients….
Let's go up now: The business economy
We have dealt with the financial incentives of hackers. What happens to companies investing in the internet? Have financial incentives to secure their customer and their data?
I think the question has already been answered, but how many of the companies are really engaged and investing in security and not just in the profit hunt?
An advanced security strategy is also the exploitation of automation capabilities to fight bots with bots.
Of course before we go there an effective bots protection requires advanced detection and mitigation capabilities.
Criminals are now specialists in spoofing IP addresses to avoid blocking their IP addresses.
Let's mention that in addition to the various techniques available from various security companies, what really needs to be changed is philosophy before the tactical steps.
And philosophy in today's internet can not be economy and cuts in security. Promoting security, exploring and implementing advanced technologies costs, and businesses and organizations that try to overcome them with half-meters, will at some point need to learn that it is extremely necessary.
Only to learn it will have to pay the tuition fees, which are also expensive.
