hacker

The Business of Hacking

Hewlett Packard Enterprise (HPE) released a new report titled “The Business of Hacking,” which examined the underground economy surrounding cyber-crime and criminal hackers, and explained how businesses can protect themselves.

Many of the conversations had with security professionals in IT organizations quickly become very technical. As such, some business leaders often relegate security as something to be spoken to exclusively by security professionals.|Some business leaders often relegate security as something to be spoken to exclusively by security professionals.

But, by explaining how the cybercrime underworld economy works, hopes are that it will help business leaders understand that criminal hacking is a business, and it operates like a business.By explaining how the cybercrime underworld economy works, hopes are that it will help business leaders understand that criminal hacking is a business, and it operates like a business. By doing this, it gives business leaders a much better appreciation of what’s happening.

According to the report, cybercrime can take many forms. Criminals can be acting in the interest of organized crime, corporate espionage, hacktivism, cyber warfare or terrorism, or just people who want to make some money. The report itself focused on the criminal exploits that could be monetized.

In terms of the way criminals make money through cybercrime, the report identified 10 ways criminals use hacking for financial gain.

Ad fraud
Credit card fraud
Payment system fraud/Bitcoin mining
Bank fraud
Medical records fraud
Identity theft
Credential harvesting
Bug bounty
Extortion
IP theft
Ad fraud, or setting up adds to bolster fake website traffic, are one of the easiest forms of cybercrime and have the highest payout potential. Extortion and IP theft, while almost as profitable, are far more difficult to pull off.

Hacking, in and of itself, is not necessarily a bad thing. In fact, many “white hat” hackers provide a valuable service in helping organizations understand how cybercrimes are perpetrated.|Many “white hat” hackers provide a valuable service in helping organizations understand how cybercrimes are perpetrated. HPE’s report, though, focused on the “bad guys.” Although it’s less about hackers being the bad guys and more about criminals becoming hackers.It’s less about hackers being the bad guys and more about criminals becoming hackers.Many “white hat” hackers provide a valuable service in helping organizations understand how cybercrimes are perpetrated. It’s less about hackers being the bad guys and more about criminals becoming hackers.

Not all hackers are driven by financial gain. The HPE report identified five different types of bad guy hackers:

  1. Nation-state backed – Driven by patriotism or military duty. Often highly skilled and going after major targets.
  2.  Hacktivist РIdeologically driven. Wants to {disrupt or bring|bring or disrupt} down a system or institution.
  3. Cybercriminal – Motivated by profit.
  4. Ego-driven attacker – Wants to be famous, or recognized for their work. Often taunt their victims.
  5. Hobby hacker and the professional – Simply loves to hack. No set skill level, but typically less anonymous

As business leaders begin to study cybercrime organizations, they will see just how similar they may be to their own organization. Cybercrime organizations have markets and supply chains, they think about talent when gearing up for a big job, and they have margins to think about when selling their information.

Some groups build their own tools, but others use tools they’ve purchased in online marketplaces. Anonymity is critical in the cybercrime industry and, just like in the movies, everyone is known by their online handle. Still, there are specific roles filled in every organized group. The “mastermind” pulls the attack together, builds the team, and plans the approach. The “spiders” are black hat hackers who perform the attack and are typically contracted out by the mastermind. Then, there are “mules,” people who, sometimes unsuspectingly, play a role in the attack through money laundering or other schemes.There are “mules,” people who, sometimes unsuspectingly, play a role in the attack through money laundering or other schemes.Anonymity is critical in the cybercrime industry and, just like in the movies, everyone is known by their online handle. The “spiders” are black hat hackers who perform the attack and are typically contracted out by the mastermind. There are “mules,” people who, sometimes unsuspectingly, play a role in the attack through money laundering or other schemes.

When most people think of cybercrime, they immediately picture the technically proficient hacker. But there are a host of non-technical jobs in the industry as well, including: tool development, guarantor services/background checks, escrow services, recruiting, cyber laundering, sales and marketing, and legal professionals.|here are a host of non-technical jobs in the industry as well, including: tool development, guarantor services/background checks, escrow services, recruiting, cyber laundering, sales and marketing, and legal professionals. HR, marketing, outbound logistics, operations, and technical development all play into the industry.

So, how do companies combat this sophisticated criminal industry?How do companies combat this sophisticated criminal industry?Because it’s a business, potential victims must take away the criminals’ ability to sell the goods (data) or make it cost too much for them to procure it in the first place. Get rid of the low-hanging fruit.

For starters, do the due diligence. Patch your servers, enable two-factor authentication, and make sure your applications are designed to be resilient from the ground up, which makes it more expensive for them to hack.

There’s a maturity curve for each type of cyber attack, but you can not rely on the novelty of an attack type to know what to protect against. Invest in your security tools but, enterprises also need to invest in educating their workforce.
The report itself focused on the criminal exploits that could be monetized.

Many “white hat” hackers provide a valuable service in helping organizations understand how cybercrimes are perpetrated. It’s less about hackers being the bad guys and more about criminals becoming hackers.

When most people think of cybercrime, they immediately picture the technically proficient hacker. Because it’s a business, potential victims must take away the criminals’ ability to sell the goods (data) or make it cost too much for them to procure it in the first place.

http://pcesolutions.ca

 

Written by Peter Perez

Peter Perez is the Founder and CEO of PCe Solutions, a Full Service IT Support & Consulting Company based out of Alberta and serving both Calgary, Edmonton and their surrounding areas. Contact us toll free at 1-(855)-423-3183 or send us an email at [email protected] for more information.

Leave a Reply