Hacker typer:The current mainstream types of hackers include hacker activists, cyber criminals, internal threats and state funded hackers. Understanding their motives and preferred attack methods will help enterprises correctly deploy their security solutions, so as to effectively protect key data. The most precious commodity in the world today is data. We create 25000 megabytes of data every day. For individuals, demand data and consumption data maintain our lives, while enterprises need data to promote the development of business.
Where there is demand, there will be a market. Today, hackers do their best to find and steal these data all day. In the past two years, people have created 90% of today’s global data, which has brought a lot of convenience to the work of hackers.
Yes, today is indeed a digital world. The core of the world is composed of two groups of people: those who try to protect data and those who try to destroy it. In fact, the boundary between the two groups is not so clear. For example, an enterprise employee may unknowingly become an accomplice of hackers, because hackers target individuals who break the security protection zone in a specific organization. This type of destruction, which we call “internal threat”, is one of the biggest security threats faced by enterprises today. However, few enterprises begin to solve this hidden danger, and they still lack sufficient understanding of it.
For the security industry, it is very necessary to understand different types of hackers. The current mainstream types of hackers include hacker activists, cyber criminals, internal threats and state funded hackers. Understanding their motives and preferred attack methods will help enterprises correctly deploy their security solutions, so as to effectively protect key data.
Security experts worry that these active hackers are better than everything else. According to a 2012 study, more than half of the respondents believe that radical hacker organizations are the biggest security threat to enterprises. Their concern is not unreasonable, because hacker organizations will choose attack targets according to their “ideological agenda” and will target any organization that meets their goals. Any enterprise organization that has not studied their attack methods and methods will become the object of their attack.
Hacker activists are rarely driven by financial interests. Most of their attacks are motivated by retaliation, political or ideological expression, protest and humiliation of victims. What they are keen on is not the act of stealing data itself, but the use of these leaked data to publicize their political opinions and gain wider attention.
Fundamentally, hacker activists believe that the Internet should be a platform for freedom of speech. This belief unites hackers around the world, so they often act in groups. For example, the famous hacker organization “anonymous” claims to be composed of individuals and not controlled by any class. They just work together to protest against organizations that run counter to the views of the “anonymous”. Although the reasons for their attack are indeed related to some moral condemnation, it is actually an obvious violation of Internet censorship and regulation. The victims of the organization include well-known enterprises such as visa, Sony and F1.
The above victims are well-known multinational companies, but hacker activists will not ignore those small and medium-sized enterprises with a certain popularity in the local market. In Singapore, hacker activists have gained some popularity by attacking websites such as the Association for friendship with foreign countries and Yu Rensheng medicinal materials company. So, what is the preferred attack method for hacker activists? Distributed denial of service (DDoS) attacks, especially SQL injection attacks, are the main modus operandi. Nevertheless, many enterprises have not realized the necessity of building a network application firewall (WAF) to deal with SQL injection attacks.
Cyber criminals, as the name suggests, are often associated with larger criminal organizations. Unlike hacker activists, these organizations, regardless of their size, are completely interest driven. Hacker attack is more like a new way of crime they find. These hacker organizations treat cyber crime like business, and have formed a tight global criminal network.
These cyber criminals share attack strategies and tools and often launch attacks together. In some regions, a very mature black industrial chain has even been formed, with the purchase and sale of stolen information and identity.
These professional criminals usually use the global network system to target and deploy complex and diverse methods, such as zero day vulnerability code, botnet and web automatic attack tools. For example, in November 2012, a hacker carried out a zero day attack on Yahoo mailbox for $700, enabling an attacker to steal web browser cookies and hijack an account by using cross site scripting (XSS) vulnerability.
Internal threat means that a trusted individual has the right to access the intellectual property or data of the enterprise and uses the information outside the business needs. The misuse of this information may be malicious, accidental or used by intruders.
One of the key obstacles faced by enterprise security teams is to change employees’ perception of data and intellectual property ownership. Imperva’s random survey of 1000 staff on the streets of London in 2010 revealed an amazing attitude towards this problem. 70% of the respondents said that when they leave their current jobs, they will plan to take away the content involving intellectual property rights or customer information. Most of the employees interviewed think they have these data, so they think it is reasonable to take them away. This is not just a Western cultural phenomenon – the temptation to access and obtain corporate property, including data, has cross-cultural characteristics. It can even be said that it is also a part of human nature.
Some employees unknowingly “assisted” hackers in their attacks. As long as an employee is used by an attacker to sneak into the company’s network, obtain intellectual property content and steal data, these employees will inadvertently become an internal threat.
So how do hackers lock these employees? First, they will use social media to identify individuals in the target enterprise. For example, LinkedIn is a good social tool for hackers to identify enterprise database administrators. Next, hackers will use these enterprise employee contact information for harpoon phishing. Through harpoon phishing activities or exploitable corporate vulnerabilities, hackers gain access to user devices, and then control and collect data by installing malware. After that, hackers can start investigating various internal data of the enterprise, including competitor information, business plans or network architecture diagrams. In this way, hackers start from stealing data and build a blueprint for success step by step.
From an enterprise perspective, reducing internal threats requires the best practice cases, followed by technology implementation. Ironically, both are the easiest and the most difficult parts. The data center contains the most sensitive and important information, but it is often the place with the weakest security control. Therefore, the effective method is to set up a security layer near the data layer, such as database audit and protection system (DAP) and file activity monitoring scheme.
4,State funded hackers
State funded hackers may be the most capable and talented hackers in the world. They are well equipped thanks to the generous support of the government. These hackers are often employed by the government to infiltrate other governments and obtain top secret information, which also reflects the tension between countries in today’s world. Nowadays, state funded hackers have attracted more and more attention because of cyber espionage and cyber war around the world.
Since state funded hackers are often particularly targeted, small-scale enterprises usually don’t have to worry too much. However, large enterprises may become victims of hackers stealing trade secrets, and it is difficult to identify and resist.
State funded attacks have clear, systematic and well-organized attack methods. Well known network weapons include Stuxnet super factory virus, Duqu worm and flame malware. These were powerful malware that the anti-virus industry failed to overcome, and are still popular today. For example, Stuxnet is the world’s first known “cyber missile”. A special power supply originally designed to destroy the nuclear fuel refining centrifuge system. Later, it was recognized as the world’s first open network super weapon – it crossed the gap of the digital world and was used to destroy very specific goals in the real world.
This list of hackers is not very detailed, but it can give us a basic understanding of hackers. After all, this is the most important group behind the biggest security threat we face. Based on this information, enterprises can formulate a more effective and comprehensive security strategy, that is, set up a security layer near the database and file library of the data center, and strengthen the ability to collect and verify data from the network application firewall (WAF) to resist the attacks of the above four mainstream hackers.