The Attackers
Taking the right steps to protect your business from cybercrime begins with a good understanding of the attackers and their attacks. In this edition, and the next, we will explore the minds and motivations of cyber criminals, give you context to their side of the equation, and a better understanding of what the “legitimate” world is up against.
Not so very long ago, real cyber-attacks were the game of highly experienced programmers working very hard to find vulnerabilities in a limited number of targets. Today, anyone with a modicum of computer skills… and a healthy disregard for the harm done… can perpetrate damage in many ways using a vast arsenal of readily available tools shared and improved within the hacker community. Clearly the attackers want to stay anonymous, but with the exception of targeted attacks, the victims are as anonymous to the attacker as the reverse and thereby contributes to the reduction or elimination of feelings of guilt or wrong-doing for the act.
The Internet provides equal opportunity for just about anyone on the planet to become a victim or an attacker. It is widely known that a large number for attacks originate in China, Russia, and other countries that apparently do not have strong anti-hacking laws, or possibly even sanction the attacks. In some locals, cybercrime is seen and just another legitimate business. (As a side note: In these locations it is not uncommon for resumes to list hacking as a badge of experience and value. )
The reality is, attacks can and are perpetrated from any location. “Cloud Services” make it very easy for a person in New Deli to set up a Command and Control server in Sweden that controls a botnet of thousands of computers across South America to attack victims in New York.
Just as with any legitimate business, the process of growth and expansion is much more efficient through automation, and automation needs no sleep. As business owners themselves, cyber criminals clearly understand these efficiencies… likely better than most ethical businesses. Using many highly sophisticated technologies, or perhaps ONE out of the box, cheap and readily available tool, the bad guys attack every single minute of every single day, all across the globe. The world is their oyster, and with one look at the logs in a decent firewall, it is easily shown that NO internet connection is immune from attempted attacks.
Chief among the attack goals is financial gain, but there are others. In my story “Simple Answers Series: Cyber Attacks” I go into depth about the attacks that are used and an overview of their efficacy.
Let’s think context for a moment. If you suddenly had the ability to electronically drain the financial reserves of a terrorist organization (pick one from any evening news broadcast), with little or no possible means of detection, would you do it? If you knew your efforts would further the fight against terrorism AND had the side effect of enriching you beyond your dreams, would you take the role of perpetrator? If you and your family were starving, government leaders were corrupt, and you knew that other countries had so much money that they wasted it on things like “Big Brother” TV programming, would you hesitate trying to balance the books a bit?
Attackers attack for many reasons — greed, desperation, competitive advantage, intellectual prowess, control — but chief among them is because they CAN with relative ease and anonymity. In many cases and in many countries, their perspective is “It’s just business” legitimized by success, and possibly by local laws, or lack thereof.
With this, I hope you begin to understand that Cyber Crime is a growing industry, not a back room experiment by a guy wearing a black mask and gloves looking for one big score. It is definitely an economic threat to be attacked, and the interesting fact is that protection measures do not have to break the bank. There are a number of layers of technologies, services and procedures that can be used to minimize threats.
Please contact our office if you are interested in a more in-depth discussion on the easy and affordable measures to protect your business.
By David Turner | May 20, 2016
Do you have feedback? Click here to share your ideas and comments.