Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Staring into the Eye of the Beast – Hackers are One Step Ahead

Cybercrime – Staring into the Eye of the Beast

I have a problem. Actually, we all have a problem. You see, our life is gooood. Digitally, at least. We’re on the technology speed train, addicted, going full throttle without any desire to slow down. On the contrary, we strive to shift gears to quicken technology’s advancement. We can’t see our lives differently now and we’re expecting things to just get better. But here’s the problem – the bad-guys know this too.

Cybercrime – Staring into the Eye of the Beast

I have a problem. Actually, we all have a problem. You see, our life is gooood. Digitally, at least. We’re on the technology speed train, addicted, going full throttle without any desire to slow down. On the contrary, we strive to shift gears to quicken technology’s advancement. We can’t see our lives differently now and we’re expecting things to just get better. But here’s the problem – the bad-guys know this too.

Cybercrime Research

Hackers Are One Step Ahead

Since the early days of the WWW, companies have been fighting hackers. Actually, the term fighting is not really a good choice of words here. It’s more like defending their systems in an ad-hoc manner to protect against the threat of the day before. As the Internet evolved, so did hacking and its motivations. Two decades ago hackers mainly got a kick out of simply rendering a banking site’s servers unavailable. Vendors reacted by applying network security controls. Hackers installing viruses? Deploy an anti-virus at each end station. Hackers performing DoS attacks? Router ACLs, Network Firewalls, IP/DS and VPNs will fix this.

But while the deployed security controls were beginning to secure past technologies, Web 2.0 came right around the corner. And as the Web allowed us to share information, hackers at this stage realized that they could now hold the keys to the kingdom. That information—data jumping from system to system – is worth a whole load of money. And data is now the hacker’s currency.

The New Security Approach – Be Proactive!

Frustrating? Of course! Can we prevent cyber-crime? No. Where there is money, there is crime. Are we then just left sitting on the bench waiting for the next wave of crime to come around and hope it will bypass our data? It is precisely this last question that security practitioners have been asking. The answer is an absolute no – a new security approach needs to be taken. As an industry, we need to move beyond vulnerability patching and threat management. We need an approach that is not reactive to yesterday’s hack but rather anticipates tomorrow’s. Security controls can then quickly adapt to the threat landscape. Proactive is the new defense.

The proactive security approach comprises two parts:

Advertisement. Scroll to continue reading.

1. Knowing the threat landscape – profiling the hackers, their organizational hierarchy, business models and modus operandi. With this knowledge, current security controls could be strengthened. It could even be used to achieve immediate security value. The intelligence could be used to identify compromised computers being actively exploited to launch attacks, to quickly identify attack campaigns at their early stages, to discover zero-day vulnerabilities in the wild rather than in the lab, and to identify targets of upcoming attacks in advance. In the longer term, understanding the hacker landscape could allow new security controls to be developed and deployed in advance to protect against the next attack.

2. Implementing data security controls. Companies are beginning to understand their need to strengthen their applications, databases and file systems from insiders as well as from hackers.

Proactive Security – Sci-Fi?

Proactive Security

Proactive security is a relatively new concept from the past couple of years. And although it’s a young concept, we’re seeing it already applied in the field. For example, a couple of months ago my employer, Imperva, announced a vendor-driven initiative named the “Hacker Intelligence Initiative” (HII) which aims to track and monitor hacker activity. The HII is a formalization of ongoing research from the previous year where different attack campaigns were unfolded right beneath our noses. After just a handful of attack campaigns, the company gained an understanding of some of the technologies and attack methods frequently employed by attackers, and of the similarities as well as differences between attacks. New business models were another small result of these findings. Using proactive security techniques, a security vendor specializing in fraud, Trusteer, was able to uncover a Zeus C&C botnet that mainly targeted UK banks. The banks were able to beef up their security accordingly. A few days later, a security company, M86, unveiled the discovery of another bank-hitting botnet. Continuing on the theme of botnets, another security vendor, AVG, recently discovered a botnet “Mumba” and provided some insight into the technology used.

Understanding the Hacker Landscape

It will take time to paint a clear picture of the hackers. We have some brush strokes, but not the full painting. We hope though that with a new, proactive approach, we will be able to shed some light on the landscape.

In this series I’ll describe this hacker landscape by presenting to you findings resulting from the proactive security approach vendors are taking. I will provide current examples from recent incidents where new discoveries about the hacker landscape can give us an idea how to protect our systems. Accordingly, I’ll outline the steps vendors should take, or discuss the required new-generation security enhancement. In my next column I’ll discuss the attacker profile. And just as a trailer-teaser I’ll tell you it’s not what Hollywood wants you to believe, so stay tuned as I talk about Hacking Inc.!

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.