Hackers’ Advantage Over Security Professionals: A Willingness To Share
One advantage hackers have over security professionals is they share information, something security professionals need to get better at, according to Matthew Rosenquist, an Intel security strategist. Rosenquist offered his assessment about the need to share information at Comptel’s Nexterday North Conference in Helsinki, according to ITPro, a London, U.K.-based advice site for business and technology decision makers.
Hackers share ideas, code, targets and best practices, Rosenquist said, noting that in many cases, hackers help each other out of a sense of community and because they want to help each other. He said this gives them an advantage.
Security professionals are getting better at sharing information, he said, but they have a ways to go to catch up to the hackers.
How Hackers Cooperate
He noted that hackers place lists of victims online for their colleagues to see, for purposes such as spam, ransomware or infrastructure. Once a hacker figures out who’s a victim, they share that person’s name or IP address with their associates.
Hackers who don’t want to share information for free can get paid for their information on a “hacker economy.” He noted that hacking-as-a-service is increasing. Criminals can hire out programming and coding.
Rosenquist said stolen certificates are rising. There is also an increase in contextual social engineering where hackers aggregate data to improve phishing activities. Criminals are able to send emails that appear to be from the victim’s trusted associates.
‘Integrity Attacks’ On The Rise
Rosenquist predicted hackers will begin to use more “integrity attacks” that are not about shutting down an environment or harvesting data, but about discrete manipulation of transactions. Criminals, rather than hacking a company to harvest data or steal money, target a company official or their email system and send a message that appears to be from the CEO to accounts seeking a payment.
Rosenquist urged companies to take precautions to protect against becoming an easy target. He said they need to have a security savvy leader to develop and implement a plan.
Images from Shutterstock and LinkedIn.