Around 10 years ago, the typical hacking scenario involved a lone attacker and maybe some buddies working late at night looking for public-facing IP addresses. When they found one, they enumerated the advertising services — Web server, SQL server, and so on, broke in using a multitude of vulnerabilities, and then explored the compromised company to their heart’s content. Often their intent was exploratory. If they did something illegal, it was typically a spur-of-the-moment crime of opportunity.

The times and technology have truly changed.

When describing a typical hacking scenario these days, you must begin well before the hacker, with the organization behind the attack. Today, hacking is all crime, all the time, complete with bidding markets for malware, crime syndicates, botnets for hire, and even preparation for all-out cyber warfare.

Here are the biggest threats facing today’s businesses that may cause productivity and financial losses:

Cyber Crime Syndicates

Although the lone criminal hacker still exists, these days most malicious hacking attacks are the result of organized groups that are all professional. Traditional organized crime groups that used to run drugs, gambling, prosecution, and extortion have thrown their hats into the online money grab ring. And instead of the Mafioso, these are large groups of professional criminals aimed specifically at cybercrime.

Many of the most successful organized cybercrime syndicates are like large affiliate conglomerate groups and even have legal representation. Think full-time employees, HR departments, project management teams, and team leaders, and it’s all criminal.

Small-time Scams

These malicious small operations steal identities and passwords, or they may cause nefarious redirection to get it. In the end, they steal money. They initiate fraudulent credit card or banking transactions and convert their ill-gotten gains into local currency using money mules, electronic cash distribution, e-banking or other money laundering forms.

Intellectual Property Theft

The method of operations here is to break into a company’s IT assets, dump all the passwords, and over time steal gigabytes of confidential information such as patents, new product ideas, military secrets, financial information, business plans, and the like. Their intent is to find valuable information to pass along to their customers for financial gain, and of course to stay hidden. They eavesdrop on important emails, raid databases, and gain access to so much information. This sort of attacker is known as an APT (advanced persistent threat) or DHA (determined human adversary).

All-in-one malware

Today’s sophisticated malware programs offer all-in-one functionality. They will not only infect the end-user but also break into websites and modify them to help infect more victims. These all-in-one malware programs often come with management consoles so that their owners and creators can keep track of what the malware is doing, who they are infecting, and which ones are most successful.

The most malicious are Trojan horses. Computer viruses and worms have long since ceased to be the most popular types of malware. In most cases, the end-user is tricked into running a Trojan horse that’s advertised as a necessary antivirus scan, disk defragmentation tool, or some other seemingly essential utility.

The Web is Like a Minefield

More often, attackers can find a weakness or vulnerability in a website that allows them to bypass admin authentication and write malicious scripts. Common website vulnerabilities include poor passwords, cross-site scripting vulnerabilities, SQL injection, vulnerable software, and insecure permissions.

Another problem with hacked websites is that the computers hosting one site can often host multiple sites, sometimes numbering in the hundreds. One hacked website can quickly lead to hundreds more.

Much cybercrime and hardly any punishment

Some victims never recover from exploitation. Their credit record is forever scarred by a hacker’s fraudulent transaction, the malware uses the victim’s address book list to forward itself to friends and family members, victims of intellectual property theft spend thousands of dollars in repair and prevention.

The worst part is that almost none of those who use the above malicious attacks are successfully prosecuted. These Internet professional criminals are almost immune because the Internet isn’t good at producing court-actionable evidence. It’s anonymous by default, and tracks are lost and covered up in milliseconds. So, until then, a company’s or business’s IT security will depend on either what its IT personnel can do or seek advice from a legitimate tech support company.

Tags: ,

This entry was posted by Staff Writer on Sunday, June 29, 2014 at 7:55:02 PM and is filed under Small-Medium Business.

Leave a Response