Our culture has co-opted the idea of hacking and hackers. A term that was once used to describe the process of secretly gaining access to a computer system, or at least the person trying to find their way in, hacking is now being tied to a host of other activities.
For example, those little tips and tricks that can make the day to day a little easier are now called “life hacks.” Ugh. “Biohackers” are trying to alter the human condition by altering biology. The list goes on.
If the term hacker has lost its meaning (to us in the NetSec biz, anyway), then how do we define those people who’d want to find ways into our computer systems? By recognizing that it was probably too narrow of a term to begin with. Let’s still try to keep it simple, and break these ‘hackers’ down in to three main groups:
Type: Advanced Persistent Threats
Threat Level: Severe
APTs, or Advanced Persistent Threats, carry with them the greatest potential to disrupt an institution’s operations. An APT is typically driven by state sponsored operations, organized crime syndicates or sophisticated terrorist cells.
APTs are extremely disciplined in their methods and approach to maliciously exploiting weaknesses in a network’s security architecture and often capitalize on zero-day exploits. They’re also very, very good at social engineering, i.e., spear phishing, etc.
To defend against these groups, assume they’ve already found their way into your network and work backwards. Make sure you have a monitoring architecture in place that provides visibility across your entire network, plus good backup and disaster recovery systems.
Threat Level: Elevated
Hacktivists are exactly what the name implies — activists who are characterized by their use of digital means to promote or further a political agenda. These groups are often in the media for breaking into and altering their victim’s website in an attempt to expose the owners for unethical business practices and damage their public image. (Anonymous is the obvious example here.)
Rather than utilizing zero-day exploits to attack extremely sensitive networks, Hacktivists might purchase known exploits on the dark web and use existing tools when attacking their targets.
Despite being less advanced than APTs, hacktivists are still very effective against weak networks that don’t keep software updated or employ the latest security patches. Those two steps along with basic layered security tools like an IPS, a firewall, an IDS, anti-virus software, web filters, and user training can thwart a high percentage of these attacks.
Type: Amateurs and Script Kiddies
Threat Level: Low to Moderate
The final group includes the group of amateurs who use programs developed by others to attack computer systems. These individuals are given the pejorative identification within the hacking subculture as “script kiddies.”
Script kiddies are generally unskilled individuals who use existing scripts as a means to gain entry into networks and simply vandalize websites. Because they use well known and easy-to-find techniques and programming methods to exploit a network’s weakness, their threat to companies is minimal. Still, unpatched and outdated software along with untrained users make easy targets for this level of hacker.
Identify the Attacker and Protect your Network
With technology evolving at such a tremendous pace, it’s easy to see how the term “hacker” has lost its true meaning. The most important lesson to take away is that when considering the security of your data, you need to be aware of every potential threat. When managing the safety and protection of your network, correctly identifying who poses a real threat to the integrity of your system’s architecture is important is an important factor in your network security posture.