You have probably heard people say, to defend yourself from attacks, you have to think like an attacker. Back when a large amount of embarrassing celebrity photos were leaked a couple years ago, Mark Cuban, Dallas Maverick’s owner, decided to try it for himself. He pretended to be an Internet criminal and attempted to access his own Apple iCloud account using a pen testing technique. He realized quite quickly that his seemingly sophisticated security could actually be easily hacked through a simple Google search. He was quick to Tweet his findings to his followers, but it might be advice that we all can learn from.
The mind of cybercriminals
To better defend yourself and your organization from cyber attackers, you need to put yourself in their mindset. Individuals who are willing to understand the behaviors and learn from attackers’ methods, will also be able to determine how their own actions will affect the outcome. Thinking like an attacker by reenacting real-life scenarios on a network will allow businesses to find holes before an attacker does, and to understand the vulnerabilities that must be taken care of immediately.
What does the mind of a cyber attacker look like?
Patient and persistent
Hackers are persistent when it comes to making their attack. They spend time getting to know the organizational structure and the network, and they actively investigate the best way to infiltrate an organization. Whether they are motivated by money or another cause, cyber attacks have evolved into much darker, more complex methods.
Similar attack patterns
While malware today has become much more sophisticated, it can exhibit specific behaviors based on user activity, and is sophisticated enough to wait quietly in the shadows, when necessary, to bypass security solutions. Despite the sophistication in these malware tools, we often find that many attackers follow the same basic patterns and methods of attacks. In the Verizon Data Breach Investigations report, it was reported that 92% of cyber attacks in the past 10 years were linked to just nine basic attack patterns. Of these, most companies had to face only between two and four.
Asset or object oriented
Every action performed by an attacker is usually a phased progression towards their goal or objective. Hackers adjust their methods based on the successes and failures, and they often reuse resources. The ability to look at the entire view of an attack and predict the steps the attacker will take will allow businesses to understand how future attacks will play out.
It’s time to change the way we think
PWC Global State of Information Security reported that we saw more security incidents in 2015 than the previous year, with 38% more security incidents detected and the theft of “hard” intellectual property increased 56%. While spending on security continues to increase, why do we still see increases in cyber breaches? Many believe this is a result of our reactive approach to cyber attacks—it is not until after a major threat is exposed within our own organization (or another large, public organization) that we take the steps to deploy security solutions. Security and IT professionals should prioritize their efforts towards understanding which of their security systems are working as expected and knowing what their cyber security risks are by thinking like an attacker.
Attending Black hat or DEFCON in Las Vegas helps one understand and mingle with hackers. I highly recommend companies send an employee every year to one of these in order to understand the Dark side and help stay on top of the latest vulnerabilities hackers are working on.