“The supreme art of war is to subdue your opponent without fighting.” —Sun Tzu
Cybersecurity is a lot like the zombie marathon: you don’t have to be a cybersecurity ninja to avoid being eaten, Chase Cunningham, Ph.D., A10 Networks’ director of cyber operations is fond of saying. “You just have to be faster than the guy next to you,” Cunningham adds, who is a Navy veteran specializing cyber forensics and analytic operations.
But how well do you understand the zombie part of the equation? The mainstream media frequently treats these characters as some sort of monolithic “bad guy,” frequently invoking images of hoodie-wearing hackers hiding out in a basement someplace. And then there are others who think of hackers in terms of hats: white, black, gray, and green hats, and so on. But in the end, there are only only a few different categories of cyberzombies, Cunningham says.
1. Undead Script Kiddies
There are frequently teenagers or 20-somethings who don’t have much to do and are smart, and they have too much time on their hands, Cunningham says. “They’ll just break stuff because they can. They do it almost for the sake of: ‘look at what I can do and look at how awesome I am.’”
These script kiddie types do things like launch an IoT device-fueled DDoS attack against their school or hack into baby monitors just for the thrill of it.
While they can inflict damage, script kiddies are among the least threatening type of hackers for businesses.
2. Nation State Hacker Zombies
Every country has cyber operations, and the people who work in this field often have highly sophisticated training. “These are like the one percenters,” Cunningham says.
Nation-state hackers are not generally much of a threat to most businesses. “Every once in awhile, you get someone who is pissed at the world and causes problems, but a lot of them are usually super helpful and nice people,” Cunningham explains.
Such hackers, however, are among the most advanced in the world, carrying out attacks that would be impossible for others. Such actors were likely behind the Stuxnet attack that caused physical damage to Iran’s nuclear facilities in 2010. And Kaspersky notes that the elite Equation Group has rewritten hard-drive firmware of infected computers, an unprecedented feat.
3. Undead Cybermobsters
These are the cybercriminals who represent a real threat to your business. They tend to be financially motivated, using ransomware attacks and other types of malware for personal enrichment. They can be based anywhere in the world but are concentrated in cybercrime hotspots such as in Eastern Europe, China, and Nigeria. “A large percentage of those folks tend to be college graduates who don’t have anything to do with their skill set, and they are looking for easy money,” Cunningham says. “If you have a computer science degree and you are handed an envelope full of money to work on malware, what are you going to do?” he adds. “Mexico is starting to deal with it, too. There are a bunch of computer science grads in Mexico. There aren’t many computer-science opportunities in Latin America,” Cunningham explains. The cartels know that, and they are getting into ransomware and forming cybercriminal gangs.
The bottom line is: If you have your IoT developed overseas, you should pay close attention to what your developers are doing.
There are also a substantial number of part-time cybercriminals. “They are the Batman type,” Cunningham says. “By day, they are writing programs at work, and in the evening, they go and set up botnets and ransomware.”
One of the reasons that cybercrime is so prevalent is that it’s hard to prosecute the people who are responsible for it. “If they are in the U.S., cybercriminals should worry. But anywhere else, big deal. How do you even find a court overseas where they know what the hell you are talking about?” Cunningham says. “Are you going to stand in front of a judge who has sat in front of a bench for four years? You might as well be reading hieroglyphics. And then you have the challenge of convincing the jury. How would you ever get the point across? You can’t get security leadership to understand some of these concepts much less the general populace.”
Note: IoT security is a key item on the agenda at Internet of Things World in Santa Clara this May. Check out the speakers, preview the agenda, claim your free expo pass or book your place at the conference for the world’s biggest IoT event now.
Images in article from Thinkstock except for the bottom image, which is from Ali Jalali. Hero image is from the public domain.