Know your cyber-attacker: profiling the enemy

I remember the days when hacking was something that people did because they could. It wasn’t quite done for fun, but people wanted to show off their computer skills. More often than not, hacking was harmless, someone broke into a system and left a little calling card, but beyond that there was very little damage done. It was for the thrill as much as anything.

While I suspect the old Hollywood portrayal of hackers being young, socially-awkward men working on their own at a computer in their darkened bedroom was never completely accurate, there was an element of truth to it.

But these days that’s simply not the case. Hackers and cyber attackers can be highly-funded and well organised, and their targets can range from money to intellectual property (IP) to service disruption.

Some cyber attackers are politically motivated. For example, hacktivist groups Anonymous and LulzSec attacked MasterCard, Visa and PayPal in retaliation for blocking payments to WikiLeaks following the release of classified US diplomatic cables. They have also attacked government websites for oppressing their citizens, most notably during the Arab Spring uprisings of 2011. Many of these attacks took the form of a DDoS, a simple but effective way of disrupting a service.

Then there are the cyber attackers that are after money. Look at the recent Target data breach, for example. An email containing a piece of malware was apparently sent to an HVAC company that works with Target, one of the biggest retailers in America. Using stolen passwords, the cyber attackers accessed the credit and debit card details and other personal information of an estimated 110 million people.

Similar attacks have been launched to target IP; blueprints and manufacturing designs are a common target.

A more recent development is that of state-sponsored attacks. Governments have turned to cyber attackers (and are funding them quite handsomely in most cases) for service disruption, IP theft, espionage and more.

Google, for example, accused the Chinese government of accessing its systems as well as Gmail accounts linked to Chinese dissidents. The attack was dubbed Operation Aurora, and also targeted many other companies such as Adobe, Yahoo and Symantec.

The point here is that systems are at risk from a variety of sources for a variety of reasons, and businesses must protect their defences accordingly. While it is not an exact science, most businesses can work out what sort of attacks they are likely to experience; some businesses are more at risk of certain attacks than others.

Knowing what attacks a business is likely to face will help with planning how to defend against those attacks.

One of the key defences is around access; if a company can control the who, what, where and when of access to key data and applications it will greatly improve their ability to fight off cyber attackers. A good Access Policy Manager will provide valuable insight into who is on your network and what they are doing on it, as well as enforcing policy, so if someone tries to access something they shouldn’t access will be blocked. This ensures data and applications remain secure.

There are ways to mitigate against a DDoS attack as well, if a business feels that is what it is most in danger from. A multi-tier approach to DDOS that is application aware, can scrub the network and clean the pipe will all help to ensure your applications will remain available, negating the impact of the attack irrespective of its size or which layer it’s targeting (network, session or application).

Profiling your enemy is the first step to building the right kind of defences to stop them and ensure your business keeps operating. Knowing what kind of attacks you are likely to face means you can build appropriate defences.

Join the CSO newsletter!

Error: Please check your email address.

More about GooglePayPalSymantecVisaYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Matt Miller

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts