Cybercriminals face hacker talent shortage

Cybercriminals and hacktivists face many of the same hiring problems as defending security organizations, but with their own particular twists, according to report released this morning

Cybercriminals and hacktivists face many of the same hiring problems as defending security organizations, but with their own particular twists, according to report released this morning.

There is a lack of qualified candidates for jobs such as malware writers, exploit developers, bot net operators, and mules, according to a report by Digital Shadows.

In addition, cybercriminals are limited in their ability to properly vet new hires, to widely advertise for needed talent, and to find people who are both trustworthy and are willing to break the law.

Plus, time is a significant constraint.

"Cybercriminals have to be very fast," said Rick Holland, vice president of strategy at Digital Shadows. "Their window to monetize is very shallow."

Meanwhile, law enforcement groups, banks, and security groups are all keeping an eye on them, waiting for them to make a mistake.

To find the right candidates, the criminal groups post job openings on underground job boards, conduct Skype interviews, ask for references, and check applicants' reputations on sites dedicated to shaming bad actors.

The Skype interviews are a popular tool, but neither the applicant nor the interviewer can afford to expose themselves to the other, to avoid law enforcement. As a result, the video is turned off, voices are masked, and traffic is directed through anonymizing services such as TOR.

A typical advertisement requires that all communications be encrypted, and payment will be made in Bitcoin.

Some groups also put new hires into a probationary period until they prove themselves.

"But there are opsec trade-offs," said Holland. "If they have so much security that it makes it difficult to recruit people, then that makes it difficult for them to monetize."

Some groups also offer incentives for new talent, such as promising fame and notoriety, profit-sharing, and travel expenses.

However, the more actively the criminals recruit, the more likely it is that the recruitment process will be compromised.

Even if they don't get caught by authorities, just the recruitment process itself can provide valuable information to defending organizations. It provides information about in-demand skills and tools and also potentially about industries and organizations that may be targets in the near future.

For example, one reason many attackers use simple tools and attack methods is simply that those entry-level skill sets are easiest to find.

Those low-level skills include SQL injections and cross-site scripting, Holland said.

And there's a lesson there for defenders.

"If we focus on application security, reduce footprint on SQL injections and cross-site scripting, we wouldn't eliminate all attacks, but we would reduce the attack surface," he said. "It's the simplest things."

Join the CSO newsletter!

Error: Please check your email address.

Tags cyber attack

More about CSOSkype

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Maria Korolov

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts