Know Your Adversary: Understanding the Motivations of Different Types of Hackers
Every single day another company falls victim to a cyber-attack. It’s estimated that in 2021 alone, cybercrime will cause over $6 trillion in global damages according to the University of Maryland’s Clark School. We’ve seen the effects of this in the most recent SolarWinds breach in which state-sponsored hackers were able to compromise SolarWind’s codebase and inject a backdoor that spread to thousands of customers to the tune of potentially $90 million in damages.
But who exactly perpetrates these attacks and what are their motives? What can we perhaps learn by stepping inside the mind of a hacker?
White Hat Hackers
For starters, hackers tend to be grouped into three main categories. There are white hat hackers, the ethically based attackers of corporate networks. These hackers do not perform any attacks without prior written permission or a clearly defined scope and they’re motivated by their desire to help rather than hurt. They provide an immense benefit to organizations seeking to understand how they can better improve their security posture by imitating a real life scenario in which a hacker attempts to break into their network. At ERMProtect, for example, our ethical hackers perform rigorous penetration tests to identify vulnerabilities at client organizations to help them mitigate the threat of a data breach.
Black Hat Hackers
In a stark contrast to this, the next category of hacker is the black hat. These are the criminals that we hear about in the headlines. They illegally attack targets for monetary gain, revenge, and sometimes even espionage. This category of attacker is often broken into several subcategories based on skill level and motivations:
1. Script Kiddies
A disparaging term used to identify unsophisticated black hat hackers that have limited knowledge and perform their attacks via the use of scripts that other hackers have made rather than developing their own. Often motivated by thrill seeking and notoriety among their peers, these hackers don’t pose a significant threat to a well-prepared organization.
Known most commonly for website defacement and DDoS attacks, hacktivists are motivated by political and religious ideologies. It’s also common for this type of hacker to dox their victims. This is an attack that focuses on digging up personal information on a target and then releasing it to the public with malicious intent. While sometimes hacktivism is framed as mere civil disobedience, the reality is that any unauthorized access is illegal. Victims of these hackers can face considerable embarrassment, damage to brand and reputation, as well as monetary loss.
3. Organized Cybercriminals
Due to challenges related to cyber attribution (the difficult practice of attempting to identify who is responsible for a breach), organized crime has shifted their operations to the Internet. No longer do criminals have to risk getting shot or captured in order to rob a bank. These hackers work together in very efficient groups. In fact, they’re so well organized that their activities and organizational structure tend to resemble that of normal businesses. In one example from 2015, organized cybercriminals had stolen press releases from several companies before they were available to the public. This insider information was then used to earn over $100 million in illegal profits on the stock market.
4. State-Sponsored Hackers
Well-funded and backed by governments, these hackers work in groups to carry out cyberattacks against other nations at the behest of their host nation. They have an exceedingly high skillset, they’re determined, legally shielded by their host country, and often have knowledge of zero day vulnerabilities. This makes them an extremely dangerous threat. Espionage, cyber warfare, financial manipulation, and data breaches are all well within their purview. Large organizations, financial institutions, hospitals, utility companies, and militaries can all find themselves on the defensive from these types of hackers. In fact, the now infamous Equifax data breach is believed to have been caused by this type of hacker.
5. Cyber Terrorists
With how increasingly interconnected all of our systems have become, Critical Infrastructure such as nuclear reactors, dams, and power plants are now at risk of attack from a new breed of terrorist. Cyber Terrorists attempt to shut down and destroy critical infrastructure through the use of hacking. Usually, this is accomplished via the modification of some parameter in the critical infrastructure that causes it to break or explode.
In 2007, the Idaho National Laboratory ran a test known as the “Aurora Generator Test” which demonstrated how cyber terrorists could potentially destroy components of the electric power grid. The test was successful and after three minutes it ended with the destruction of a diesel generator similar to the kind that powers the electrical grid.
This illustrates just how crucial it is for organizations to implement and maintain proper security controls. Comprehensive information security assessments, regular penetration tests, and thorough security risk assessments are all essential parts of an enterprise security program. The Idaho National Laboratory discovered just how dire the consequences can be if proper security measures aren’t put in place.
6. Suicide Hackers
Unconcerned with jail time, these malicious actors attack their targets without concern for whether they’ll get caught. Usually driven by revenge, the promise of money, or an ideology these individuals will often be extremely noisy in their approach, making them easier to identify and stop.
7. Malicious Insider
Hackers don’t always come from outside your network. Sometimes the most impactful hacks are executed by privileged insiders. These individuals are often disgruntled employees and have varying levels of access to business processes, IT systems, intellectual property, and other confidential information. While the sophistication of this type of attacker can differ greatly, the consequences are almost always devastating. Motivations for this type of black hat includes money and revenge. It’s also not uncommon for this type of attack to result in a data breach.
Businesses looking to better understand the risks associated with this type of attacker should look to have an internal penetration test performed. This variety of penetration test provides the testers with limited internal access to the network akin to what a malicious insider would have.
Gray Hat Hacker
We’ve discussed the beneficial and ethical nature of the white hats and the malicious self-serving ethos of the black hats, but what would you get if you mixed the two? When you combine the helpful intention of a white hat hacker with the illegal activity of a black hat hacker you get our last main categorization of hacker: the grey hat hacker.
Imagine a scenario where a hacker tests websites for vulnerabilities without permission and then notifies the site owners in an effort to help them. The intent is noble enough, but since the hacker did not obtain prior authorization to test the site, this is still considered illegal. Grey does not refer to the legality of this type of hacker, as unauthorized access is always considered illegal, but it does point out the differing motive when compared to a black hat hacker.
Penetration Tests Expose Vulnerabilities
As incentives grow for hackers, it’s inevitable that we’ll continue to see a rise in cyber attacks as we progress further into 2021. Now more than ever, businesses need to prepare themselves ahead of time and understand what risks they face. Understanding how hackers think is just one small part of a complex puzzle which we hope to have shed some light on. If you’d like to see how ERMProtect can help your organization simulate these kinds of attacks and keep you better protected from data breaches, reach out today and we’d be happy to assist.
Our cybersecurity solutions include:
- Internal and external penetration tests
- Web and mobile application penetration tests
- Wireless network infrastructure penetration tests
- Cloud infrastructure penetration tests
- ISO 27001 penetration tests
- PCI DSS compliance penetration tests
- IoT penetration tests
- Social engineering
- Physical site penetration tests
Comprehensive Risk Assessments and More
Our 24-year-old company has vast experience helping clients prevent and deal with information security and data breaches. We offer comprehensive risk assessments, SOC2 audits, regulatory compliance gap analysis and assessments, remediation and implementation. Additionally, our incident response team has deep experience investigating data breaches, containing damage and getting compromised businesses back up and running.
Get a curated briefing of the week's biggest cyber news every Friday.