Years ago the typical hacking scenario involved a lone attacker and maybe some buddies working late at night on Mountain Dew, looking for public-facing IP addresses. When they found one, they enumerated the advertising services (Web server, SQL server and so on), broke in using a multitude of vulnerabilities, then explored the compromised company to their heart’s content. Often their intent was exploratory. If they did something illegal, it was typically a spur-of-the-moment crime of opportunity.
My, how times have changed.
When describing a typical hacking scenario, these days you must begin well before the hack or even the hacker, with the organization behind the attack. Today, hacking is all crime, all the time, complete with bidding markets for malware, crime syndicates, botnets for hire, state actors, and cyber warfare gone amok.
Here are the nine biggest threats facing today’s IT security pros.
Threat No. 1: Cyber crime syndicates
Although the lone criminal mastermind still exists, these days most malicious hacking attacks are the result of organized groups, many of which are professional. Traditional organized crime groups that used to run drugs, gambling, prosecution, and extortion have thrown their hats into the online money grab ring, but competition is fierce, led not by mafiosos but several very large groups of professional criminals aimed specifically at cyber crime.
Many of the most successful organized cyber crime syndicates are businesses that lead large affiliate conglomerate groups, much in the vein of legal distributed marketing hierarchies. In fact, today’s cyber criminal probably has more in common with an Avon or Mary Kay rep than either wants to admit.
[Related: FireEye 2.0: Cyberhumans as a Service]
Small groups, with a few members, still hack, but more and more, IT security pros are up against large corporations dedicated to rogue behavior. Think full-time employees, HR departments, project management teams, and team leaders. And it’s all…