We’re at war, and you are sitting smack dab in the middle of the battlefield. No need to dig a foxhole or look around for incoming grenades, because this war is in cyberspace and you could very well be a target.
As you’re no doubt aware, the internet can be a dangerous place, perhaps not physically, but for your personal and your company’s proprietary data, it’s not a safe place to be hanging out.
From phishing to social engineering to people hacking your passwords to bots automatically hacking your web apps, every day the number of combatants in our cyberwar increases.
Cyber Threat Types and Motivations
There are several types of cyberwars going on at any given time. There are plain old hacking attacks, criminally-targeted attacks, nation state cyberwar, and hacktivist actions, all of which make the internet a place where only the brave tread fearlessly. Whether you are a threat intelligence analyst, a member of a hunt team, a malware researcher, or a SOC technician, you most likely encounter these actors on a regular basis.
It’s not surprising to anyone with experience in the information security field that all this activity is teeming online, often out of site of the average web surfer, including your typical corporate or government middle manager. The same people who refuse to patch their systems and deactivate their anti-virus, are often quick to call efforts to raise awareness about cybercrime as scare tactics and fear mongering. They’re also often the first to get hit and require you to come clean up their mess.
Why Knowledge Breeds Better Cybersecurity
By profiling your cybersecurity nemeses, you can better identify their attack vectors, common attacks, and hopefully harden the appropriate infrastructures before your less-than tech savvy friends click on the wrong link and infect your network. If they manage to still find weaknesses, knowing what and where to look for trails, and what tools to use to maximize your efficiency can also be invaluable.
Being prepared to respond to hacking incidents not only makes good business sense from a risk mitigation and compliance strategy, it also reduces your workload when the attacks come fast and furious. As General Norman Schwarzkopf says, “the more you sweat in peace, the less you bleed in war.”
Know Thy Cyber Threat: Hackers, Insider Threats, Criminals, Hacktivists and Nation States
Since the old adage of “know thy enemy” holds true, over the next four articles we’re going to cover in a bit of depth that various factions that give us all job security, but also rob us of the occasional weekend. We’ll also cover some commonly used tools and techniques you can use to hunt your adversaries. Next up: Hackers.