“If you know the enemy and know yourself, you need not fear the result of a hundred battles.” This is one of the most often repeated quotes from Sun Tzu’s The Art of War, a classic work of military strategy that has become a source of inspiration across disciplines, far outside the literal battlefield.
Certainly, in the ongoing cyber war, your organization needs to know both itself and your enemy to build effective cyber security strategies. Risk assessments, security audits, malware analysis and prioritized risk management initiatives are all critical in understanding your own security posture.
But who, exactly, are your enemies? What are their motivations, and how can you keep a pulse on their plans?
We’ll take a closer look at the types of cyber criminals who are after your data and resources, and explore a few methods for staying ahead of their game.
Black Hats Come in Different Shades
Not all hackers are bad; in fact, the industry uses the metaphors of white hat (ethical hacker) and black hat (cyber criminal) to distinguish the bad from the good. But not all black-hat hackers are created equal — they are interested in different things and use different techniques.
According to PricewaterhouseCoopers, black hats fall into one of four types:
- Nation-states: Cyber criminals who are sponsored by the government of foreign countries to engage in cyber espionage to gain economic, political, or military advantages. Recent events involving Chinese hackers have shown that this type of hacker targets not only government networks and state secrets, but also corporate networks housing trade secrets, which foreign businesses can use for a competitive advantage.
- Organized crime: Cyber criminals after an organization’s valuable data don’t work alone. Similar to what you would expect in a real-world criminal operation (like a bank heist), groups of black-hat hackers orchestrate plans and assign roles. This planning takes place on dark web forums that are not indexed and are inaccessible on standard browsers.
- Hacktivists: Black-hat hackers are not always after financial gain. Hacktivist groups, such as the Anonymous collective, take aim at corporate and government targets for political purposes. Their actions are meant to be disruptive or coercive, and they often involve distributed denial of service (DDoS) attacks, which make the target’s websites inaccessible, as well as threats to leak sensitive data if demands are not met.
- Insiders: Insider threats can be unintentional, but there are those inside an organization who will purposefully steal corporate data. These cyber criminals pose one of the most pressing risks for many organizations, as they may have easy access to sensitive information.
Now that you have an idea of who is going after your data and what they want, you still must face the challenge of scouting and combating their moves. Here are a few practices that are at your disposal.
Monitoring the Dark Web
Although the dark web can’t be accessed on a conventional browser, it can be tapped as a rich source of intelligence, where analysts learn cyber criminals’ attack plans straight from the horse’s mouth. Dark web monitoring can be done through internal security programs, with the right resources on hand, or a third-party consultant can provide the service.
Lunarline includes dark web monitoring within our managed security service, leveraging years of combined experience and shared expertise to hone in on the right sources.
One way to predict a hacker’s actions is to hire a hacker. White-hat hackers who conduct penetration testing services take creative approaches to find weaknesses in your networks, helping you take action before the enemy arrives. With these services, of course, you need to be sure penetration testers are versed in the latest techniques and working the same angles a black-hat hacker would.
This is why, in addition to staffing the top talents in the field, we built the Sniper penetration testing platform, which standardizes the testing procedure based on the latest intelligence.
Gathering threat intelligence is critical to understanding what is headed your way. However, you may gather more information than your security team can effectively use. This is where it’s important to know yourself in order to know the enemy. By understanding your network infrastructure and risk priorities, you can more quickly and effectively make sense of incoming intelligence reports and organize preventive actions. The Ground Station intelligence platform is designed to automate this process and make it simple for your team.
The professionals at Lunarline understand how hackers operate, and in turn have developed products and services that will ensure organizations stay a step ahead. For more information on how we can help your organization, visit Lunarline online or contact us today.