Know your cyber-attacker: profiling an attacker
I remember the days when hacking was something that people did because they could. It wasn’t quite done for fun, but people wanted to show off their computer skills. More often than not, hacking was harmless, someone broke into a system and left a little calling card, but beyond that there was very little damage done. It was for the thrill as much as anything.
While I suspect the Hollywood portrayal of hackers being young, socially-awkward men working on their own at a computer in their darkened bedroom was never completely accurate, there was an element of truth to it.
These days that’s simply not the case. Hackers and cyber attackers can be highly-funded and well organised, and their targets can range from money to intellectual property (IP) to service disruption.
Some cyber attackers are politically motivated. For example, hacktivist groups Anonymous and LulzSec attacked MasterCard, Visa and PayPal in retaliation for blocking payments to WikiLeaks following the release of classified US diplomatic cables. They have also attacked government websites for oppressing their citizens, most notably during the Arab Spring uprisings of 2011. Many of these attacks took the form of a DDoS, a simple but effective way of disrupting a service.
Then there are the cyber attackers that are after money. Look at the recent Target data breach, for example. An email containing a piece of malware was apparently sent to an HVAC company that works with Target, one of the biggest retailers in America. Using stolen passwords the cyber attackers accessed the credit and debit card details and other personal information of an estimated 110 million people.
Similar attacks have been launched to target IP; blueprints and manufacturing designs are a common target.
A more recent development is that of state-sponsored attacks. Governments have turned to cyber attackers (and are funding them quite handsomely in most cases) for service disruption, IP theft, espionage and more. Google, for example, accused the Chinese government of accessing its systems as well as Gmail accounts linked to Chinese dissidents. The attack was dubbed Operation Aurora, and also targeted many other companies such as Adobe, Yahoo and Symantec.
The point here is that systems are at risk from a variety of sources for a variety of reasons, and businesses must protect their defences accordingly. While it is not an exact science, most businesses can work out what sort of attacks they are likely to experience; some businesses are more at risk of certain attacks than others.
Knowing what attacks a business is likely to face will help with planning how to defend against those attacks.
One of the key defences is around access; if a company can control the who, what, where and when of access to key data and applications it will greatly improve their ability to fight off cyber attackers. A good Access Policy Manager will provide valuable insight into who is on your network and what they are doing on it, as well as enforcing policy, so if someone tries to access something they shouldn’t access will be blocked. This ensures data and applications remain secure.
There are ways to mitigate against a DDoS attack as well, if a business feels that is what it is most in danger from. A multi-tier approach to DDOS that is application aware, can scrub the network and clean the pipe will all help to ensure your applications will remain available, negating the impact of the attack irrespective of its size or which layer it’s targeting (network, session or application). Profiling your enemy is the first step to building the right kind of defences to stop them and ensure your business keeps operating. Knowing what kind of attacks you are likely to face means you can build appropriate defences.