COMMENT
Hacking is a phenomenon that has been around since at least the 1960s, initially as an exploration of computing more broadly, fueled by the insatiable curiosity of an eternally brilliant community of “hackers,” and largely remains true today. Unfortunately, the term “hacking” can conjure up scenes of a lone individual in a hoodie behind a keyboard, bullying and stealing from victims with ease from the safety of a dimly lit basement. While this cliché is an exaggeration, there are people within the hacker community who have joined forces to use their powers for evil, forming digital cartels of all kinds, with their own codes of conduct.
Recently, we have observed a change in attitudes towards the unwritten rules that have dictated behavior within some criminal cyber loops regarding attacks on both individuals and organizations. What once seemed as true as an agreed-upon code of ethics that threat actors lived by is now being renegotiated.
The original hacker code of ethics
As cybercrime has advanced, there has historically been a respected group of early hackers who believed in the need to have guardrails in place as to who was an authorized target of fraud or hacking. This group is now fighting and negotiating with a new generation of hackers who believe in profit above all else, regardless of threats to innocent life or geopolitical implications.
Targets such as hospitals, where the potential loss of life was very real, were off-limits. Furthermore, critical infrastructure has been avoided altogether, because such attacks against a country’s infrastructure are considered an act of war, which is not something criminal hackers are interested in provoking. THE Colonial pipeline attack They walked a very fine line in this regard because, technically, the hackers did not disrupt pipeline deliveries. But it was still a big wake-up call for governments, defenders and researchers for attacks like these continue to persist on a global scale.
Initially, hackers generally agreed to target an individual or company only once. Cybercriminals would only target a specific vulnerability once before moving on, very rarely continuing to exploit the same opportunity. Now, however, it is quite common for us to see double, triple or even quadruple exploitation – and this rule will likely remain broken for the future. foreseeable future.
This evolution in the ethics of hacking has been driven by a number of factors, including global tensions, the growing transformation of technology that gives attackers even more tools, and the security gaps created by new technologies, giving threat actors an easy road to exploitation. The biggest change, though, actually affects the ransomware groups themselves.
New group dynamics
Ransomware gangs have never taken a one-size-fits-all approach. Attack methods, victimology, and even how people take credit for attacks have historically been different across the board. Interestingly, however, with new online platforms allowing for the involvement of the evil actor community, it has never been easier to break into the hacker community. In fact, now you no longer need to be a computer expert to be successful.
As information and tools have become more readily available, not only is it easier to get started, but there are more and more younger individuals involved in hacking activities. Some of the major groups that are making headlines – like Scattered spiderwho has been credited with having successfully revolutionized important brands such as Caesar’s Entertainment – are believed to consist mainly of teenagers.
Not only are hackers getting younger, but they are also more competitive. In recent cases, there is greater motivation to be attributed to attacks on big brands. This is evidenced by major companies publicly highlighted on the victim pages of major ransomware groups. This has led to a new phenomenon where the most reputable groups are even doing their own PR for their efforts, using the media disseminate information about the victims or the group itself. This creates an added sense of urgency for the victim to pay the ransom or face the consequences of disclosing sensitive information.
This new competitive approach to ransomware gangs has led to greater notoriety for the respective gangs, but has also led to the demise of some of the most prolific groups. One of the most recent examples of this is the FBI’s takedown of a major ransomware gang ALPHV, also known as Black Cat. There has been talk online that a member of a rival group may have passed information to law enforcement to aid in the takedown, which would ultimately help take the pressure off their affiliated group.
Ransomware has been and will continue to pose a threat to businesses for years to come, but behavioral changes in ethics and operations have led to greater challenges in defending and dismantling these groups. One thing is to be expected: always expect the unexpected. Amid targeted attacks against hospitals and other critical infrastructure areas, now more than ever organizations should be aware of these changing dynamics through a comprehensive, broad-spectrum threat intelligence program. Staying updated and informed about the behavior and activities of threat actor groups is one way both organizations and individuals can better navigate this ever-changing security landscape, better deter attacks, and remain vigilant in the face of threats. hackers.