It Takes a Hacker to Catch a Hacker 

By Anonymous Hacker, Head of Incident Response  

Hacking has evolved. We’re facing elaborate criminal networks, ruthless organizations of people spanning all ages with diverse backgrounds, driven by a single purpose: theft. These highly organized criminal networks target anything with a digital footprint, and nothing is off limits: top-secret documents, personal information, money, and more. Any information that can be sold in marketplaces on the DarkNets, is at risk. Operating in the shadows, they use a maze of communication channels, such as private gaming chats, anonymous paste sites, and DarkNet forums in foreign countries, which makes them incredibly difficult to catch.

The age-old saying, “There is honor among thieves,” shines within this evolved cyber crime landscape. Established criminal hacker groups that once employed hundreds of people are now growing at an alarming rate by outsourcing to “affiliates”. They locate young, tech savvy, English-speakers — some as young as 12 or 13 years old, share their knowledge and tricks of the trade and provide them with the information they need to wreak digital havoc. This growing group of young hackers, known as the Com, or Community, specialize in social engineering and operate differently than older generations of hackers. They are motivated by status and money and enticed by the idea of a quick and easy payout at the expense of others.

As the cyber crime economy grows exponentially faster than the global economy, cyber criminals are becoming more sophisticated. Cybercrime is a real and growing threat, with the  global cost expected to hit $23.84 trillion by 2027 global cost expected to hit $23.84 trillion by 2027, up from $8.44 trillion in 2022, according to data from Statista, the FBI and IMF. The older and more experienced hacking groups are passing down knowledge to these younger communities helping them learn and improve their skill sets. They are trading and sharing information, recon data, tools, malware, and experience. With this collaboration amongst thieves, their numbers and expertise are growing at an unprecedented rate. This issue mixed with the rapid advancements in technology flooding the market, creates an environment where networks are getting harder to secure.

The security staff at most enterprise companies are struggling just to survive. They may be buying the best-in-market tools, but do not have the time or expertise to configure them effectively. 52% of organizations cite a lack of skills and resources as their biggest challenge in reaching cyber resilience. They also lack the hacker knowledge and mindset. Hackers do not receive traditional classroom training. They learn from other hackers, and their strategies and approaches do not follow any textbook scenarios. The cybersecurity industry relies on ethical hackers to combat this unconventional threat. Cybersecurity companies provide a clear path to cyber resilience through services such as endpoint monitoring, compliance services, and penetration testing. However, in the current threat landscape, organizations need to have an incident response plan in place.  A good IR plan global cost expected to hit $23.84 trillion by 2027, up from $8.44 trillion in 2022, according to data from Statista, the FBI and IMF. The older and more experienced hacking groups are passing down knowledge to these younger communities helping them learn and improve their skill sets. They are trading and sharing information, recon data, tools, malware, and experience. With this collaboration amongst thieves, their numbers and expertise are growing at an unprecedented rate. This issue mixed with the rapid advancements in technology flooding the market, creates an environment where networks are getting harder to secure.

Defending against the growing surge of cyber incidents is an evolving challenge, but cyber resilience starts with basic hygiene. Organizations need to adopt a culture of cybersecurity from the top down, including cyber awareness training, endpoint monitoring, IR plan development and more. Bad actors may not follow many rules, but there are common attack scenarios for which organizations should prepare. Defense begins with awareness but must be followed by action. Without proactive steps to secure their data, organizations will inevitably fall victim. You must start to think like a hacker to stop a hacker.  

Ready to improve your cyber resilience? Our security experts are ready to help.