“If attacked, don’t get overwhelmed, don’t try to do it all at once.”
Hacking is big business, but who are the attackers?
Script Kiddies take someone else’s scripts and run them. These hackers are willing to break the law. There are a large number of these hackers. It is often hard to determine the origin of these types of attacks. The hackers can attack a system in fewer than 10 minutes when a system is unpatched or without a firewall. These aren’t the most dangerous hackers, but they cause a lot of damage.
Organized crime hackers demand ransom fees averaging over $200,000. Interestingly, 96% of victims who paid, got their data back. The average downtime of these types of attacks is 21 days. These hackers research details, such as insurance and vendors, which is public record for public safety entities. These hackers may be overseas, but can also be found in the U.S.
Hacking as a service involves a group of criminal developers who lease attack programs to others. These hackers have excellent resources, originate their own software packages, and even walk victims through how to make payment. The hackers have full-time paid employees. There have been many of these attacks at county-level operations.
Nationstate organized crime hackers originate in Russia. These attackers scan systems looking for a Russian language pack. If found, they are less likely to hack the system. The hackers launch highly sophisticated attacks, grabbing the biggest piece of data and backups, then encrypting the data and holding it for ransom. This allows hackers to demand two payments, one to get the data back, and one to unencrypt the data.
Nationstate hacks occur primarily from China, Russia, Iran and North Korea. These hackers send persistent threats and are extremely good at SME access. Chinese and Russian hackers want to create fear, uncertainty and doubt, and damage trust. Iranians and Koreans want the payoff. These hackers recognize sensitive and vulnerable sites and will set up their own defenses and anti-virus software in the systems.
The four steps to defending your systems are:
- Know your perimeter. Be boring. What is the attacker going to see when they run scans? Does your system look like it allows outside access? If so, it will draw more attention to the hackers.
- Scan your systems and scan often. Know your vulnerabilities before attackers do. Be sure to scan after any major change that impacts the firewall. Automating scans ensures they are done.
- Require vendors to disclose all ways to access the system. Keep in mind vendors aren’t just information technology; they also include generators, HVAC, building security and any other system with remote access.
- Manage change. Don’t try to fix everything at once. It is important to work forward, to create a smaller gap to close. Start small, perhaps by creating an Excel worksheet. Write out necessary changes, then run changes, always having a backup plan. Using this process, in 6-12 months you will have effectively-run books.
By Tina L. Chaffin