Entrepreneurs of the new world order.
“We’ve introduced the hacker-preneur. The capitalistic hacker,” said Dan Schiappa, SVP and GM of products at security solution provider Sophos.
Consider the “new economy” that is developing.
"In recent years, exploit-kit authors have moved to cloud-based kits, mirroring the trend in the legitimate software industry — in essence, a criminal version of software as a service," according to Trustwave’s Global Security Report. "Today, most of the major kits use a rental-based business model, wherein customers pay for an account on a server under the kit author's control and manage their illicit 'campaigns' through an administrative interface.”
These programmers of malware are marketing their tools and technology in kit form to enable new hackers to start their nefarious businesses attacking the unsuspecting, often ignorant computer user. There is an entire eco-system growing around the tools and technology to create these hacks. Retail outlets for malcontents to open a business attacking other organizations and individuals – usually with a profit motive, but not always. It is becoming easier and faster for these “start-ups” to get rolling. Furthermore, with the onset of bit-coin, we now have untraceable currency allowing them to get away scot-free.
The Malware-preneur is a by-product of the lack of sophistication on the part of individuals and business in protecting their assets. A hubris that says I am not a target. I am not big enough or interesting enough for a hacker to come after me. Yet, these attacks are more like a random act of violence on the street. They care not who their target.
The hacker launches malware “drones” on the internet looking for any unsuspecting individual to attack. Then, when a target is found through any number of routes – Phishing, worms, OS vulnerabilities, etc. – the hacker evaluates the value of the target. In the most basic sense, they steal the identity of the individual. In a step up, maybe encrypt the system (server, workstation, etc.) and charge a ransom to get it back. Worst case, steal credentials and log into bank accounts, investment accounts, etc. and transfer assets. And possibly do all of this at once.
I worry that many business owners have become desensitized to the risks they face. Maybe because they have been threatened in the media for so long without having anything happen; they feel immune. Maybe because the tech talk of the risks is beyond their understanding. Possibly, they simply are not paying attention. Yet, the new hacker-preneur is spending more resources with more tools available to go after more and more targets. Why? Because those owners are not doing enough to harden their technology against the attacks.
My most basic advice – don’t be ignorant about your security – personal and professional. The hackers prefer you to be.