Cybercriminals and hacktivists face many of the same hiring problems as defending security organisations, but with their own particular twists, according to a new report.
There is a lack of qualified candidates for jobs such as malware writers, exploit developers, bot net operators, and mules, according to the Digital Shadows report.
In addition, cybercriminals are limited in their ability to properly vet new hires, to widely advertise for needed talent, and to find people who are both trustworthy and are willing to break the law. Plus, time is a significant constraint.
“Cybercriminals have to be very fast,” said Rick Holland, vice president of strategy at Digital Shadows. “Their window to monetise is very shallow.”
Meanwhile, law enforcement groups, banks, and security groups are all keeping an eye on them, waiting for them to make a mistake.
Underground listings
To find the right candidates, the criminal groups post job openings on underground job boards, conduct Skype interviews, ask for references, and check applicants’ reputations on sites dedicated to shaming bad actors.
The Skype interviews are a popular tool, but neither the applicant nor the interviewer can afford to expose themselves to the other, to avoid law enforcement. As a result, the video is turned off, voices are masked, and traffic is directed through anonymising services such as TOR.
A typical advertisement requires that all communications be encrypted, and payment will be made in Bitcoin.
Some groups also put new hires into a probationary period until they prove themselves.
“But there are OpSec trade-offs,” said Holland. “If they have so much security that it makes it difficult to recruit people, then that makes it difficult for them to monetise.”
Some groups also offer incentives for new talent, such as promising fame and notoriety, profit-sharing, and travel expenses.
Compromised process
However, the more actively the criminals recruit, the more likely it is that the recruitment process will be compromised.
Even if they don’t get caught by authorities, just the recruitment process itself can provide valuable information to defending organisations. It provides information about in-demand skills and tools and also potentially about industries and organisations that may be targets in the near future.
For example, one reason many attackers use simple tools and attack methods is simply that those entry-level skill sets are easiest to find.
Those low-level skills include SQL injections and cross-site scripting, Holland said.
And there is a lesson there for defenders.
“If we focus on application security, reduce footprint on SQL injections and cross-site scripting, we wouldn’t eliminate all attacks, but we would reduce the attack surface,” he said. “It’s the simplest things.”
IDG News Service
Subscribers 0
Fans 0
Followers 0
Followers