The only constant you can count on in technology is change.
From microprocessors to PCs to smartphones to software, technology continues to become faster, smarter, and more sophisticated. But make no mistake: what’s changed the most in the world of technology over the past few decades is the hacker.
Hackers are highly motivated to stay ahead of the latest security trends. It’s how they keep from getting caught, and how they keep the fun and profit rolling. No matter how smart your CISO is, how many security professionals you have at your disposal, or how many tools are in your security stack, you are responding to the innovations of hackers, not the other way around.
A Brief History of Hackers
Early hackers in the 1960s and 1970s were students at colleges like MIT who used hacking as a way of showing off their programming skills. As computers migrated from the college campus and laboratory to the workplace in the 1980s, a new wave of hackers began to shift the focus from creativity to crime.
Throughout the 80s, hackers grew in prominence as they began to test the cybersecurity of military installations, businesses, and universities. Network breaches and malware made their first major forays into the cybersecurity scene, with notable examples including:
- A 1983 network penetration into dozens of organizations, leading to the first Newsweek cover story on cybersecurity.
- The invention of self-replicating malware, including worms, in 1987.
- The start of ransomware in 1989.
Hackers quickly found themselves on the radar of law enforcement, and many of the laws that are used to prosecute cybercrime today were passed during this time. Significant regulations included the Computer Fraud and Abuse Act in 1986, the Computer Security Act of 1987, and the Computer Misuse Act of 1990.
By the mid-90s, hackers were writing viruses to do things like siphon money from banks, deface websites, and commit credit card fraud. Hackers would share exploits with each other and compete to see who could pull off the most audacious hacks.
While relatively minor compared to the hacks of today, this early period did feature several high-profile incidents that influenced the direction of the cybersecurity industry. The most notable was the Morris worm, which replicated itself so aggressively in 6,000 networked computers across government and university systems that it brought the early iteration of the internet to a standstill. This led to the formation of organizations like CERT (Computer Emergency Response Team) that could research threats and develop advanced solutions.
Over the past 20 years, there has been an arms race between hackers and hardware manufacturers, software developers, and cybersecurity specialists as hacks have gotten larger and more destructive. In addition, hacking has shifted from a hobby to a profession as career criminals, organized criminal syndicates, and even foreign powers pursue hacks like malware and ransomware with global reach.
What Hackers Are Targeting Today
Today’s hackers are found wherever there’s technology. That means everywhere, attacking any vulnerability they can find.
Hackers look for real-world locations with weak security like coffee shops, train stations, and stores. A hacker can easily create a spoof hotspot that unsuspecting users will log into, allowing the hacker to gain access to data from connected devices. In addition, they can use a man-in-the-middle attack to intercept data between a server and a client, allowing the hacker to capture passwords.
In 2016, a reporter for USA Today wrote about his experience using his airline’s in-flight internet connection. At the end of the flight, he was confronted by another passenger with proof that the fellow flier had hacked the reporter’s email. While the hack was conducted to prove a point to the reporter so that he would write about the need for cyber privacy, it also showed that even a public Wi-Fi at 30,000 feet isn’t certain to be safe.
Our phones contain everything from passwords to financial data, which makes our mobile devices another major hacking target. And, with the pandemic, businesses have seen a significant increase in employees using their own mobile devices for work.
While a bring-your-own-device policy has significant benefits for both the employee and the employer, it can also mean that confidential company data ends up residing on employee devices, which may not have the same level of security as IT-controlled devices.
Because people are on their phones all the time and are often checking them while doing something else, personal mobile devices can be particularly vulnerable to social engineering schemes that depend on the user to click a malicious link sent via email or text. This link can then trigger the download of malware that can be used to spy on the user, trigger a ransomware attack, or allow a hacker to burrow their way into a company’s network.
One high-profile example of spyware taking advantage of the ubiquity of phones and the vulnerability of its users was Pegasus. This spyware was used by government agencies to spy not only on terrorists, foreign enemies, and criminals, but also on journalists, political dissidents, and civil rights activists. Once installed on a phone, spy agencies would be able to see every email, photo, text thread, and personal contact stored on the phone. They could also use it to monitor the phone’s location in real time and take control of the camera and microphone.
Internet of Things
While Internet of Things (IoT) devices like smart home devices or fitness wearables are connected to the internet, they are rarely built to the same security standards as laptops and servers, making them tempting targets.
Examples of IoT security failures include:
- Verkada: A group of hackers accessed roughly 150,000 devices from security-camera company Verkada, giving the attackers unrestricted access to live video feeds inside schools, prisons, hospitals, and companies like Tesla, along with archive footage of more than 24,000 clients.
- St. Jude’s: While no patients were harmed, the FDA announced that St. Jude Medical’s implantable cardiac devices had vulnerabilities that would allow a hacker to remotely access the devices. This could allow the hacker to theoretically deplete the battery or administer incorrect pacing.
Today’s organizations can easily have tens of thousands of IoT devices connected to the internet, ranging from printers and office equipment to factory machinery, HVAC systems, electrical infrastructure, and security systems. Not only does this significantly increase the attack surface, but often there is no simple way to monitor and control all these devices from a single pane of glass.
Users voluntarily share large amounts of personal details on their social media channels. While this is a great way to keep up with friends and family, it also makes it easy for hackers to use that information for cybercrimes, such as:
- Account takeovers: Hackers can use publicly shared information to guess the answers to common security questions, allowing the hacker to reset the password, change the email address, and take over an account.
- Spear phishing: A criminal can use the information posted on social media to create a fake online identity designed to gain the victim’s trust. Once they are trusted, they often manipulate the victim into sending money or gift cards. In the corporate world, hackers can use social media information of specific executives to induce them to reveal confidential information, provide access, or send funds.
As hackers compete to conduct ever-larger hacks, they’re also finding it easier to get paid thanks to cryptocurrencies.
Crypto is nearly untraceable, which means cybercriminals can accept ransomware payments in cryptocurrency and not have to worry about authorities discovering their identity.
However, crypto isn’t foolproof. There are examples where law enforcement has been able to track and recover crypto payments. In 2021, authorities recovered $2.3 million of the crypto ransom paid by Colonial Pipeline .
In addition to using crypto to accept ransomware payments, hackers are also taking over devices and using them to mine cryptocurrency. This lets them take advantage of the victim’s CPU and electricity bill to create crypto for free.
Security operations to the rescue
Whether you’re defending your network against a bored teenager, a sophisticated criminal syndicate, or the person peering over your shoulder at the coffee shop, it’s never been more difficult to defend your data.
Arctic Wolf’s industry-leading security operations solutions can provide both the technology and the technical expertise your organization needs to keep up with the latest hacker trends.
Our Managed Detection and Response solution provides 24×7 monitoring of your networks, endpoints, and cloud environments to help you detect, respond, and recover from modern cyber attacks, while our Concierge Security® Team gives you access to skilled security engineers who work as an extension of your team around the clock.
Our Managed Risk solution enables you to discover, assess, and harden your environment against digital risks across your networks, endpoints, and cloud environments, making it much more difficult for attackers to gain access.
And our Managed Security Awareness solution prepares your employees to recognize and neutralize social engineering attacks and human error—helping to end cyber risk at your organization.
Not only do these solutions keep you protected today, but they can help you be prepared for whatever hackers think up tomorrow.
Learn more about how to start improving your cyber security defense against hackers.