Have you ever wondered who the hackers are, what they want to realise from attacking businesses, and how they actually hack? Then if so read on…..
Security researchers and academics have categorised hackers based on three key factors: skill level (the ability to bypass defences like antivirus and firewalls), available resources (the tools and assets they have), and tenacity (how long they are willing to invest in attacking a target before moving on). These categories help to understand the varying levels of threat posed by different types of hackers:
1. Script Kiddies
A script kiddy is an individual who uses pre-built, freely available hacking tools to target systems with minimal or no understanding of how those tools work. If these tools were unavailable, they would be unable to conduct any attacks. They typically go after easy, low-hanging targets, and pose a lower risk compared to more skilled hackers.
2. Organised Crime Groups
Historically, organised crime groups have been portrayed in movies like The Godfather – sophisticated networks of criminals working together for illegal enterprises. In the digital world, similar groups operate as hacking syndicates, and these groups can be scattered across the globe. Many members may never meet in person, working instead through pseudonyms and avatars on forums. In terms of skill and persistence, these groups are far more dangerous than script kiddies, making them a serious threat to businesses and systems.
3. Advanced Persistent Threats (APTs)
APTs are often associated with nation-states and are typically deployed for geopolitical reasons, cyber espionage, or sabotage. These hackers possess high levels of skill, significant resources, and patience, allowing them to pursue long-term objectives. Unlike script kiddies or even organised crime groups, APTs will not simply give up if they encounter obstacles; their persistence makes them a formidable adversary in the cyber realm.
Common Attack Methods
Despite the differences in their skill levels and motivations, all hacker groups generally start their attacks in similar ways. They often begin by searching for obvious weaknesses in a network, such as unpatched vulnerabilities or unsecured entry points. It’s akin to a burglar discovering a wide-open front door – there’s no need for complex manoeuvres like scaling a building if an easy entry point is available.
Another common method used by hackers is the phishing email. Phishing attempts range from crude, easily identifiable scams to highly sophisticated emails that mimic legitimate organisations like Microsoft or Google. These emails aim to steal login credentials, and in some cases, bypass multi-factor authentication (MFA). While script kiddies might lack the skill to conduct complex phishing attacks, more advanced criminals or nation-state actors can craft insidious phishing campaigns that target even MFA-protected accounts.
Cybersecurity Is Still Worth the Effort
It may sound daunting to defend against APTs and organised crime groups, but strong cybersecurity practices can significantly reduce your risk. Start by ensuring that there are no “open doors” in your digital systems. Implement MFA wherever possible, and choose more phishing-resistant MFA options where available. These steps alone can deter script kiddies and many organised crime groups, forcing them to move on to easier targets.
Even when facing a nation-state or advanced adversary, robust cybersecurity measures can delay attacks, giving your organisation more time to respond. Furthermore, maintaining best practices (such as those outlined in Cyber Essentials or ISO 27001) puts you in a more defensible position should a breach occur.
Beyond protection, investing in cybersecurity demonstrates to current and potential customers that you are serious about keeping their data safe. This commitment to security can win new business, foster trust, and even enhance the market valuation of a company, particularly if you are preparing for public listing.
Stay Up to Date With Cyber Security for Business With NEBRC
At NEBRC, we’re a police-led not-for-profit organisation that’s dedicated to your cyber security. We work closely with you to keep your data safe and reduce your risk of cyber attack.
Visit our website to find out more about our Security Cyber Awareness Training, or our Network Vulnerability Assessment to help you understand how to better protect your assets.
You can also sign up for our Free Core Membership, designed to provide you with relevant resources and ongoing support to improve your resilience to cyber security threats.