Foresite recently sponsored an event in Boston where an ethical hacker was hired to come in and give the attendees an inside look at the dark side of the web. At Foresite, we deal with protecting organizations from evolving threats, but it was fascinating to see the process from the viewpoint of a hacker.
The first thing that you notice is what an industry this actually is. You don’t have to be a programmer anymore to be a hacker, there are many websites (mainly hosted in Russia or Ukraine) that sell exploit kits. You can customize the malware to your needs, whether your goal is to steal information to resell or to install ransomware on the targets servers to collect ransom if they want access to their data.
Several attendees didn’t seem overly concerned as they have antivirus/anti-malware solutions in place and archived backups that they could revert to if their data was encrypted by ransomware. But next we were shown how easy it is to also have your exploit customized so that known malware signatures are removed. The revised exploit was run through a number of the top AV scanners and not one of them detected it.
The next steps showed how to identify targets and purchase ways to get your exploit deployed via ads on compromised websites, phishing emails, etc. Targets could be selected by geographic area, industry – you name it.
The result of all of this? While the hired hacker didn’t deploy his malware that he built, he took us to the sites where data is bought and sold. You could tell which breaches the data came from, how “fresh” it was – they even run sales on data that has been compromised more than 30 days ago.
This inside look is truly fascinating and really helps you understand evolving threats and what types of protections needs to be in place to minimize the risk for your organization.