Story image

All in a day's work: Why hackers hack and how they do it

12 Apr 18

It can take hackers less than an hour to steal data from an organisation, and most of the time their targets don’t even detect the attacks.

It’s all in a day’s work for professional hackers, who say that the reality of cybersecurity is much different to what some organisations believe.

Nuix’s Black Report polled professional hackers, penetration testers, and incident responders from 13 countries.

Most hackers can breach a target system, find and exfiltrate data in just 15 hours, while 33% can do the task in five hours, and 40% can do it in less than an hour.

93% say organisations don’t detect their attacks more than half the time – unsurprising considering 70% believe security professionals don’t even know what they’re looking for when they’re trying to detect attacks.

“The Black Report reveals a huge gap between perception and reality in cybersecurity—you might think you’re well protected but the people whose job it is to break in and steal your data think otherwise,” says Nuix’s head of services, security and partner integration, Chris Pogue.

88% of hackers use social engineering tactics like phishing to get information about targets before they conduct their attacks, suggesting that security training for employees at every level in an organisation is critical.

“Most organisations invest heavily in perimeter defences such as firewalls and antivirus, and these are mandatory in many compliance regimes, but most of the hackers we surveyed found these countermeasures trivially easy to bypass. If hackers can steal your data within a day but you only find out it happened months later, you’re well on the way to becoming the next big news story,” Pogue adds.

Who are those hackers? 57% work for medium, large or enterprise businesses. When asked if they had accessed their employer’s critical data for personal gain or for unnecessary purposes, only 14% said yes.

“For every 1,000 employees your organisation has, 140 of them are accessing your CVD for their own purposes beyond that which their job requires,” the report says.

Hackers are also smart: Three quarters have graduated from college and 32% have postgraduate degrees. 6% say that formal education is for ‘suckers’.

Most respondents (86%) say they hack to learn, 35 ‘hack for the lulz’, 21% hack for financial gain, and 6% hack for social or political motives.

The hackers say that they use the same attack techniques for a year or more – despite common perceptions that attacks are becoming more sophisticated.

“Hackers can keep using the same attack techniques because they still work—if it ain’t broke, don’t fix it,” Pogue explains.

“Again and again in the media, data breach victims claim they suffered unprecedented and highly sophisticated cyberattacks but the reality turns out to be that someone didn’t do their job properly. In the recent Equifax case, it was simply an older system that hadn’t been patched.”

But hackers are keeping an eye on what’s happening in the wider security space – 48% spend between 1-5 hours keeping up with security news, trends, and technologies. 16% spend more than 10 hours doing the same activities.

“If cybersecurity is an arms race and knowledge is a weapon, are security specialists and incident responders spending as much time researching how to get better at their craft? Based on the data in this report, specifically the time it takes to compromise a target and how rarely our respondents were detected, it seems likely they are not,” the report says.

78% of respondents believe that data hygiene is an important part of cybersecurity.

Pogue says that organisations are misdirecting their security strategies because they aren’t including people who know how to hack.

“When organisations develop their cybersecurity strategies, they may have IT, legal, risk, and human resources teams at the table but the one person they never invite is the bad guy,” Pogue concludes.

The survey polled respondents from Australia, Brazil, the Dominican Republic, Dubai, England, France, Germany, Ireland, Mexico, New Zealand, North America, the Philippines, Singapore, and South Korea.

Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.
Juniper simplifies data integration to improve threat detection
Updates to the Juniper Advanced Threat Prevention Appliances leverage third-party firewalls and security data sources.
Is mobile shopping compromising your enterprise security?
When employees do their holiday shopping on company resources, security teams have a challenge with the surge in browsing and online transactions.
Different approach to malware detection needed – VMware
Security needs to move away from the traditional approach of chasing after arbitrary forms of malware.
Modernising ERP systems can help organisations comply with GDPR
“Organisations need to look for modern ERP systems that are specifically designed with GDPR in mind."
Cyber attacks develop complexity, target Windows sysad tools - report
The report explores changes in the threat landscape over the past year, uncovering trends and how they are expected to impact cybersecurity in 2019.
DanaBot banking Trojan: How to protect your organisation
DanaBot is a Trojan written in the Delphi programming language that includes banking site web injections and stealer functions.
Ping Identity announces new Identity-as-a-Service solution
PingOne for Customers is built for the developer community and provides API-based identity services for customer-facing applications.