Sunday, June 16, 2024

6 Traits That Entrepreneurs And Cyberattackers Share

 


When people conjure up the image of a Cyberattacker, very often the image of them wearing a hoodie, sitting in a dark room hunched over five monitors very often comes to mind.  But, while this could be true to some degree, this is really not how Cyberattackers truly operate.  Of course, he or she will want to keep their tracks as covered as possible, so that they can evade detection.  But believe it or not, the Cyberattacker of today often thinks like an entrepreneur when they plan to launch an attack, or even attempt to form a Cyberattacking group of sorts.

So what goes into their mind, you are asking?  Well here are some clues to it:

1)     They try to find the markets:

In the old days of the hacks, the goal of the Cyberattacker was to launch what is known as a “Smash and Grab” campaign.   Meaning, the goal was to get in by any means that are possible, get whatever they could, and run off into the distance, with hopes of not being caught.  But today’s Cyberattacker takes a very unique approach.  Just like entrepreneurs, they study the kind of market that they can get into.  In other words, what fits the profile of a potential victim?  Once this has been figured out, the Cyberattacker, using open-sourced tools, such as Social Media, then tries to find their victim.  But keep in mind that there are many other tools that can be used out there in the public domain, such as “OSINT”, which stands for “Open-Source Intelligence”.  Also, it may not be an individual that they are trying to target, it could even be a business.  Or worst yet, the Cyberattacker may have even been hired by someone on the Dark Web or through other covert means in order to launch an attacks.

2)     Creating the product/service:

Once an entrepreneur has an understanding of the market that they want to get into the next step is to create or further develop a product or service that will meet the needs and demands of prospects.  In this case, once the Cyberattacker as figured out their victim, their next step is to then determine their weapon of choice.  For instance, will it be a Phishing Attack?  Or one that involves Social Engineering?  Or perhaps even launch a Ransomware Attack to steal information and data?

3)     Getting the funding:

As the entrepreneur is now finalizing the business plan, the next thing on their mind is to now figure out how to get funding to launch their brand-new product or service.  There are two ways they could do this, which are either tapping into their own savings, or reaching out to investors.  In the case of the Cyberattacker, their goal here is to now figure how they will get the means to launch their Attack Vector.  For example, will he or she be joined by other Cyberattackers in an effort to pool resources, or will they go on it solo?  The goal here, just like the entrepreneur, is to keep costs as low as possible, primarily to avoid raising red flags.  So, they could hire a service on the Dark Web that could launch the attack for literally pennies on the dollar (the most popular one in this regard is “Ransomware as a Service”).  Or, the most preferred method is to take the profile of an existing Threat Variant and modify in some fashion so that it will be deadlier.  In other words, building a better mouse trap.

4)     Launching the product/service:

Now, once the victim (the target market) has been selected, and the funding has been secured, the next move is to now launch the actual Threat Variant, in order achieve the desired outcome.  Most likely, it will be an attempt to heist login credentials, or exfiltrate data that can be used to either sell on the Dark Web, or even launch a Ransomware Extortion Attack.  But, just like the entrepreneur, if things are not going as planned or expected on the initial launch, they will shift strategies in order to gain what has been planned.  In the case of the Cyberattacker, it would be to stay as covert as possible.

5)     The continuation of the marketing:

Once the entrepreneur has reached a point of some stability and have actually achieved sales on their new product or service, their next goal is to keep up with the marketing strategies or even tweak them further in order to generate more prospects, which in turn, will lead to more sales.  This is also true of the Cyberattacker.  Once they have launched their Threat Variant, found a way in, and remained as covert as possible, their next objective would be to move across the IT/Network Infrastructure in a lateral fashion to see they can steal.  For example, it could be trade secrets, other sorts of confidential documentation, or even Intellectual Property (also known as "IP”.). 

6)     The next wave:

For the entrepreneur, once they have had a successful launch of their product or service, the next thing for them is to figure out what to produce next.  Most likely, since funding and resources will still be rather tight, they will take what they have already created, and attempt to add more functionalities to it to perhaps even serve a different market entirely.  The same is true for the Cyberattacker.  Once they have achieved what they wanted to get with Threat Variant, they will want to add more stuff to it to not make it only stealthier, but even deadlier as well.  In this case, it is quite likely that they will even target an entirely new victim.

My Thoughts On This:

What I have detailed in this blog is the basic model that a Cyberattacker could potentially follow.  All of the steps may not be followed.  But the bottom line here is that just like when launching a new business, a lot of time is spent these days trying to figure out how to do it right the first time.  The same is also very true of the Cyberattacker.  They now take their time to carefully profile and target their victims, in an effort to strike them at their weakest point when they are the least aware of it.

 

No comments:

Post a Comment

Why Students From K-12 Are So Vulnerable In Becoming A Cyber Victim

  Whenever we hear about a Cyberattack or a security breach, we often think that the entity involved is a Fortune 500 company, or even a hea...