There is a huge difference between a cyber attack generated by a script kiddy running an automated system and one where you are being targeted by a dedicated hacker.
For one, if you are targeted by a dedicated hacker then you already know that you have something worth protecting and you have, hopefully, done something about it.
The biggest problems with cyber attacks on the internet are that 95% of them are coming from an automated system controlled or managed by trainees (script kiddies).
Automated systems have three reasons they are used:
- They are easy to get.
- They are easy to use.
- They are easy to make money out of.
They are easy to get!
There are a number of ways for anyone to get hold of an automated system. They can download an operating system that has an automated system running on it. Kali, Parrot OS or Black-arch are all very good examples but there are others.
Designed as penetration testing tools, these systems have all of the requirements that they need to target organisations, multinationals, or anyone connected to the digital world.
Before you ask, yes it is all legal and above board as long as you are not targeting someone else.
To make these systems more effective they allow them to either download additional components from GitHub or design and program your own applications.
They are easy to use!
The old saying that whenever anything is free you are the product rings true with these systems as well. The creators of these systems keep track of people using them and incorporate any updates into their own releases.
To set up one of these systems all you need is a computer. Once you have administrator access to a computer you can download a virtual environment (VMware if you have some money or Virtual Box for free) and you can then install these operating systems as a virtual operating system.
You can even run the operating system on a microcomputer (Raspberry Pi) for under $100.
Once set up you now have access to the tools and capabilities that, if used correctly, can rival someone who has been in the industry for years. Almost like a novice woodworker creating a dovetail joint on their first try without knowledge of what to do.
No training, just using other people’s knowledge.
In addition, and a bigger issue, what they do not know can be learned or discovered by simply searching google.
The capability and effectiveness of these systems allow them to set up the automated attack and target a huge number of vulnerable systems based on blocks of internet-based addresses.
Simply they can find out if there is a targetable vulnerability just by using facets of the automated systems.
They are easy to make money out of!
These free operating systems have the capability of making money.
To make serious money, though, you need to work with partners. Working with partners can be both beneficial as well as detrimental to their own security.
When it comes to making money it is either through selling information on the dark web, selling cryptovirus decryption keys to vulnerable people or selling access to compromised systems to leverage other attacks.
How to avoid being a target of script kiddies.
To avoid being a victim you need to implement some protective strategies.
You need to apply the CareMIT business security methodology to the organisation but to start at the basics this is what you need to do:
- Patch and update everything – operating systems, application and to really be secure remove anything that you do not use from the system. This is applied to computers, websites, servers, and smart devices.
- Disable macros – do not allow macros to run on the computers
- Use complex, unique and more than 12 characters for every site, service or system in the digital world
- Use 2 factor or multi-factor authentication. If you manage websites or other cloud-based services make sure the third level of security is in place – captcha
- Only allow good applications to run on the system. This is called application whitelisting and only approved applications are allowed to run. There are some anti-virus systems that allow you to do this.
- The last one is critical to your sanity – DO A BACKUP. All the bad guys have to do is win once. A backup ensures that if and when they win they have not really won.
At the basic level, the users of these automated systems are just as vulnerable as the people that they are targeting. A severe case of “user beware”, because if you do not configure the system correctly you are just as vulnerable as your targets.
At the most fundamental level, we all know that most people between 13 and 30 have a limited ethical attitude and good and bad is debatable.
That’s why we have the proliferation of these systems.
Secure your business!
Do the scorecard!
Read your report!
Linkto scorecard https://caremit.scoreapp.com
#ceo #ExecutivesAndManagement #ProfessionalWomen #CareMIT #cybersecurity #infosec