Blog & News

This is a premium post...

If you are not an AIM member - Consider joining. AIM Members receive access to all our premium content online.

If you're an AIM member please login to your AIM account to view this post:

Back to Posts

Hacking to Get Paid

Posted on July 24, 2023

Kadian Douglas – Principal, CLA (CliftonLarsonAllen)

In the current digital landscape, hacking has become a lucrative business opportunity for cybercriminals across the globe. Gone are the days where hacking was limited to isolated incidents of curiosity or mischief. Hacking is a business now and one way or another, hackers will ensure they get paid.

Ransomware is only step one in the nightmare of a breach these days. Typically, when hackers break into organizations and install ransomware, they are able to hold the organization, hostage, until they are paid substantial ransom payments. This approach has proven to be highly effective for years providing hackers with a quick and direct source of income. However, it is important to realize ransomware nowadays is often just the beginning of a more comprehensive attack.

BlackCat Attack:

Recent activities of the hacking group BlackCat demonstrate how tactics used by hackers are evolving. In their breach of the online platform Reddit, BlackCat claims they were able to exfiltrate close to 80 gigabytes of stolen confidential data. Not only are hackers focusing on locking down valuable systems, but they have moved their focus to exfiltrate valuable information for various purposes. Exfiltration allows cybercriminals to exploit data such as passwords, addresses, and intellectual property to use for further financial gain.

How long are they in your system before you notice?
This past year, IBM reported that hackers are commonly in systems for over 207 days prior to a firm identifying a breach, and on average takes another 70 days to contain the attack once it has been identified (per IBM Cost of a Data Breach Report 2022). Essentially this means that once hackers breach a space, they can map the environment looking for ways to exfiltrate data for months without anyone realizing they are there. The prolonged presence of hackers within systems demonstrates the importance of organizations having proactive security measures and continuous network monitoring.

If a hacker has breached your environment and has been behind your firewall, then it is a very good assumption that you did not find them until they were ready to be found and presume, they have exfiltrated your data. The hackers were not so sophisticated that they beat all your perimeter defenses to get caught sleeping behind your network.

Mitigate or reduce the likelihood of an attack

By better understanding the changing tactics and motivations of hackers, organizations can better prepare themselves to mitigate any potential risks they may face.

Kadian Douglas currently works with the Information Security Services Group as well as the higher education group providing compliance services, outsourcing and co-sourcing engagements, and information security assessments.