August 25, 2015 By Pamela Cobb 3 min read

It’s not uncommon to see a hacker in a movie or a television show sitting in a dark basement, frantically typing as he or she simultaneously transfers money from the largest bank in the world, changes traffic lights from green to red to stop the good guys, raises the temperature on a nuclear core and turns off life support for a key character’s beloved family member — all in a 10-minute span. That’s quite a lot of skills for one person to possess and execute in such a short period.

What If I Told You Hoodies Are Passé?

Let’s put a pin in the potential time dilation and address the fact that the movie hacker is probably wearing a hoodie. In more extreme movies, hackers wear badass leather trench coats, don dark shades and have hip handles like “Cho$3n0ne.”

Recent reports show that 80 percent of cyberattacks are driven by organized crime. While there are still mischievous lone wolves, the evolution of malware into toolkits or even ransomware-as-a-service, as reported in the latest “IBM X-Force Threat Intelligence Quarterly,” means that collaboration is the new modus operandi for attacks on corporate networks. And although these groups are meeting online in the Dark Web, they are also showing up to an office, working on projects and maybe even sitting in a drab gray cubicle.

There Is No Spoon

Let’s get back to that time dilation point. There is every chance that attackers have spent their lives developing skills that enable them to write code that penetrates networks in all sorts of creative ways. Of course, attacks could also be executed by script kiddies with an exploit kit purchased off the Dark Web. What television and movies often get wrong, however, is the amount of time it takes to execute a complicated attack and get results.

On a good day, I can boot up my computer and log into all my corporate systems in the time it takes to brew a pot of coffee, doctor my cup with cream and sugar and wash the spoon. In that light, being able to affect a multitude of disconnected systems ranging from banking software to elderly SCADA systems in a 10-minute span is about as realistic as learning kung fu by uploading the skills directly to your brain.

Even if systems could be affected in near-instant time, the more successful attackers take their time to be stealthy and tiptoe through networks, leaving malware in place and undiscovered for up to 225 days, according to some sources. Imagine how many spoons you could wash while the malware lies dormant in your network!

The more data they can siphon out over that longer period, the more hackers maximize their return on investment in developing or buying the malware toolkit. As cybercrime rings are organizing and operating like businesses, the long game makes better business sense.

Download the Q3 2015 IBM X-Force Threat Intelligence Quarterly

Free Your Mind From Hacker Tropes

My favorite part about movies and television that use these “omnipotent hacker” tropes is that the hacker will often meet his downfall because he made a dumb mistake, like not obfuscating his IP address, either because he didn’t know how or simply forgot to do it. Perhaps his shades and coat are too tight and cut off circulation to his brain?

It’s time we stop focusing on “The One” and recognize “The Multitude.” The evolution of collaborative cybercrime necessitates collaborative defense, and as security practitioners and vendors, our skills and defenses can grow through tools like a threat intelligence sharing platform. Organizing and collaborating on threat intelligence akin to the collective hive mind that attackers use can help us dodge the bullet of targeted attacks.

More from X-Force

Hive0147 serving juicy Picanha with a side of Mekotio

17 min read - IBM X-Force tracks multiple threat actors operating within the flourishing Latin American (LATAM) threat landscape. X-Force has observed Hive0147 to be one of the most active threat groups operating in the region, targeting employee inboxes at scale, with a primary focus on phishing and malware distribution. After a 3-month break, Hive0147 returned in July with even larger campaign volumes, and the debut of a new malicious downloader X-Force named "Picanha,” likely under continued development, deploying the Mekotio banking trojan. Hive0147…

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Getting “in tune” with an enterprise: Detecting Intune lateral movement

13 min read - Organizations continue to implement cloud-based services, a shift that has led to the wider adoption of hybrid identity environments that connect on-premises Active Directory with Microsoft Entra ID (formerly Azure AD). To manage devices in these hybrid identity environments, Microsoft Intune (Intune) has emerged as one of the most popular device management solutions. Since this trusted enterprise platform can easily be integrated with on-premises Active Directory devices and services, it is a prime target for attackers to abuse for conducting…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today