It’s not uncommon to see a hacker in a movie or a television show sitting in a dark basement, frantically typing as he or she simultaneously transfers money from the largest bank in the world, changes traffic lights from green to red to stop the good guys, raises the temperature on a nuclear core and turns off life support for a key character’s beloved family member — all in a 10-minute span. That’s quite a lot of skills for one person to possess and execute in such a short period.

What If I Told You Hoodies Are Passé?

Let’s put a pin in the potential time dilation and address the fact that the movie hacker is probably wearing a hoodie. In more extreme movies, hackers wear badass leather trench coats, don dark shades and have hip handles like “Cho$3n0ne.”

Recent reports show that 80 percent of cyberattacks are driven by organized crime. While there are still mischievous lone wolves, the evolution of malware into toolkits or even ransomware-as-a-service, as reported in the latest “IBM X-Force Threat Intelligence Quarterly,” means that collaboration is the new modus operandi for attacks on corporate networks. And although these groups are meeting online in the Dark Web, they are also showing up to an office, working on projects and maybe even sitting in a drab gray cubicle.

There Is No Spoon

Let’s get back to that time dilation point. There is every chance that attackers have spent their lives developing skills that enable them to write code that penetrates networks in all sorts of creative ways. Of course, attacks could also be executed by script kiddies with an exploit kit purchased off the Dark Web. What television and movies often get wrong, however, is the amount of time it takes to execute a complicated attack and get results.

On a good day, I can boot up my computer and log into all my corporate systems in the time it takes to brew a pot of coffee, doctor my cup with cream and sugar and wash the spoon. In that light, being able to affect a multitude of disconnected systems ranging from banking software to elderly SCADA systems in a 10-minute span is about as realistic as learning kung fu by uploading the skills directly to your brain.

Even if systems could be affected in near-instant time, the more successful attackers take their time to be stealthy and tiptoe through networks, leaving malware in place and undiscovered for up to 225 days, according to some sources. Imagine how many spoons you could wash while the malware lies dormant in your network!

The more data they can siphon out over that longer period, the more hackers maximize their return on investment in developing or buying the malware toolkit. As cybercrime rings are organizing and operating like businesses, the long game makes better business sense.

Download the Q3 2015 IBM X-Force Threat Intelligence Quarterly

Free Your Mind From Hacker Tropes

My favorite part about movies and television that use these “omnipotent hacker” tropes is that the hacker will often meet his downfall because he made a dumb mistake, like not obfuscating his IP address, either because he didn’t know how or simply forgot to do it. Perhaps his shades and coat are too tight and cut off circulation to his brain?

It’s time we stop focusing on “The One” and recognize “The Multitude.” The evolution of collaborative cybercrime necessitates collaborative defense, and as security practitioners and vendors, our skills and defenses can grow through tools like a threat intelligence sharing platform. Organizing and collaborating on threat intelligence akin to the collective hive mind that attackers use can help us dodge the bullet of targeted attacks.

More from X-Force

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…