It’s not uncommon to see a hacker in a movie or a television show sitting in a dark basement, frantically typing as he or she simultaneously transfers money from the largest bank in the world, changes traffic lights from green to red to stop the good guys, raises the temperature on a nuclear core and turns off life support for a key character’s beloved family member — all in a 10-minute span. That’s quite a lot of skills for one person to possess and execute in such a short period.

What If I Told You Hoodies Are Passé?

Let’s put a pin in the potential time dilation and address the fact that the movie hacker is probably wearing a hoodie. In more extreme movies, hackers wear badass leather trench coats, don dark shades and have hip handles like “Cho$3n0ne.”

Recent reports show that 80 percent of cyberattacks are driven by organized crime. While there are still mischievous lone wolves, the evolution of malware into toolkits or even ransomware-as-a-service, as reported in the latest “IBM X-Force Threat Intelligence Quarterly,” means that collaboration is the new modus operandi for attacks on corporate networks. And although these groups are meeting online in the Dark Web, they are also showing up to an office, working on projects and maybe even sitting in a drab gray cubicle.

There Is No Spoon

Let’s get back to that time dilation point. There is every chance that attackers have spent their lives developing skills that enable them to write code that penetrates networks in all sorts of creative ways. Of course, attacks could also be executed by script kiddies with an exploit kit purchased off the Dark Web. What television and movies often get wrong, however, is the amount of time it takes to execute a complicated attack and get results.

On a good day, I can boot up my computer and log into all my corporate systems in the time it takes to brew a pot of coffee, doctor my cup with cream and sugar and wash the spoon. In that light, being able to affect a multitude of disconnected systems ranging from banking software to elderly SCADA systems in a 10-minute span is about as realistic as learning kung fu by uploading the skills directly to your brain.

Even if systems could be affected in near-instant time, the more successful attackers take their time to be stealthy and tiptoe through networks, leaving malware in place and undiscovered for up to 225 days, according to some sources. Imagine how many spoons you could wash while the malware lies dormant in your network!

The more data they can siphon out over that longer period, the more hackers maximize their return on investment in developing or buying the malware toolkit. As cybercrime rings are organizing and operating like businesses, the long game makes better business sense.

Download the Q3 2015 IBM X-Force Threat Intelligence Quarterly

Free Your Mind From Hacker Tropes

My favorite part about movies and television that use these “omnipotent hacker” tropes is that the hacker will often meet his downfall because he made a dumb mistake, like not obfuscating his IP address, either because he didn’t know how or simply forgot to do it. Perhaps his shades and coat are too tight and cut off circulation to his brain?

It’s time we stop focusing on “The One” and recognize “The Multitude.” The evolution of collaborative cybercrime necessitates collaborative defense, and as security practitioners and vendors, our skills and defenses can grow through tools like a threat intelligence sharing platform. Organizing and collaborating on threat intelligence akin to the collective hive mind that attackers use can help us dodge the bullet of targeted attacks.

more from Threat Research

Hive0117 Continues Fileless Malware Delivery in Eastern Europe

Through continued research into the ongoing cyber activity throughout Eastern Europe, IBM Security X-Force identified a phishing email campaign by Hive0117, likely a financially motivated cybercriminal group, from February 2022, designed to deliver the fileless malware variant dubbed DarkWatchman. The campaign masquerades as official communications from the Russian Government’s Federal Bailiffs Service, the Russian-language emails […]