Seeing Signs of Network Compromise? The Guardians of Cybersecurity Can Help

Bug bounties are to the internet what wanted posters were to the Wild West. Companies like Google, Facebook, Microsoft, and government offices like the U.S. Department of Defense have been enlisting professional “white hats” (also “ethical hackers” or “security researchers,” sometimes “penetration testers”) to find weaknesses in their defenses — with hefty cash rewards for those who find them (see appendix at end).

White hats – the guardians of cybersecurity — help you find the vulnerabilities in your systems and networks before the black hats do. If a malicious user compromises your network, you may not know for 60 months. That’s the average time until a business becomes aware that a hacker has been in its network. And many serious problems for your business can occur during and after that time. While big companies like Equifax, Maersk, and Target have become victims of cyberattacks and recovered, small to medium-sized businesses hit by hackers may not survive. SMBs may not have the necessary resources and staff to recover fully.

Knowing the danger, you must hire a white hat hacker, or penetration tester, to get you ready, if not in-house, then as a consultant.

Who’s Knocking On Your Network’s Door?

While there is some amount of protest with classifying hackers by the terms white hat, black hat, and grey hat, they have become helpful classifications:

Who Are The Black Hats?

Black hats are generally the problem. These “threat actors” work for self-interest, stealing data or wreaking havoc. These malicious hackers infiltrate your network, exfiltrate your data, or hold you and your data for ransom. Sub-groups are:

Script kiddies: these hackers are derogatorily named because they are using pre-built tools or malware to attack your business without much knowledge of what they are doing. Chinese script kiddies have a massive market for online game items (products earned and bought) in their homeland, so they buy and sell these collectibles, including stealing and selling them as a 9-to-5 day job. Some have a higher skill level and knowledge of evading antivirus software, which have become essential skills. Others can be mere thrill seekers.

Bot herders: These threat actors buy malware generators, distributing mechanisms, or zombies (infected computers) from online black markets and other sources. They can use these services to steal credit card information, send spam emails, or attack online entities with distributed denial of service and other attacks (see types in the glossary below). The skill level of these hackers is close to that of script kiddies; only these “skiddies” know how to script (program).

Insiders and suicide hackers: these are employees or vendors with your company. Suicide hackers are people who may have been terminated or resigned but want to cause damage to your company.

Advanced persistent threats (APT): Not much is known about these organized and meticulous attackers. Money and time are not obstacles, and they are skilled in their actions and methods. They also tend to use zero-day or unknown attack vectors with a lot of technical savvy.

[I have not included here threat actors from nation-states (sometimes a type of APTs), hacktivists (who hack targets for political or social reasons), and cyber terrorists (who hack government infrastructure like water and power with intent to destroy).]

Who Are The Grey Hats?

Grey hats break into systems without permission, but though they could sell vulnerability details to a company for a profit, they generally do not utilize or steal data. These hackers usually inform company system administrators about system flaws. Their actions are sometimes legal but sometimes illegal. They possess skills similar to white hats but may engage in legally and ethically questionable activities. Organizations may hire them to help them improve their security.

Who Are The White Hats?

Thankfully, we have the “good guys,” the white hats. Also known as ethical hackers, they work for a company either in-house or consulting as penetration testers. Penetration testing is defined as a hacking engagement governed by written permission. White hats also do not release information about the systems they probe until the company or vendor has developed and released a fix for the vulnerability. White hats are knowledgeable about networking, programming, and system vulnerabilities that are commonly known and typically program their cracking tools.

White hat hackers operate from a distance. They use their skills to identify vulnerabilities and weaknesses in an organization’s systems, networks, and applications. They are contracted to help the organization fix its vulnerabilities and improve its overall cybersecurity posture. To help you stay one step ahead of cyber threat actors, they simulate attacks on an organization’s systems, networks, and applications and then make recommendations for mitigation. Again, importantly, contracts with the white hats must be written and adhere to applicable law. White hats cannot use their skills for personal gain or to harm others. If you wish to enlist an ethical hacker, they usually hold certifications such as Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP).

What Are The Signs That A Malicious Hacker Is In Your Network?

Are you already seeing strange computer, network, or application behavior at your business? You may see some common signs of a potential network intrusion:

– Has there been a sudden increase in data volume, unexpected connections, or unusual communication patterns?

– Have systems slowed down, crashed, or become unavailable?

– Have there been repeated or suspicious login attempts, especially those involving incorrect passwords or attempts to access restricted areas?

– Have you encountered stolen credentials (usernames and passwords)?

– Have there been changes to user account privileges, the creation of new accounts, or unauthorized modifications to existing accounts?

– Have there been unexpected changes to system configurations, file permissions, or the installation of new software?

– Have user activities deviated from established patterns, such as accessing unusual files, performing unauthorized actions, or unusual login times?

– Have your files been accessed, including confidential, copyrighted, or sensitive data?

– Has there been unusual outbound connections, especially to known malicious IP addresses or domains?

– Are there abnormal processes running on systems, especially those with no legitimate business purpose?

– Are there alerts generated by your Intrusion Detection System or Intrusion Prevention System, including signatures of known attack patterns or anomalies in network behavior?

– Have there been changes to critical files or unauthorized access to sensitive data?

– Has malware been installed on your devices?

– Have there been unexplained connections to external systems, especially those outside the norm of regular business operations?

– Has there been an increase in phishing emails or social engineering attempts targeting employees?

– Has there been many failed authentication attempts, especially across multiple systems?

– Has there been indications of privilege escalations or attempts to cover tracks in the system logs?

– Has there been unexpected open ports or services on systems?

What Are The Signs That A Malicious Hacker Is In Your Wi-Fi?

Suppose you think you are dealing with an intruder or malicious insider in your building (or a “war driver” outside your business) Wi-Fi. You may see signs of connected devices (including multimedia devices like TVs) you do not recognize in that case. You may even find rogue Wi-Fi routers in your business.

These network and Wi-Fi intrusion signs require an expert to assist you in discovery and mitigation.

How Can White Hats Help My Business?

Enlisting the help of an ethical hacker can improve your cybersecurity posture through:

Vulnerability assessments: White hats identify weaknesses in your systems, networks, and applications, helping you prioritize and address potential security risks.

Penetration testing: White hats perform controlled and authorized penetration testing to simulate real-world cyberattacks on your business, enabling you to identify and address vulnerabilities before threat actors can exploit them.

Security Audits: White hats conduct comprehensive security audits to assess your organization’s security posture, including evaluating your security policies, procedures, and compliance with industry regulations.

Security Awareness Training: White hats provide employee training, a critical area for cybersecurity best practices. Employees should be aware of the risks of phishing, social engineering, and other common attack vectors. White hats can help inform employees about the latest cybersecurity threats and best practices.

Incident Response Planning: White hats assist in creating and testing incident response plans. In the event of a security incident, you’ll be ready with predetermined procedures to follow, minimizing downtime and facilitating a swift and effective response. White hats can assist in the postmortem analysis of security incidents and provide recommendations for improvements.

Policy Development: White hats can help your organization by developing and refining security policies and procedures. Your company will be ahead in the game with guidelines that cover password management, access controls, and other essential security practices.

Encryption Implementation: White hats can help implement encryption for sensitive data in use, in transit, and at rest. They can ensure that encryption protocols are correctly configured to protect your data effectively.

Secure Development Practices: If you have programming team members, white hats can assist them with secure coding practices that will prevent vulnerabilities in software applications that threat actors could exploit.

Network Security Enhancement: White hats can evaluate, enhance, and strengthen your network security infrastructure, including your firewall settings, intrusion detection or prevention systems, and secure Wi-Fi (see Wi-Fi below) configurations.

Cloud Security Assessment: If you have any cloud deployment, white hats can assess the security of your cloud-based services and platforms, including ensuring that your cloud configurations align with security best practices and are appropriately protected.

Mobile Security Assessment: White hats evaluate the security of your BYOD, CYOD, and other business mobile devices, such as smartphones and tablets. They can ensure that security measures, such as mobile device management (MDM), are effectively implemented.

Regulatory Compliance Assistance: White hats can ensure that your business is aware of and compliant with relevant data protection regulations and industry-specific compliance standards.

Continuous Monitoring and Support: White hats can provide ongoing support and monitoring to help your business adapt to evolving cyber threats.

More And More Companies Are Hiring White Hats

You can see the benefits. Whether in-house or contracted, demand for company-hired ethical hackers is exploding (see appendix on bug bounties).

HackerOne, a leader in “Attack Resistance Management” (ARM), said that the 12 months from December 2021 to December 2022 showed that it is impossible for automated penetration tests to replace all human expertise. 92% of hackers said they can reach parts of systems that automation cannot.

Suppose you have incomplete visibility of your IT assets, insufficient testing, and a lack of a human tester. In that case, HackerOne has determined that you are only covering, at best, between 50% and 60% of your possible attack surface.

At some point, you will need a human hacker if you want your company to be ready for an attack.

Conclusion: Cyberattacks Are Evolving

Having a certified expert on your side is essential when discussing cybersecurity. An SMB should consider hiring an ethical hacker to identify and address potential vulnerabilities in your digital infrastructure proactively. White hat hackers use their expertise to conduct controlled assessments, such as penetration testing and vulnerability assessments, to simulate real-world cyber threats.

Ethical hackers help fortify an SMB’s defenses, enhance its cybersecurity posture, and protect sensitive data by uncovering and mitigating security weaknesses before malicious actors can exploit them. This proactive approach not only strengthens security measures but can also save the business from the potential financial and reputational costs associated with data breaches and cyberattacks, ensuring a more resilient and secure digital environment for the organization.

White hat hackers can help you see the vulnerabilities you didn’t know existed and keep you up-to-date on threat resources for your market. An expert cybersecurity provider can prepare you to meet your enemies and insider threats head-on.

APPENDIX: Bug Bounty Examples

HackerOne, a leader in “Attack Resistance Management” (ARM), has paid over $300 million in bug bounties to ethical hackers since its inception in 2012. The company saw a 45% increase in organizations spending on its ethical hacker programs in 2022. HackerOne aims to “[o]utmatch cybercriminals with a legion of ethical hackers who work for you to protect your attack surface continuously.” In 2022, HackerOne’s experts discovered more than 65,000 customer software vulnerabilities, up 21% from 2021, and remedied more than 120,000, including misconfiguration vulnerabilities, which grew by 150%, and improper authorization vulnerabilities, which grew by 45%.

In early 2022, an ethical hacker named ‘satya0x’ discovered a vulnerability in cryptocurrency platform Wormhole that paid $10 million. On October 31, 2023, Yahoo! launched its new bug bounty program that allows white hats to submit bugs and receive rewards between $250 and $15,000. The more severe the weakness that is discovered, the larger the payout. Google recently delivered a record-breaking $12 million in bug bounties. Submissions that Google found adherent to the guidelines would be eligible for rewards ranging from $500 to $3,133.70. Safe Bug Bounty program allows participants to earn up to $1,000,000 for every bug they report. Some bug bounty platforms are YesWeHack, Open Bug Bounty, Hackerone, Bugcrowd, Intigriti, Synack, SecureBug, Hackenproof, SafeHats, and Bugbounter.

GLOSSARY: What Methods And Tools Can Black, Grey, Or White Hats Use?

A threat is the actual method or tool the attacker uses against your business. Here are a few of the more prominent ones:

Phishing, spearphishing, vishing, whaling, smishing, watering holes: These are variations of phishing and social engineering.

Ransomware, viruses, trojans, worms, rootkits or other exploit kits, spyware, and adware: These are types of malicious software the hacker can install to compromise a system or network or to access your business data; this list is not exhaustive.

Distributed denial of service: The hacker floods a system with so many requests for services that the system crashes and becomes inaccessible.

SQL injection and cross-site request forgery: These are two types of attacks on vulnerable websites to access data or interrupt a user’s session.

Man-in-the-middle attack: The hacker intercepts another user’s information and uses it to access the system the user is using.

Zero-day exploit: A previously unknown vulnerability for which there is no immediate mitigation.

Backdoors: Entry point to a system or network a business had no awareness of.