[ad_1]
If you asked some of the industry’s top cybersecurity leaders about their list of concerns, you might not expect bored teenagers to be top of mind. But in recent years, this entirely new generation of money-driven cybercriminals has caused some of the largest hacks in history and shows no sign of slowing down.
Learn about “advanced persistent teens,” such as It’s called by Security community. These are skilled and financially motivated hackers, such as Lapsus$ and Scattered spiderwhich has proven its ability to break into hotel chains, casinos and technology giants digitally. By using methods that rely on credible email lures and disguised phone calls posing as a company help desk, these hackers can trick unsuspecting employees into giving up company passwords or network access.
These attacks are highly effective, have caused massive data breaches affecting millions of people, and resulted in huge ransom payments to keep hackers at bay. Demonstrating hacking capabilities that were previously limited to a few countries, the threat posed by bored teenagers has prompted many companies to wake up to the fact that they do not know whether employees on their networks are really who they say they are, or not in reality. Hidden hacker.
In the view of two leading security experts, have we underestimated the threat posed by bored teenagers?
“It probably won’t last much longer,” Darren Gruber, a technical advisor in the security and trust office at database giant MongoDB, said during an on-stage panel at TechCrunch Disrupt on Tuesday. “They don’t feel threatened, they may not be in U.S. jurisdictions, and they tend to be very technical and learn these things in different places,” Gruber said.
Additionally, the main automatic advantage is that these threat groups also have a lot of time on their hands.
“It’s a different motivation than the traditional adversaries that companies see,” Gruber told the audience.
Gruber has first-hand experience dealing with some of these threats. MongoDB suffered a break-in at the end of 2023 that resulted in some metadata being stolen, such as customer contact information, but no evidence of access to customer systems or databases. The breach was limited by all accounts, and Gruber said the attack was consistent with tactics used by Scattered Spider. He said the attackers used a phishing lure to gain access to MongoDB’s internal network as if they were employees.
Having this attribution can help network defenders defend against future attacks, Gruber said. “It helps to know who you’re dealing with,” he said.
Heather Gant Evans, chief information security officer at fintech card issuing giant Marketa, who spoke alongside Gruber at TechCrunch Disrupt, told the audience that the motivations of these emerging threat groups of teens and young adults are “incredibly unpredictable,” but The tactics and techniques were not particularly advanced, such as sending phishing emails and tricking employees at phone companies into transferring someone’s phone number.
“The trend we’re seeing is around insider threat,” Gantt Evans said. “It is much easier to manipulate your way through someone than it is to hack them with sophisticated malware and exploit vulnerabilities, and they will continue to do so.”
“Some of the biggest threats we’re looking at now are identity-related, and there are a lot of questions around social engineering,” Gruber said.
He said the attack surface is not just limited to email or text message phishing, but any system that interacts with your employees or customers. That’s why identity and access management is a top priority for companies like MongoDB to ensure that only employees have access to the network.
Gant Evans said that these are all “human element” attacks, and that in addition to the hackers’ often unpredictable motivations, “we have a lot to learn from them,” including the neurologically divergent ways in which some of these young hackers think and operate.
“They don’t care that you’re not good at a blender,” Gant Evans said. “We in cybersecurity need to do a better job of embracing neurotalent as well.”
[ad_2]