Know Thy Hacker
December 10, 2015
Writer Alastair Paterson at SecurityWeek suggests that corporations and organizations prepare their defenses by turning a hacking technique against the hackers in, “Using an Attacker’s ‘Shadow’ to Your Advantage.” The article explains:
“A ‘digital shadow’ is a subset of a digital footprint and consists of exposed personal, technical or organizational information that is often highly confidential, sensitive or proprietary. Adversaries can exploit these digital shadows to reveal weak points in an organization and launch targeted attacks. This is not necessarily a bad thing, though. Some digital shadows can prove advantageous to your organization; the digital shadows of your attackers. The adversary also casts a shadow similar to that of private and public corporations. These ‘shadows’ can be used to better understand the threat you face. This includes attacker patterns, motives, attempted threat vectors, and activities. Armed with this enhanced understanding, organizations are better able to assess and align their security postures.”
Paterson observes that one need not delve into the Dark Web to discern these patterns, particularly when the potential attacker is a “hactivist” (though one can find information there, too, if one is so bold). Rather, hactivists often use social media to chronicle their goals and activities. Monitoring these sources can give a company clues about upcoming attacks through records like target lists, responsibility claims, and discussions on new hacking techniques. Keeping an eye on such activity can help companies build appropriate defenses.
Cynthia Murrell, December 10, 2015