Inside the mind of the enemy – understanding leads to prevention

17 Dec Read more blog posts

Inside of the mind of the enemy

A Cyber Criminal profile is essential in order to learn how attackers think, what motivates them and how they work. Hackers or cyber criminals are intelligent, highly skilled and usually very resourceful, making it difficult but not impossible to catch or anticipate them. Understanding the enemy is the first tool used when fighting against them and cyber deception plays an important role.

Cyber crimes are based on exploring new ways of intrusion, new vulnerabilities and not getting detected, so often organizations aren’t even aware they have been compromised. As our world gets more and more connected, companies large and small have more and more doors open to attacks, are exposed to an infinite amount of highly complex threats that can affect and compromise a large variety of assets. Using an innovative approach and knowing how the enemy operates, their techniques and their profiles is the key to fighting against them.

The Cyber Criminal Profile

But what are these criminals like? Based on Rashmi Saroha´s report Profiling a Cyber Criminal1 the characteristics of the cyber criminals can be divided into 4 groups; technical know-how, personal traits, social characteristics and motivating factors. For this report, Saroha asked 20 Psychology and Sociology students to describe the personality and characteristics of cyber criminals. The resulting words that describe these types of criminals are: sharp, well-trained, strategic planners, resourceful, passionate, determined, marginalized, seeking monetary gain, greedy, strong political beliefs, intolerant and control-freak, among others.

We know our adversaries are smart, determined, highly technical and resourceful, but how can we use what we know to learn their individual style and objectives? In the Cybercrime Psychology – Proposal of an Offender Psychological Profile Report2, Jakub Lickiewicz said that a specific characteristic of cyber crimes is “a scene of crime without a scene of crime.”

Lickiewicz´s study explains that there are different factors that have an influence on the cyber criminals, such as; biological factors, external environment, intelligence, personality, and social or technical skills.

Figure 1: Theoretical model profile of a hacker (Lickiewicz, 2011).
*Click to enlarge image.*

According to Solomia Fedushko, from Lviv Polytechnic National University; and Natalia Bardyn from the Ministry of Internal Affairs of Ukraine3, typical motives to commit a cybercrime are:


● Striving to demonstrate courage, bravery and firmness

● Absurd and dead earnest that is expressed in a reckless, socially dangerous act

● Selfish attitude toward the harassment subject


Meanwhile, reports show that there are varying motivating factors for different criminals and they should be considered when designing cyber security strategies. Three of the most common motivating factors are: hackers and mafias motivated by financial gain and quick profits, ‘hacktivists’ who have strong political motivation and cyber criminals or networks of government-sponsored hackers who carry out cyber warfare.

The networks grant criminal’s anonymity, which does not however prevent their modus operandi, motivation and signature from being recognizable.

Computer crimes are often serial crimes, so, with the right cybersecurity tools and team with the ability to identify and understand the profiles and behavior, it is possible to determine the profile of the offender or the threat actor, as some cyber criminals have their own techniques and procedures.

How Can Cyber Deception Technology Help Identify Threat Actors?

Cyber Deception technology and playing the same rules of the game as the adversaries currently stands out as a powerful approach to dealing with them and getting to know their intentions.

Although the identification of a threat actor is complicated, using sophisticated cyber deception techniques can help threat hunters create profiles of cyber attacks and gather as much information as possible about them while manipulating their surrounding environment and controlling what they have access to. Organizations are thus able to know what kind of threats they are facing, and how to improve their security.

For Charles Fowler, former Chairman of the Defense Science Board of the US and Robert Nesbit, Former Sr. Vice President of the Center for Integrated Intelligence Systems (CIIS) at the Mitre Corporation; deception should have realistic timing and duration, be integrated within the operation, provide the concealment of true intentions, and be tailored to the needs of the setting. It also requires a degree of creativity and imagination to anticipate the cybercriminal.4 This is exactly what we do at CounterCraft and what our solution detect, respond to and get insights about your adversaries.

High-end Cyber Deception technology can be an ally for your organization when dealing with different kinds of adversaries. So, why not give it a try in 2020?

Sources:

1- Profiling a Cyber Criminal (Saroha, Rashmi; 2014)

2- Cyber Crime Psychology – proposal of an offender psychological profile (Lickiewicz, Jakub; 2011)

3- Algorithm of the Cybercriminal Identification (Fedushko, Solomia and Bardyn, Natalia; 2013)

4- Demystifying Deception Technology: A Survey (Multiple Authors,2018)

Like Jim Morrison said, this is the end. But you can...