Hacking From The Inside: A Report From The Black Hat Conference

What do hackers want, and how do they go about getting it?

Those questions were answered — by hackers themselves — in a survey conducted by Thycotic at this year’s Black Hat Conference in Las Vegas.   

Of 250 hackers polled, 32% said that accessing privileged accounts was the easiest and fastest way to get at sensitive data.

The second most effective route to data, cited by 27%, was access to user email accounts. This was followed by access to a user’s endpoint (i.e., laptop or desktop). Another 9% prefer access to a network, and 7% prefer access to a server. Finally, 3% specified access to an application and 2% to “other.”

Who is to blame for data breaches?

An overwhelming majority — 85% — said humans. In contrast, only 10% cited unpatched software, and 5% listed not enough security software. 

And what are humans are doing wrong? Most suffer from cyber fatigue, a condition in which they fail to follow proper security hygiene practices, the study states.  

For example, 35% blame the need to remember passwords as the top reason for cyber security fatigue.

Another 30% pin it on information overload, and 20% on never ending software updates. Finally, 15% attributed fatigue to living under constant cyber security threats.

Meanwhile, 75% said perimeter security firewalls are “irrelevant or obsolete,” the study continues. Multi-factor authentication and encryption appear to be the comers, with 38% saying authentication is the toughest hacker obstacle. And 32% say encryption.   

Here’s another way of looking at it. Here are the least effective anti-hacking tools:

  • Anti-virus, anti-malware — 43%
  • Firewall — 29%
  • Intrusion prevention system — 10%
  • Other — 8%
  • Multi-factor authentication — 6%
  • Encryption — 4%

See? Multi-factor authentication and encryption come in last.

What about threat intelligence solutions?

Forget them, the hackers say. They’re also accessible to hackers, and are easy to identify. They are ranked near the bottom with reputation feeds and education/awareness.

So who are these hackers? Are they all evil?

Not really. Of those surveyed, 51% call themselves white hat hackers, who use their skills for good. Another 34% call themselves gray hat hackers, who do both good and bad. And 15% admitted that they are Black Hat hackers who “break into computer systems and networks with malicious intent,” the study states.



Next story loading loading..