Threat Intelligence

8/8/2018
11:55 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

White Hat to Black Hat: What Motivates the Switch to Cybercrime

Almost one in 10 security pros in the US have considered black hat work, and experts believe many dabble in criminal activity for financial gain or employer retaliation.

A new report aims to shed light on what motivates security professionals to choose to become black hats over white hats as part of a broader study on the overall cost of cybercrime. 

To learn more about the organizational cost of cyberattacks and what lures hackers to the "dark side," Malwarebytes and Osterman Research polled 200 security pros between May and June 2018. They found security-related costs are enormous and growing, partly due to a spike in breaches and partly due to a proportion of industry experts donning "gray hats" and dabbling in cybercrime for money.

The cost of crime can be broken into three parts: budgeted costs for security infrastructure, services, and labor; off-budget costs related to major security incidents; and handling the cost of insider breaches. An organization with 2,500 employees can spend about $1.9 million on security, according to the new report, "White Hat, Black Hat and the Emergence of the Gray Hat: The True Costs of Cybercrime."

It's little surprise to learn most organizations in the US have suffered some type of security breach in the 12 months preceding the survey. Phishing was the most common, though respondents also listed adware/spyware, spearphishing, and adware. Organizations reported an average of 1.8 "major" attacks — or those that lead to significant operational disruption or shutdown — during 2017. 

Midmarket companies, which usually have 500 to 1,000 employees, are hit hardest. Small businesses don't have a wealth of valuable data, while large ones have ramped up their defenses. Those in the middle are hit with more attacks than their smaller counterparts and have similar rates of attack as larger enterprises; however, they have fewer resources to defend themselves and less staff to combat threats. 

"Midsize businesses are the perfect target if you're a cybercriminal," explains Malwarebytes intelligence director Adam Kujawa.

It's tough to stay safe when security is expensive. The average starting salary for an entry-level security pro in the US is $65,578, slightly above the global average of $60,662. Top security professionals in the US make an average of $133,422, the second highest salary among nations surveyed. One of the biggest costs to organizations, in addition to hiring talent, is retaining it.

But is it enough to keep security experts away from cybercrime? More than half of respondents said they know, or have known, someone who has engaged in black hat activity, the highest rate among the five nations polled. Twenty-two percent have been approached to participate in cybercrime; 8% considered it.

Researchers asked about the willingness of respondents' co-workers to become gray hats, or folks who maintain their roles as security professionals while becoming a black hat hacker on the side. Those in the US think 5.1% of their infosec colleagues are gray hats; in the UK, 7.9% of security pros believe their colleagues to be gray hats. 

Most people in security think cybercrime is more lucrative and easier to enter than white hat security roles, according to the report. Nearly three in five security pros in the US said they think people become black hats because it's more financially rewarding than becoming a security professional. More than half think it's to retaliate against an employer, and half think black hats are driven by "some sort of cause of philosophical reason." 

Security pros in the US are most likely to think employer retaliation is the driver, with more than half (53.3%) reporting that as the reason, compared with the global average of 39.7%. Malicious insiders are harder to find and have the potential to cause deeper damage than external attackers.

"That's a very expensive attack," Kujawa points out. "The value of the data is probably more than what a regular cybercriminal could gather or accomplish." Further, the company loses its trust in network infrastructure, which requires more work to address than securing the doors against outside threats. "Cybercrime is more available to everybody than it ever has been," he adds.

Survey respondents believe these days it's easier for anyone to wear a black hat. "One of the big lures we got from the survey is a lot of global midmarket companies suggest it's easier to get into cybercrime without getting caught," Kujawa says.

Related Content:

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
hackercombat
50%
50%
hackercombat,
User Rank: Apprentice
8/13/2018 | 6:28:31 AM
Informative Post
Most of the cyber attackers used Balck Hat method. 
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Compliance and Risk Management Officer, AvePoint, Inc,  8/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12579
PUBLISHED: 2018-08-20
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attac...
CVE-2018-14020
PUBLISHED: 2018-08-20
An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID eShop. An attacker can bypass delivery-address change detection if the payment module doesn't use eShop's checkout procedure properly. To do so, the attacker must change the delivery address to one tha...
CVE-2018-14023
PUBLISHED: 2018-08-20
Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.
CVE-2018-1394
PUBLISHED: 2018-08-20
Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138425.
CVE-2018-1517
PUBLISHED: 2018-08-20
A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681.