Threat Intelligence

8/8/2018
11:55 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

White Hat to Black Hat: What Motivates the Switch to Cybercrime

Almost one in 10 security pros in the US have considered black hat work, and experts believe many dabble in criminal activity for financial gain or employer retaliation.

A new report aims to shed light on what motivates security professionals to choose to become black hats over white hats as part of a broader study on the overall cost of cybercrime. 

To learn more about the organizational cost of cyberattacks and what lures hackers to the "dark side," Malwarebytes and Osterman Research polled 200 security pros between May and June 2018. They found security-related costs are enormous and growing, partly due to a spike in breaches and partly due to a proportion of industry experts donning "gray hats" and dabbling in cybercrime for money.

The cost of crime can be broken into three parts: budgeted costs for security infrastructure, services, and labor; off-budget costs related to major security incidents; and handling the cost of insider breaches. An organization with 2,500 employees can spend about $1.9 million on security, according to the new report, "White Hat, Black Hat and the Emergence of the Gray Hat: The True Costs of Cybercrime."

It's little surprise to learn most organizations in the US have suffered some type of security breach in the 12 months preceding the survey. Phishing was the most common, though respondents also listed adware/spyware, spearphishing, and adware. Organizations reported an average of 1.8 "major" attacks — or those that lead to significant operational disruption or shutdown — during 2017. 

Midmarket companies, which usually have 500 to 1,000 employees, are hit hardest. Small businesses don't have a wealth of valuable data, while large ones have ramped up their defenses. Those in the middle are hit with more attacks than their smaller counterparts and have similar rates of attack as larger enterprises; however, they have fewer resources to defend themselves and less staff to combat threats. 

"Midsize businesses are the perfect target if you're a cybercriminal," explains Malwarebytes intelligence director Adam Kujawa.

It's tough to stay safe when security is expensive. The average starting salary for an entry-level security pro in the US is $65,578, slightly above the global average of $60,662. Top security professionals in the US make an average of $133,422, the second highest salary among nations surveyed. One of the biggest costs to organizations, in addition to hiring talent, is retaining it.

But is it enough to keep security experts away from cybercrime? More than half of respondents said they know, or have known, someone who has engaged in black hat activity, the highest rate among the five nations polled. Twenty-two percent have been approached to participate in cybercrime; 8% considered it.

Researchers asked about the willingness of respondents' co-workers to become gray hats, or folks who maintain their roles as security professionals while becoming a black hat hacker on the side. Those in the US think 5.1% of their infosec colleagues are gray hats; in the UK, 7.9% of security pros believe their colleagues to be gray hats. 

Most people in security think cybercrime is more lucrative and easier to enter than white hat security roles, according to the report. Nearly three in five security pros in the US said they think people become black hats because it's more financially rewarding than becoming a security professional. More than half think it's to retaliate against an employer, and half think black hats are driven by "some sort of cause of philosophical reason." 

Security pros in the US are most likely to think employer retaliation is the driver, with more than half (53.3%) reporting that as the reason, compared with the global average of 39.7%. Malicious insiders are harder to find and have the potential to cause deeper damage than external attackers.

"That's a very expensive attack," Kujawa points out. "The value of the data is probably more than what a regular cybercriminal could gather or accomplish." Further, the company loses its trust in network infrastructure, which requires more work to address than securing the doors against outside threats. "Cybercrime is more available to everybody than it ever has been," he adds.

Survey respondents believe these days it's easier for anyone to wear a black hat. "One of the big lures we got from the survey is a lot of global midmarket companies suggest it's easier to get into cybercrime without getting caught," Kujawa says.

Related Content:

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
hackercombat
50%
50%
hackercombat,
User Rank: Apprentice
8/13/2018 | 6:28:31 AM
Informative Post
Most of the cyber attackers used Balck Hat method. 
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
PGA of America Struck By Ransomware
Dark Reading Staff 8/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Now about that mortgage refinance offer from Wells Fargo .....
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6970
PUBLISHED: 2018-08-13
VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privil...
CVE-2018-14781
PUBLISHED: 2018-08-13
Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the "easy bolus" and "remote bolu...
CVE-2018-15123
PUBLISHED: 2018-08-13
Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home.
CVE-2018-15124
PUBLISHED: 2018-08-13
Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device.
CVE-2018-15125
PUBLISHED: 2018-08-13
Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface.