Threat Intelligence

8/8/2018
11:55 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

White Hat to Black Hat: What Motivates the Switch to Cybercrime

Almost one in 10 security pros in the US have considered black hat work, and experts believe many dabble in criminal activity for financial gain or employer retaliation.

A new report aims to shed light on what motivates security professionals to choose to become black hats over white hats as part of a broader study on the overall cost of cybercrime. 

To learn more about the organizational cost of cyberattacks and what lures hackers to the "dark side," Malwarebytes and Osterman Research polled 200 security pros between May and June 2018. They found security-related costs are enormous and growing, partly due to a spike in breaches and partly due to a proportion of industry experts donning "gray hats" and dabbling in cybercrime for money.

The cost of crime can be broken into three parts: budgeted costs for security infrastructure, services, and labor; off-budget costs related to major security incidents; and handling the cost of insider breaches. An organization with 2,500 employees can spend about $1.9 million on security, according to the new report, "White Hat, Black Hat and the Emergence of the Gray Hat: The True Costs of Cybercrime."

It's little surprise to learn most organizations in the US have suffered some type of security breach in the 12 months preceding the survey. Phishing was the most common, though respondents also listed adware/spyware, spearphishing, and adware. Organizations reported an average of 1.8 "major" attacks — or those that lead to significant operational disruption or shutdown — during 2017. 

Midmarket companies, which usually have 500 to 1,000 employees, are hit hardest. Small businesses don't have a wealth of valuable data, while large ones have ramped up their defenses. Those in the middle are hit with more attacks than their smaller counterparts and have similar rates of attack as larger enterprises; however, they have fewer resources to defend themselves and less staff to combat threats. 

"Midsize businesses are the perfect target if you're a cybercriminal," explains Malwarebytes intelligence director Adam Kujawa.

It's tough to stay safe when security is expensive. The average starting salary for an entry-level security pro in the US is $65,578, slightly above the global average of $60,662. Top security professionals in the US make an average of $133,422, the second highest salary among nations surveyed. One of the biggest costs to organizations, in addition to hiring talent, is retaining it.

But is it enough to keep security experts away from cybercrime? More than half of respondents said they know, or have known, someone who has engaged in black hat activity, the highest rate among the five nations polled. Twenty-two percent have been approached to participate in cybercrime; 8% considered it.

Researchers asked about the willingness of respondents' co-workers to become gray hats, or folks who maintain their roles as security professionals while becoming a black hat hacker on the side. Those in the US think 5.1% of their infosec colleagues are gray hats; in the UK, 7.9% of security pros believe their colleagues to be gray hats. 

Most people in security think cybercrime is more lucrative and easier to enter than white hat security roles, according to the report. Nearly three in five security pros in the US said they think people become black hats because it's more financially rewarding than becoming a security professional. More than half think it's to retaliate against an employer, and half think black hats are driven by "some sort of cause of philosophical reason." 

Security pros in the US are most likely to think employer retaliation is the driver, with more than half (53.3%) reporting that as the reason, compared with the global average of 39.7%. Malicious insiders are harder to find and have the potential to cause deeper damage than external attackers.

"That's a very expensive attack," Kujawa points out. "The value of the data is probably more than what a regular cybercriminal could gather or accomplish." Further, the company loses its trust in network infrastructure, which requires more work to address than securing the doors against outside threats. "Cybercrime is more available to everybody than it ever has been," he adds.

Survey respondents believe these days it's easier for anyone to wear a black hat. "One of the big lures we got from the survey is a lot of global midmarket companies suggest it's easier to get into cybercrime without getting caught," Kujawa says.

Related Content:

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
hackercombat
50%
50%
hackercombat,
User Rank: Apprentice
8/13/2018 | 6:28:31 AM
Informative Post
Most of the cyber attackers used Balck Hat method. 
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-6461
PUBLISHED: 2019-03-21
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result i...
CVE-2015-6462
PUBLISHED: 2019-03-21
Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, ...
CVE-2018-13798
PUBLISHED: 2019-03-21
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a D...
CVE-2019-5490
PUBLISHED: 2019-03-21
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed...
CVE-2019-8997
PUBLISHED: 2019-03-21
An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted X...