Threat Intelligence

8/8/2018
11:55 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

White Hat to Black Hat: What Motivates the Switch to Cybercrime

Almost one in 10 security pros in the US have considered black hat work, and experts believe many dabble in criminal activity for financial gain or employer retaliation.

A new report aims to shed light on what motivates security professionals to choose to become black hats over white hats as part of a broader study on the overall cost of cybercrime. 

To learn more about the organizational cost of cyberattacks and what lures hackers to the "dark side," Malwarebytes and Osterman Research polled 200 security pros between May and June 2018. They found security-related costs are enormous and growing, partly due to a spike in breaches and partly due to a proportion of industry experts donning "gray hats" and dabbling in cybercrime for money.

The cost of crime can be broken into three parts: budgeted costs for security infrastructure, services, and labor; off-budget costs related to major security incidents; and handling the cost of insider breaches. An organization with 2,500 employees can spend about $1.9 million on security, according to the new report, "White Hat, Black Hat and the Emergence of the Gray Hat: The True Costs of Cybercrime."

It's little surprise to learn most organizations in the US have suffered some type of security breach in the 12 months preceding the survey. Phishing was the most common, though respondents also listed adware/spyware, spearphishing, and adware. Organizations reported an average of 1.8 "major" attacks — or those that lead to significant operational disruption or shutdown — during 2017. 

Midmarket companies, which usually have 500 to 1,000 employees, are hit hardest. Small businesses don't have a wealth of valuable data, while large ones have ramped up their defenses. Those in the middle are hit with more attacks than their smaller counterparts and have similar rates of attack as larger enterprises; however, they have fewer resources to defend themselves and less staff to combat threats. 

"Midsize businesses are the perfect target if you're a cybercriminal," explains Malwarebytes intelligence director Adam Kujawa.

It's tough to stay safe when security is expensive. The average starting salary for an entry-level security pro in the US is $65,578, slightly above the global average of $60,662. Top security professionals in the US make an average of $133,422, the second highest salary among nations surveyed. One of the biggest costs to organizations, in addition to hiring talent, is retaining it.

But is it enough to keep security experts away from cybercrime? More than half of respondents said they know, or have known, someone who has engaged in black hat activity, the highest rate among the five nations polled. Twenty-two percent have been approached to participate in cybercrime; 8% considered it.

Researchers asked about the willingness of respondents' co-workers to become gray hats, or folks who maintain their roles as security professionals while becoming a black hat hacker on the side. Those in the US think 5.1% of their infosec colleagues are gray hats; in the UK, 7.9% of security pros believe their colleagues to be gray hats. 

Most people in security think cybercrime is more lucrative and easier to enter than white hat security roles, according to the report. Nearly three in five security pros in the US said they think people become black hats because it's more financially rewarding than becoming a security professional. More than half think it's to retaliate against an employer, and half think black hats are driven by "some sort of cause of philosophical reason." 

Security pros in the US are most likely to think employer retaliation is the driver, with more than half (53.3%) reporting that as the reason, compared with the global average of 39.7%. Malicious insiders are harder to find and have the potential to cause deeper damage than external attackers.

"That's a very expensive attack," Kujawa points out. "The value of the data is probably more than what a regular cybercriminal could gather or accomplish." Further, the company loses its trust in network infrastructure, which requires more work to address than securing the doors against outside threats. "Cybercrime is more available to everybody than it ever has been," he adds.

Survey respondents believe these days it's easier for anyone to wear a black hat. "One of the big lures we got from the survey is a lot of global midmarket companies suggest it's easier to get into cybercrime without getting caught," Kujawa says.

Related Content:

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
hackercombat
50%
50%
hackercombat,
User Rank: Apprentice
8/13/2018 | 6:28:31 AM
Informative Post
Most of the cyber attackers used Balck Hat method. 
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
2018 Was Second-Most Active Year for Data Breaches
Jai Vijayan, Freelance writer,  2/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8948
PUBLISHED: 2019-02-20
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163.
CVE-2019-8950
PUBLISHED: 2019-02-20
The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET.
CVE-2019-8942
PUBLISHED: 2019-02-20
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image c...
CVE-2019-8943
PUBLISHED: 2019-02-20
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring...
CVE-2019-8944
PUBLISHED: 2019-02-20
An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files.