The attitude and goals of hackers have shifted in recent decades, said Michael “MafiaBoy” Calce in his keynote presentation at CDW Canada’s BTEX 2019. The white hat security expert launched large-scale denial-of-service attacks (DDOS) against Amazon, Dell, eBay and CNN as a boy in the 1990s. “It ended up causing over $1.7 billion [CAD] in economic damage, done by a 15-year-old kid from Île Bizard, Quebec,” he noted.
While the attacks carried a cost, Calce said he didn’t profit personally. “Hackers did not care about money. All they cared about was who was number one, who is the best hacker. The mindset has changed. Hackers no longer think like this.”
Hacking has become focused on monetary gain, destructive attacks and nation state targets. Calce said that 80 percent of cybercrime revolves around monetary gain, with the staggering cost of attacks growing each year. Two years ago, cybercrime was responsible for $600 billion lost; last year, that figure rose to $1.4 trillion.
“Everyone in this room, everyone on the planet, has a dollar sign above their head, and you may not know it. You have value to a hacker.”
He emphasized the proliferation of connected devices as a cause for concern. A few years ago, the Mirai botnet launched DDOS attacks from three million unsecured Internet of Things (IoT) devices. By the end of next year, there will be 25 billion IoT connected devices globally – and versions of Mirai are still being spotted in the wild.
The stakes are high, and cybercrime has become institutionalized as a result. Calce noted that cybercrime insurance firms have calculated it’s often cheaper to pay ransomware demands than replace or repair IT systems. As a result, hackers now know that in many cases, their ransomware attacks will be profitable.
“It’s literally a fiesta for hackers today,” he said. For example, search engines help hackers identify vulnerable printers – a device that many don’t realize is an endpoint on the network. Calce shared the story of one hacker who prompted his neighbour’s printer to print out the phrase, “I am your printer. I have become self-aware.” The hacker soon found the printer abandoned in the trash.
But the greatest threats might be within companies, with 60% of breaches happening internally. “We do not properly train our staff in cyber resilience,” said Calce. “We do not give them the proper devices with embedded security. We all know that person who will a click a link.”
These diverse threats to a company’s security aren’t going away, he said. And the costs aren’t limited to downtime, recovery and ransom. With new legislation being enacted around the world (such as GDPR) that fines businesses for security breaches, “You will be paying fines if you get breached,” said Calce. “There is great ROI in investing in security.”
Please bookmark this page for more coverage of BTEX 2019.
