How cybersecurity events can combat cyber poverty
What is cyber poverty, and why do cyber inequities affect all organisations and industries? Learn how cybersecurity practitioners can work together to close the cyber poverty gap.
Read MoreHackers-for-hire have been in the mainstream media again recently, after a data leak from a cybersecurity firm in China revealed that hiring hackers is an increasingly common practice. It’s happening worldwide, and it poses a major security risk to governments and private organisations – with hired hackers earning tens of thousands of dollars to harvest data from targets, feeding it back to their clients.
Malicious hackers-for-hire are a real (and growing) problem. But the vast majority of malicious hacking services advertised on the dark web are not legitimate – and that is a problem, too.
Research shows that many hackers offering for-hire services are actually scams – with only a small number of them delivering what they promise.
The service providers often lack the skills required to complete the tasks they’re offering, or they simply never have any intention of doing the job; knowing that there’s little chance of clients being able to file complaints or seek compensation.
A 2019 study by researchers at Google and UC San Diego, for example, found that only five out of 27 hacker-for-hire services actually launched attacks against targets.
Of course, things have changed since then. The proliferation of more affordable and accessible cyber tools and automation means that the barriers to entry for malicious hackers are lower than before; it’s easier to launch attacks without being a skilled hacker, and easier to scale those attacks too. Threat actors can deploy services and intelligence that just wasn’t available to them before – so while we haven’t been able to find reliable data on this, it’s reasonable to assume that genuine hacker-for-hire services are becoming more prevalent.
A 2023 report by the UK’s National Cyber Security Centre (NCSC) predicted that the number of hackers for hire will grow over the coming five years, driving a growth in the number and frequency of cyber attacks.
Jonathon Ellison (Director of Resilience and Future Tech at NCSC) told Sky News,
"Our new assessment highlights that the threat will not only become greater but also less predictable as more hackers for hire are tasked with going after a wider range of targets and off-the-shelf products and exploits lower the barrier to entry for all.”
The services offered by hackers-for-hire are wide ranging: from personal attacks against individuals, to attacks against specific websites, DDoS attacks, and attacks that target large-scale organisations in both the private and public sectors.
So when it comes to getting scammed by the false promises of a hacker-for-hire ad, the scope of potential victims is wide-ranging too – from individuals with a vendetta against someone, to groups wishing to compromise a corporation or government organisation; and everyone in between.
Should we care? If someone goes and hires a hacker for malicious purposes, isn’t it fair if they get scammed?
Well; yes, maybe. But the rise of hacker-for-hire scams represents a bigger problem. It shows that malicious hacking is an increasingly lucrative enterprise, and that the anonymity of online spaces creates the conditions for new scams all the time. And crucially, it puts those who are legitimately seeking a hacker-for-hire (or pentester) at risk – those who want to test the security of their own network assets have the potential to come up against a scammer instead of a genuine hacker, incurring financial losses and potentially reputational damage too.
When engaging a pentester, clients should always:
Join us at Black Hat MEA 2024 to learn directly from the world’s best ethical hackers. Meet them face-to-face, gain insights into how they work, and build relationships to ensure you have the best pentesters in your contact book when you need them.
Join the newsletter to receive the latest updates in your inbox.
What is cyber poverty, and why do cyber inequities affect all organisations and industries? Learn how cybersecurity practitioners can work together to close the cyber poverty gap.
Read MoreFind out what retail industry leaders should know about cybersecurity and imminent threats during a surge in B2C sales.
Read MoreCybersecurity offers diverse job opportunities for professionals with a wide range of skills and experience. Discover three specialist roles in cybersecurity.
Read More