Evolution of Online Attacks Mirrors the History of Avertising

By Cameron Byers, Technical Engineer

The rise of television brought with it the golden age of mass marketing. Businesses selling consumer goods would pay large sums of money to have their ads featured during prime viewing hours and during popular programs, and continues today with extravagant Superbowl ad space. Over the last decade, with the explosion of online content and sophisticated database mining, advertisers became more aware of demographic information that would allow them to become more targeted in their approach.

Today, with the prevalence of Internet access and the amount of time consumers spend online, advertisers have moved away from mass marketing programs and are more focused on targeted and personalized marketing. The evolution of online attacks seems to mirror the progression advertising has taken.

In the beginning, hacking was done for fun and hackers were driven by a spirit of adventure. However, some hackers soon realized the potential for personal financial gain their hacking created. Thus the birth of Trojans, keyloggers, and malware distributed via spam messages. Much like television commercials of old, these attacks were broadly distributed, the strategy being to hit as many people as possible in the hopes a small percentage will download the malware. 

In general this shotgun type strategy was successful as unsuspecting victims would click on malicious links and had their account information, passwords, or identity sent to a hackers developing databases. Blackhat hackers could focus on quickly creating simple, and often times, low quality malware and due to the sheer distribution volume this method was profitable.

Just as we are seeing an increase in personalized targeted advertising, we are now seeing the rise of targeted attacks. In the past this method of hacking was considered unprofitable as it took too long to create a targeted attack, thus reducing the profit margin. With the lowering cost of producing high quality malware, large customer database breaches, coupled with the surge in hacktivism means we will begin seeing more targeted attacks in the future. 

While the goals of criminal gangs and hacktivists may differ (profit vs. issues awareness), they are using similar tactics–malicious code designed for a specific targeted attack. The reason for the coming rise in targeted attacks is twofold:
1) targeting certain types of businesses has become a profitable endeavor, and
2) social issues are once again spurring hackers into action.

Why is it now profitable to target specific accounts when it once was not considered a lucrative strategy? 

One reason may be the success security professionals have had with educating employees and technology users regarding online threats. It isn’t that the creation of high quality malware has become easier, it is that getting users to fall for their scams has become more difficult, making broad based attacks less profitable. As a result, hackers are finding it more profitable to target a specific company or organization with an attack designed to steal data. 

These attacks are harder to defend against as they often involve rather sophisticated social engineering approaches and often times are harder for common email spam scanners or content filters to detect. They depend on SQL injections and the infection of web applications or common social media sites such as Facebook rather than spam or malicious websites.

On the other side of the spectrum are hacktivists who are targeting a specific organization, not for profit but for social awareness. These socially minded hackers know that a high profile security breach can damage the reputation of a socially irresponsible organization or bring down the network of a company the hacktivist feels is responsible for some injustice. It is the technological equivalent of protesting outside of the organization’s office and even more effective, as it can quickly generate a global media buzz online when successful.

The number of targeted attacks will only increase in 2012 as users become more aware of broad based threats, hacktivists become more active, and blackhat hackers create more sophisticated malware.  For the general consumer and business, watching for these new approaches and taking control of your security policy enforcement should be a focus.