The Dark Web Hackers: Keep Your Friends Close and Your Cyber Attackers Closer

Who are they and how can we identify these individuals behind the screen to best protect our data?

On average, a cyber hacker spends about 209 hours hacking one system and 140 days in a system before they are discovered. How can you identify a hacker when they are behind another screen? Well, there are a few patterns which have helped detect these anonymous security threats. According to Microsoft cybersecurity experts, 11% of hackers are insiders to their organization and 7% are nation-states. (1)  

There are three primary patterns of behavior that hackers exhibit – navigation, how they moved through a compromised system; enumeration, which is how they understand the system they have gained access to; and exploitation, how they try to steal the data. To put this in perspective, it resembles how a robber might approach a bank, how they assess which teller to talk to, and what they say to get them to hand over the money. (2)

So, being a cyber hacker is not an easy job, and they learn best by repeating previous strategies. In fact, the Dark Web provides “Starter Kits” which enable individuals with the tools and tracking metrics to succeed. While some of these kits are purchased from the site, others offer “free” starter kits which then take a percentage of the successful ransom. One of these kits is named “Blackhole”, for instance.

If your organization uses a marketing platform to send emails, hackers have very similar programs. A template is created, which automates the name to put in and various follow-up emails to continue testing a company’s vulnerabilities. This automation takes the guesswork out of who the email should be sent to and how they can infiltrate an organization.

Why should we care about who a cyber-criminal is and how they navigate these devastating attacks? Have you ever heard the phrase, “Keep your friends close and your enemies closer?” We must be able to prevent and detect when an attack is occurring before it is too late. Once we learn the ways in which we are at risk, we can educate our friends, family, and employees to take necessary precautions.

Where you or your company should begin:  

1. Verify configuration of backup systems

  • Local backups can be encrypted by hacker  
  • Implement multi-factor for email and other login information
  • Leverage capabilities of existing tools
  • Most Microsoft 365 subscriptions include extensive security measures, but most organizations don’t bother to use after installation  

2. Implement cyber awareness training  

  • Humans ARE your firewall, train them well

3. Measure your risk management team awareness  

  • Complete a ransomware self-assessment  

4. Develop incident response plan  

  • What will you do when something goes wrong?

Join us at our event on August 31st, to learn more about arming your employees with the right tools and knowledge to avoid the dreaded email or call saying they clicked on a cryptic link. Register at this link: