August 27, 2012, 12:43 PM — Years ago the typical hacking scenario involved a lone attacker and maybe some buddies working late at night on Mountain Dew, looking for public-facing IP addresses. When they found one, they enumerated the advertising services (Web server, SQL server, and so on), broke in using a multitude of vulnerabilities, then explored the compromised company to their heart's content. Often their intent was exploratory. If they did something illegal, it was typically a spur-of-the-moment crime of opportunity.
My, how times have changed.
[ Verse yourself in 9 popular IT security practices that just don't work and 10 crazy security tricks that do. | Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from expert contributors in InfoWorld's PDF guide. | Keep up with key security issues with InfoWorld's Security Central newsletter. ]
When describing a typical hacking scenario, these days you must begin well before the hack or even the hacker, with the organization behind the attack. Today, hacking is all crime, all the time, complete with bidding markets for malware, crime syndicates, botnets for hire, and cyber warfare gone amok.
Here are the nine biggest threats facing today's IT security pros.
Threat No. 1: Cyber crime syndicatesAlthough the lone criminal mastermind still exists, these days most malicious hacking attacks are the result of organized groups, many of which are professional. Traditional organized crime groups that used to run drugs, gambling, prosecution, and extortion have thrown their hats into the online money grab ring, but competition is fierce, led not by mafiosos but several very large groups of professional criminals aimed specifically at cyber crime.
Many of the most successful organized cyber crime syndicates are businesses that lead large affiliate conglomerate groups, much in the vein of legal distributed marketing hierarchies. In fact, today's cyber criminal probably has more in common with an Avon or Mary Kay rep than either wants to admit.