When you think of hacking, the most common thought that comes to mind is some form of immediate gain or result. That’s because the majority of hacking is purely tactical and for some immediate purpose: hackers steal credit cards and bank accounts for financial profit; hacktivists disrupt or deface websites to protest an action or promote a cause; and cyber warriors act to disrupt infrastructure or communications.
However, that is changing. We are now seeing the emergence of strategic level hacking. While these attacks are conducted without the intent of having immediate benefits, their impact can be just as devastating; if not more so. The OPM breach and the recent hack of the DNC are perfect examples of this.
Generally we would not see huge, immediate data dumps from these attacks showing up. This is because the data is more valuable being harvested and saved for future malicious endeavors. Take the OPM breach for instance. The data is not immediately valuable, but rather can best be used for numerous future campaigns targeting online and offline activities of victims and their relatives. The DNC hack, however, is a little more cut and dry; most likely conducted to capture strategic intelligence on Donald Trump for use if he becomes President.
In addition to methodical planning and patience, these new strategic hacks rely on misdirection. Misdirection is important to help prevent immediate retaliation while gathering the necessary information and plotting the long-term strategy. With a lot of fingers pointing at the Russians for the DNC attack, the fact that we have seen some documents emerge may very well be the Russian government trying to cover their tracks and establishing deniability. The challenging part of these new strategic hacks is we will never know for sure until action is taken.
This shift in approach makes a huge range of companies likely targets that previously would never have thought of themselves as interesting to hackers. The reality is that no one is uninteresting — every company has something valuable to someone. Every organization needs to be taking their security seriously for themselves, their staff, and their customers. The days of keeping your head down and flying under the radar are long gone. To see how you can better protect your online activities, as well as your identity; check out the latest features offered by Passages.