The job of threat hunting involves proactively searching for malware or attackers lurking in a company network, which is no simple task by any means, and the reason why it’s typically left to the professionals. It’s their job to iteratively detect, isolate and neutralize advanced threats which evade automated security solutions like antimalware or network firewalls.
Cyber threat hunters are generally tier 3 analysts with experience in cyber security, network engineering, information security, coding skills (script and compiled languages), malware and attack methodology and the knowledge of operating systems and network protocols, to name a few.
Stress management, research, problem-solving and analytical skills are also some of the soft skills required for this career choice. Currently there is a major global shortage of individuals with these skills and with the growing demand in privacy and data security, it’s easy to understand why this is the case.
With the demand so high, there’s been another group of talented individuals who’ve been stepping up to the plate in order fill the gaps. Enter the hacker… With skills similar to those required for tier 3 analysts, more companies are putting these particular individuals to work just like in those movies where secretive government departments hire the exceptionally-skilled for the greater good.
There are several types of hackers out there with the three main groups being Black, White and Grey Hat hackers, as detailed below.
- Black Hat hackers
The term ‘black hat’ originates from old western movies where the bad guys wore black hats. Black Hats are the people to be feared the most and are the ones who break into company networks and infrastructure with malicious intent and gain unauthorised access. Whether it be to spy, steal & exploit data, take control of resources & websites or watch the world burn, these are typically the most competent hackers but also the least ethical.
- White Hat hackers
White Hats are the exact opposite of Black Hats and are the sheriffs of cyber security. These are the individuals whom have devoted their skills and talents to helping organisations strengthen their security and develop countermeasures against the baddies.
White Hat hackers are generally referred to as ethical hackers, gaining permission from organisations to legally test their defences. They’re also provided with rules of engagement which defines what resources and how much information they’re allowed to access. All discoveries and vulnerabilities are reported to the organisation’s security team for remediation before it can be exploited.
- Grey Hat hackers
These hackers walk the fine line between the good and the bad. They’ll scour the internet for targets, gain unauthorised access and exploit networks and computer systems in the same way that Black hatters do, but without malicious intent. Their findings are reported to the vulnerable organisation’s security or administrative team. Grey hats may request (or extort) compensation for their ‘services’ and findings which is why they receive their own category. The main difference between Grey and White Hat hackers is that the Greys have not been legally permitted by the organisation.
These are not the only types of hackers out in the wild, but they do represent the major hacking groups. Click HERE more info on the different types of hackers.
Realistically, hackers are the best way to stop other hackers and with the current threat landscape there’s no one better suited to finding and exploiting unknown/hidden threats and vulnerabilities. Many companies have recognised this previously untapped resource and have begun participating in Bug Bounty Programmes.
Bug Bounty Programmes are not new to the cyber industry and have been around for decades. In fact, the first company to initiate this was Hunter & Ready in 1983 for their Versatile Real-Time Executive operating system in which they rewarded anyone who found and reported software bugs. Many well-known companies have since continued to participate in Bug Bounty Programmes. Companies like Google, Yahoo!, Microsoft, Mozilla, Verizon, Alibaba, Android, Twitter, eBay, Tesla and Booking.com, to name a few, participate in order to deliver the most secure platforms on the market. Hackers’ skills are put to good use and are rewarded accordingly for vulnerabilities discovered and based on their severity.
Recently, HackerOne, a hacker-powered penetration/security testing and bug bounty platform, made headlines when they announced that hackers earned more than R28m ($1.9M) in bounties during a Las Vegas live hacking event, dubbed h1-702. The hackers found and reported more than 1000 security flaws for the participating companies. Considering the financial loss caused by data breaches this year alone, bug bounty projects have a promising future. The tactic of fighting fire with fire carries a certain amount of risk but proves to be effective under controlled conditions. The same can be said about using hackers to improve cyber security defences.
Hackers are not just those guys seen in the movies wearing nerdy glasses or dark hoodies. They’re real in every sense and the exceptional ones even get job offers from big companies. For example, the following people whom were apparently regarded as hackers have reportedly been employed in key positions at major organisations:
- Chris Putnam – hired by Facebook.
- Michael Mooney – hired by exqSoft Solutions, a web app development firm.
- Owen Thor Walker – hired as a security consultant for TelstraClear.
- Ashley Towns – hired by an Australian digital publishing firm, Mogeneration.
- Jon Lech Johansen – Michael Robertson, founder of MP3.com and MP3tunes LLC, offered Jon a job.
These are but a few examples of so-called hackers whose skills were repurposed for the good. The system is not necessarily perfect but allows a negatively-judged group to come out into the light and show their skills in a positive manner. The system also provides a service which can be more budget-friendly in comparison to hiring a full-time team for the same purpose, with the added benefit of unique insight. The hacker population is growing and it’s better to have them work with companies on improving cyber security than breaking it down.