Attackers have constantly sought to “up” their game with new tactics and strategies to include new types of malware such as worms, spam, spyware, adware, and even rootkits. Although they already knew how to harass and irritate the public, in recent years they have caused ever bolder disruptions of today’s world by preying on our “connected” lifestyle.
Hackers have also started to realize that it is possible to use their skills to generate money in many interesting ways. For example, attackers have used techniques to redirect web browsers to specific pages that generate revenue for themselves. Another example is where a spammer sends out thousands upon thousands of e-mail messages that advertise a product or service. Because sending out bulk e-mail costs mere pennies, it takes only a small number of purchasers to make a nice profit.
The field you are entering (or may already be working in as a security administrator or engineer) is one that changes rapidly. In this field attacker and defender are in an ongoing struggle to gain dominance over each other. As attackers have become highly flexible and adaptable, so must you be as an ethical hacker. Your ability to think “outside the box” will serve you well as you envision new strategies and potential attacks before they are used against you.
Making your life as a security manager even harder today is that attackers have adopted a new pack mentality that makes defensive measures and planning much harder. In the early days the attacking person was just that—one person. Nowadays groups such as Anonymous and Lulzsec have shown us quite convincingly that attacking in numbers makes a difference even in the cyberworld. The collective or hive-like mentality has reaped huge benefits for attackers who are able to employ multiple methods in a short period of time to obtain impressive results. Such groups or packs are able to enhance their effectiveness by having a wide range of numbers, diversity, or complementary skill sets and also by the addition of clear leadership structures. Also adding to the concern is that some groups can be linked to criminal or terrorist organizations.