Advice
• Study the hacker business model – Understanding these models allows
the security industry to focus their controls on the problem itself, rather than on the symptom.
Up until now, many phishing-targeted companies (banking applications, retails, webmail, etc) were taking off the malicious sites, one URL at a time.
But that’s an endless game: given that hackers only need to repost the Web front end with a new URL,
they’re back in business within a few clicks.
However, when the business model is understood, namely, that hackers are fool-sourcing their attacks,
these organizations can locate the brain and heart of the malicious operation.
Removing these vital organs, and the hacker activity is slowed down as these proxy hackers look for another kit and storage.
• Educate yourself on the way of hackers - Study the techniques used in order to put the necessary controls to protect your system against different classes of attacks. Remember the 2007 tutorial? Watch and learn!
• Blacklist known “hacker”-servicing hosting providers - if an IP address belonging to a hosting site known to be used by the hacker, consider blacklisting it. But here is also a message to free hosting sites - be more vigilant as to who is using your services.
Coming Up Next – Technologies Hackers Are Using
Understanding the business models the hacker industry is developing is paramount for knowing how to apply the correct protection. But in order to be one step ahead of the hackers, it is required to know the technologies that hackers are using. So stay tuned as I turn to the emerging hacker technologies!