Cyber ​​Intelligence, learning about hackers to stop attacks

Cyber Intelligence, conoscere gli hacker per fermare gli attacchi thumbnail

Know your opponent is a fundamental key to winning, even when it comes to cybersecurity. With the increase in cyber threats, which in recent months have also seen important institutions in Italy hit, understanding who are the hackers attacking organizations and companies becomes a necessity. Alessandro Anselmi, Head of Intelligence di Sababa Security, he explained to us in a dedicated event like the Cyber Intelligence allows you to stop hacker attacks in the bud.

Sababa Security explains how Cyber ​​Intelligence works

Sababa Security it’s a Italian provider of cyber security solutionsy, founded in Milan in 2019, but also with offices in Genoa, Turin, Rome and by 2022 also in Spain and Uzbekistan. An emerging reality that has more than 100 channel partners and over 150 end customers.

Alessandro Anselmi, explained to us that Sababa has obtained these results with a holistic approach to security, which goes beyond what many other companies offer. Indeed in addition to providing solutions e to monitor the networks of its customers, also offers a safety assessment of institutions and companies. And also training for employees of companies: often lack of preparation can open the door to hacker attacks. Something that we have seen more than once even for important institutions at the national level in the last year.

But in addition to the preparation by those who defend themselves, you also need to know who is attacking. And prepare one strategy to answer.

Alessandro Anselmi, Head of Intelligence di Sababa Security

The Cyber Intelligence it allows us to understand what the potential risks for a company are, also putting the attacker under the magnifying glass. In recent months we have learned about the names of various hacker groups, even without being experts: from the hackers of Killnet that threatened Italy up to the ransomware group Conti. A careful analysis of Cyber ​​Intelligence can verify the real risks for a company and find the best defense, acting in protective way to protect yourself.

What is Cyber ​​Intelligence?

With a historical excursus starting from ciphers of Caesar to the advent of the Roman Empire up to Alan Turing ed Enigma in the Second World War, Anselmi explained to us the fundamental role that intelligence has played over time. Long before the advent of cyber threats.

With intelligence yes they gather information, they prepare defenses, data is analyzed to ensure the protection of an entity and the prevention of activities that could destabilize it. In particular, the Sababa Security expert explains that Cyber ​​Intelligence provides for one information collection and sharing phase. The various security teams learn about the ‘weapons’ of cybercriminals and state hackers.

But then the creation of strategies and tattactics to intervene and monitor the systemsthe. Which, however, is impossible without knowing the hacker threat.

The evolution of hacker threats

Knowing the opponent also means entering his territory, to understand how he moves. Often in fact, despite being online, the hacker presence proliferates on a web unknown to many of us. In fact, only 4% of the web is indexed and reachable through Google or any other search engine. THE90% instead is deep web, not indexed. This is about people’s health, financial and private data. But also the scientific reports of universities, rather than legal documents and corporate intranets. A favorite hunting ground for hackers, who attack with malware and ransomware.

And then there is the 6% on the dark web. Sites encrypted with client TOR, multi-layered to avoid being tracked. Anselmi showed us some sites that looked like real eCommerce of drugs and weapons. But technically, the dark web also includes private communications on messaging applications that we also use that we are not hackers.

pro-Russian hacker attack 1

The dark web is where hackers get organized, in dedicated TOR sites and messaging apps. Some form real “Hub“, as in the case of Lazarus Groupformed by a network of hackers who, for example, attacked the vaccine distribution system for Covid-19 at the end of 2020.

Alternatively, there are criminal groups “traditional” as the ‘Ndrangheta that increasingly uses the dark web to fuel its business, for example in the sale of drugs. Then there are hackers “hybrids“, as the Evil Corp. A group that makes millions of dollars with malware and information stealing, but with links to the ‘classic’ underworld.

Cyber ​​Intelligence, Sababa Security to discover cyber dangers

Anselmi explains with a graph that the impact of the attack increases with the increase of the resources of the threat. But not all realities run the same risks. There are threats that arise from accidental employee mistakes, or that stem from untargeted malware and from hackers who do it “as a hobby”. Much more complex when the threat can come from customers and suppliers, perhaps from an ex-employee or a hacktivist.

The next level of threat is brought about cybercriminal organizations and cyberterrorists. But also a business rival ready to play dirty. Finally there are the attacks state sponsored, something we have heard about long after the conflict in Ukraine began. Here the risk can become truly enormous.

hacker

With an analysis done by professionals, however, it is possible to analyze the possible threats studying the geopolitical situation and known hackers in that particular industry. Analyzing in one sandbox il malwarand or by evaluating the ‘reputation’ of emails and sites you can evaluate the threat.

If, on the other hand, you were to suffer an attack, Sababa Security explains that it becomes possible to have a forensic report of the accident (also on the blockchain, in the case of ransomware payment). It is also necessary to evaluate the exposure suffered and, if necessary, organize with other affected companies to try to find the culprits.

But even before undergoing an attack, a hazard analysis makes it possible to evaluate the perimeter attack and possible external threats. And also the possibility of contain the threat in case the hackers break through. By using a security-centered approach, training employees and establishing an intelligence-based strategy, preventing attacks becomes possible.

For more information, visit the Sababa Security website.