Best left to government agencies.Īs an example, I've spoken with network forensic analysts (qualified as one myself but dont do this anymore) who have hunted a hacker group for years and only got them when they logged into their own Facebook using a victim's network. By the time you got to the source they'd likely moved on anyway Even if it were legal where you are, it's not really your concern (as a business), you're focused on getting back up and running.Īttribution is possible but it requires huge resources & it needs the attacker to fuck up. You'd need to then install monitoring software, find the next upstream server. Even if you hack whatever server or system is communicating with whatever compromised you, you've just hacked a disposable asset. Now consider the attacker - usually controlling a botnet or maybe a single c&c server, likely with several layers of network indirection (VPN, tor, proxies, etc) between them & that server. With scale comes complexity and with complexity comes more potential for an obscure vulnerability.
The more pieces in your system, the more software that needs to be kept up to date & more accounts that can be breached, more people to phish. we're more likely to be dealing with ransomware that targets businesses, and therein lies the heart of the issue.īusinesses by nature need to have an online presence, often with numerous services & servers exposed. I know people see scammer hackers like Jim browning and think that it's just a matter of technical expertise, but a) it's likely nowhere near every scammer they run across that is hackable, and b) they aren't really the type of cybercriminal cybersec deals with.
0 kommentar(er)
