What do I mean by lazy? Attackers will often use the “lowest common denominator” method against the widest range of IP addresses from the same source set of IP addresses. Even advanced attackers will use a “recycled attack platform” when doing initial reconnaissance against a target or set of targets. This approach results in attackers using:
- The same type of attacks against a wide surface area
- The same toolset (exploits and malware)
- The same set of command-and-control servers (source IPs).
The economics of broad-based attacks
Putting aside the incremental costs of exploit kits and the potential legal risk, there is no significant cost to launching an attack. With easy-to-use and readily available exploit kits, an attacker can use a single machine to attack thousands of targets searching for one with susceptible defenses. The cost of acquiring a new target is merely the cost of generating a new random number.
On the other side, each new attack vector requires additional effort on the part of the defender. They must deploy and maintain numerous security controls while also keeping all of their systems updated with the latest security patches. This is a substantial cost that is all too familiar to anyone in the industry.
At this point in time, the advantage is completely on the side of the attacker. While each defender must incur substantial cost to defend their organizations, the attackers can easily find targets that have not paid that price. The question becomes how can we increase the cost that an attacker must pay for each target that they attack? Clearly, the risk of criminal prosecution is a “cost” the attacker incurs. However, the technical difficulty of attribution and the ease of crossing geo-political boundaries complicate prosecution efforts and as a result, this risk remains in the abstract.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.