If you ask some of the field's top cybersecurity executives what their biggest concerns are, you might not expect bored teenagers to come up. However, in recent years, this totally new generation of money-motivated hackers has carried out some of the biggest hacks in history and shows no signs of slowing.
Meet the "advanced persistent teenagers," as stated by the security community. These are skilled, financially motivated attackers, such as Lapsus$ and Scattered Spider, who have proven capable of digitally breaching into hotel companies, casinos, and tech behemoths.
The hackers can deceive unsuspecting employees into giving over their company passwords or network access by using strategies such as believable email lures and convincing phone calls posing as a company's support desk.
These attacks are extremely effective, have resulted in massive data breaches impacting millions of individuals, and have resulted in large ransoms paid to make the hackers vanish. By displaying hacking capabilities previously limited to only a few nation states, the threat from idle teenagers has forced numerous companies to confront the reality that they don't know if the personnel on their networks are who they say they are, and not a sneaky hacker. Has the threat posed by idle teens been understated, according to two respected security veterans?
“Maybe not for much longer,” noted Darren Gruber, technical advisor in the Office of Security and Trust at database giant MongoDB, during an onstage panel at TechCrunch Disrupt. “They don’t feel as threatened, they may not be in U.S. jurisdictions, and they tend to be very technical and learn these things in different venues.”
Plus, a key automatic advantage is that these threat groups also have a lot of time on their hands. “It’s a different motivation than the traditional adversaries that enterprises see.”
Gruber has dealt with a few of these threats directly. There was no evidence of access to client systems or databases, however an intrusion at the end of 2023 in MongoDB resulted in the theft of certain metadata, such as customer contact information.
According to Gruber, the attack mirrored Scattered Spider's strategies, and the vulnerability was reportedly minimal. "The attackers posed to be employees and used a phishing lure to get into MongoDB's internal network," he claimed.