Amateur hackers give away presence of much worse attacks, says IBM

A padlock against a golden background to represent cyber security

Amateur hackers are accidentally revealing more sophisticated cyber criminals exploiting company networks, according to IBM.

Crude, noisy attacks carried out by "script kiddies" alert firms' security teams to the presence of veteran hackers lurking on their servers, leaving security teams to uncover a wider and wider attack affecting their companies' systems, according to the IBM X-Force Threat Intelligence Quarterly report.

Though 80 per cent of cyber attacks are conducted by sophisticated crime rings, the report said, it is more inexperienced hackers who are unknowingly alerting companies to such threats by leaving clues of their presence.

When a business sees evidence of the less sophisticated breaches, they often find something more sinister.

"While the recovery of systems compromised by script kiddie attacks might take only a few days of an operation team's timeand effort, the job of finding a root cause, then fully understanding and remediating the work of the stealthy attackers could take months," read the report.

"Meanwhile, the stealthy attacker could roam the network undetected, ultimately trying to gain access to the client's 'crown jewels'."

While the sophisticated incidents were most commonly revealed by amateur hackers, telltale signs they did leave behind included anti-virus alerts about Trojans, servers rebooting unexpectedly, suspicious log records and users being locked out of their accounts.

This onion-layered security incident, as Big Blue termed it, where a rookie attacker reveals a larger hack, formed one of four cybercrime trends identified by the IBM Emergency Response Services team, along with more incidents of ransomware, malicious insiders and, conversely, greater management awareness of security problems.

Ransomware is by far the most common sort of virus encountered, with Cryptowall ransomware attacks alone leading to $18 million taken by hackers between 2014-2015. IBM predicts this will only grow in 2016, migrating to mobile.

As in 2014, many malicious attacks are originating from inside of companies, with 55 per cent of attacks last year carried out by individuals with insider access to an organisation's system.

"It's been a tough year for security teams. Insider threats, malware, stealthy tools and morphing attacks continue to challenge organisations of many sizes in 2015," the report read.

"When IBM X-Force looks back across the year, we see many areas for improvement. The good news is that organisations can take stronger responsibility, make a few small changes and see a big impact for the long term."

Cybersecurity has become a bigger concern for companies at the boardroom level, the report also noted, with a recent survey by Southern Methodist University and IBM revealing that 85 per cent of CISOs believe support from upper-level management has increased, and 88 per cent saying security budgets have grown.

"Security incidents have been on the rise for the past few years, and most experts in cyber security believe the trend will only continue to intensify," said IBM.

"Here, though, our subject is not the high-profile, headline-grabbing attacks we all know about but the everyday struggle of organisations everywhere, in every industry, to protect their data in a world of thieves."

Caroline Preece

Caroline has been writing about technology for more than a decade, switching between consumer smart home news and reviews and in-depth B2B industry coverage. In addition to her work for IT Pro and Cloud Pro, she has contributed to a number of titles including Expert Reviews, TechRadar, The Week and many more. She is currently the smart home editor across Future Publishing's homes titles.

You can get in touch with Caroline via email at