The cybersecurity community has identified a new threat group of skilled and financially motivated teenagers who have been causing significant hacks on hotel chains, casinos, and technology giants. Dubbed “advanced persistent teenagers,” these hackers use tactics like credible email lures and convincing phone calls to trick employees into giving up their corporate passwords or network access.
According to Darren Gruber, a security expert at MongoDB, the threat from bored teenagers is real and may not be underestimated. He notes that these hackers are often technically skilled, learn quickly, and have more time on their hands due to their age, making them a formidable threat.
Gruber’s experience with a recent intrusion at MongoDB shows how these attackers can use phishing lures to gain access to internal networks, highlighting the importance of attribution in defending against future attacks. He emphasizes that knowing who you’re dealing with is crucial in preventing future breaches.
Heather Gantt-Evans, chief information security officer at Marqeta, agrees that the motivations of these emerging threat groups are unpredictable, but their tactics, such as sending phishing emails and manipulating employees, are relatively simple. She stresses that identity and access management are top priorities to prevent human element attacks, which are often combined with social engineering.
Gantt-Evans also highlights the need for companies to learn from neurodivergent talent, as some of these young hackers think and operate differently than others. Embracing diversity is crucial in addressing this growing threat, and cybersecurity experts must adapt their approach to effectively counter the advanced persistent teenagers.
Source: https://techcrunch.com/2024/11/01/the-biggest-underestimated-security-threat-of-today-advanced-persistent-teenagers/