Hackers 'don't break in anymore, they log in,' expert explains

Tech companies Google (GOOG, GOOGL), Amazon (AMZN), Cloudflare (NET) have come forward and admitted to being the targets of denial-of-service (DoS) cyberattacks. SentinelOne Advisor Morgan Wright joins Yahoo Finance Live to detail the phishing tactics modern hackers are adapting in these cyberattacks targeting bigger and bigger companies' platforms and servers.

"What is clear is that whoever figured this out, this may become part of a tool kit that's used later as they build out bigger malware packages and bigger types of attack platforms," Wright asserts. "This could be part and this was a proof of concept."

For more expert insight and the latest market action, click here to watch this full episode of Yahoo Finance Live.

Video transcript

JULIE HYMAN: Talk to us about the other side. Who is perpetrating these attacks? What are they trying to get done? And what kind of resources do they have?

- You know, there hasn't been really credible reporting yet on who's been behind it, but there's usually two things. Number one, if it's a state actor, it's done to gain some type of a strategic advantage or to take us offline. If you think of China and Taiwan, the situation in Ukraine, what's going on with Israel and Hamas right now, there could be some nation state actors.

But on the criminal side, it usually involves money. Criminals don't do anything for those things. Their motivation is money. So you're looking at what is it they hope to do.

But then there's potentially a third one, which are just basically digital anarchists. They just want to disrupt things. So it's not clear what it is, but what is clear is that whoever figured this out, this may become part of a toolkit that's used later as they build out bigger malware packages and bigger types of attack platforms.

This could be part and this was a proof of concept. They tried it out. They found out it was effective even though it was mitigated. This could become a huge tool in a new toolkit that's used on companies, again, not the size of Google, you know, Cloudflare, and Amazon.

JOSH LIPTON: And Morgan, I'm interested to get your take. When companies find themselves in trouble like this, should they be paying ransoms in your opinion? I know it's a subject that gets debated and discussed a lot. I'm interested in your view.

MORGAN WRIGHT: Yeah, you know, obviously, at SentinelOne, we've got a point of view, which is if you defend or protect yourself through use of AI automation, you can mitigate a lot of that before it happens. If you do get hit, the FBI has even said, look, people who pay tend to get hit again. So what you're trusting is that a criminal who has already breached your confidence, you know, breached public trust by attacking you, you expect them to be ethical and give you back all your files.

So the best thing is not to have it happen. But if it does happen, you look at what happened with MGM and their refusal not to pay. There is a cost involved with that. And as long as you're willing to bear the cost of legal, rebuilding systems, you know, it's never good business to do business with criminals. But there's no easy answer to that except there is one thing, you have to be very careful. If the ransom money is going to an entity that's on the OFAC list, the Office of Foreign Asset Controls and it's supporting terrorism, the US Treasury could actually sanction you for paying a ransom if that money can be tied to going to a terrorist group.

JULIE HYMAN: That's a very interesting point and a good reminder, especially right now. Morgan, you mentioned the MGM hack. And there was also one against Caesars. It feels like-- there are certain moments where it feels like there's an uptick in these, sorts of, attacks at least from an anecdotal basis. Is that actually what's happening and what do you think could be driving that?

MORGAN WRIGHT: You know, higher education is getting hit. Education is getting hit because they're fairly open and they don't have the extensive resources. But you bring up a good point, hackers don't break in anymore. They log in.

And the MGM hack started with somebody trolling LinkedIn, scanning LinkedIn, finding somebody, and then impersonating an employee to the help desk to get credentials. So it's really, if you get that initial toehold in, you can do it. So we do go through cycles, we do go through seasons as people get better at defending these attacks. Then new ways, new vulnerabilities are found, new groups come out and then they attempt to do that.

But what we're finding right now is a lot of these breaches are happening not because they're exploiting a vulnerability in the system, but because they're getting initial access by exploiting identity and access management that way. So there's, kind of, a as we get better at one thing, then it's the other thing. I always tell people the problem isn't the problem.

The problem isn't the way you think about the problem. There's only one problem that matters and that's how your adversary thinks about the problem. And criminals think differently than law-abiding citizens and that's kind of the advantage they have many times.