Insightful &
Helpful Articles

Here is what we're working on and
thinking at Hedgehog security.

At one time, online security was a simple affair: an up-to-date anti-virus installation and some relatively simple infrastructure defences, and except in cases of targets of particular interest as long as there were easier targets around safety was all but guaranteed. Now that criminals have taken to the field all that has changed, and every organisation from the smallest to the largest needs their security position to be the best it can be.

How things were

Self-propagating infections are are not a new thing. The notion of self-replicating entities was first conceived academically in the late 1940s, far ahead of technology itself. Similarly the idea of a network worm appeared over 40 years ago in fiction at a time when research into practical computer networks was itself only months old. The first disk-borne viruses appeared on the on machines like the Apple ][ and Atari ST in the early 80s shortly after the term "computer virus" had actually been coined, again academically, at a time when owning a home machine was still a rarity and the only viable means for enthusiasts to share content was by swapping disks. The first recorded incident of an e-mail worm was in the late 80s when a university student wanted to spread his Christmas greetings, but failed to include adequate controls and ended up releasing a macro which replicated itself so aggressively that it caused widespread incidents service loss across large parts of the, then still largely academic or industrial, e-mail network.
Meanwhile hackers were initially pretty much as the media first portrayed them: over-inquisitive technology fanatics, who relied on abusing telephone technology to manually investigate and infiltrate single targets of interest at any given time, usually with no more intent than "just looking around", and often by no greater means than a little research or social engineering to gain user credentials.

The sea change

Although motivations have changed, until the last decade or so deliberate attacks tended to be targetted affairs. The people doing the attacking became less recreational and more malicious, but the single-target mind-set remained. An attacker would focus resources on a single target, and invest in successfully compromising one entity at a time. Commonly, the interest would be in gaining access to some hidden aspect of a target (administration or customer-only pages of a web site, customer or financial details from inside the organisation) and capturing it to expose it or to ransom it to threat of exposure.
In those environments, security is a relatively easy affair of robust management procedures and sufficient technological defences that there are easier targets to be found.
The change has come, in recent times, where the attack is no longer a focused endavour. Big organised crime has moved in (predominantly in former Soviet bloc countries) and has hit on a much simpler model: holding data to ransom at source. All they have to do is get an automaton inside perimeters to encrypt user data. It never needs to find its way out again. And they only have to have one success to have a crippling effect. For instance it is reported that as of mid-August Maersk, the global shipping line, has faced a cost of over 300 million dollars in loss of operations and cost of remediation, as a result of the Wannacry attack, and it has to be remembered that the Wannacry attack was stopped in its tracks by the efforts of a security researcher who found a so-called "kill switch" in the code. Had it run its course the effects, globally, would have been even more devastating. It is not going out on a limb to suggest that this is going to be the predominant model for attacks and extortion in future.
That is not to say that the old paradigm of focused effort to gain access to a specifically defined target is going to go away. The most recent cases of the HBO infiltration which leaked an entire episode of Game of Thrones and other sensitive information, or the leak of 270,000 data records for British payday lender Wonga demonstrated that targeted attacks are still very much a problem. But by far the bigger common risk from this point in time onward is infiltration and ransom.


The game - as it once was - has changed. Adequate security is no longer a question of being tougher than someone else, it is now about being the toughest you can be. Hedgehog Security can provide expertise in understanding and improving your current security posture through our range of testing offerings, and we can help provide ongoing peace of mind with our Continuous Cyber Assurance service.