Hackers are categorized into black, grey and white hat hackers. Black hat hackers are individuals or groups which target corporations and organizations with a malicious intent for political or financial gain. Grey hat hackers aim to find exploits in the computer and IT systems of corporations and either publish the findings or request incentive for the exploitation. Lastly, white hat hackers, also known as ethical hackers, are hackers who are contracted to find exploitations in company servers and systems to prevent potential attacks.
For instance, the undisclosed individual who hacked into Zomato’s servers and hacked 17 million Zomato accounts can be labeled as a grey hat hacker, as the hacker collaborated with Zomato to recover the accounts and implement security solutions in return for a bounty or incentive.
On the contrary, the developers and distributors of the WannaCry ransomware can be described as black hat hackers, as they breached into over 300,000 computer systems with a purely malicious intent to obtain financial gain. In total the developers of the WannaCry ransomware have pocketed around $80,000.
Over the past 12 months, the structure and technologies implemented by malware and hackers have matured significantly, to the point where some of the largest corporations and state-owned facilities including the UK’s National Health Service (NHS) and FedEx fell victim to the WannaCry ransomware attack which inflicted a large financial damage to organizations worldwide.
As a result, the demand for white hat or ethical hackers has increased exponentially. Companies like Zomato have started to offer bounty to hackers that can find exploitations in their platforms, applications and infrastructures. Through various platforms such as HackerOne, the vulnerability coordination and bug bounty platform, corporations have started to connect with both white and grey hat hackers to ensure necessary security measures are implemented.
Also, companies have started to collaborate with white hat hackers to combat dark web criminals, such as the developers behind the WannaCry ransomware who utilized an exploitation tool developed by the National Security Agency (NSA).
Specifically, the NHS closely cooperated with a young security researcher who obtained a tool from the dark web to temporarily disable the WannaCry ransomware attack on NHS-partnered hospitals across the UK. By triggering a kill switch, a 22-year-old security researcher Marcus Hutchins saved the NHS from extensive WannaCry attacks.
Without the help of Hutchins, the NHS would have likely suffered from more attacks and wide spread of the WannaCry ransomware across its Microsoft XP-based computers. Acknowledging Hutchins’ efforts, the NHS rewarded Hutchins with $10,000 and a year’s supply of free pizza.
The importance of hiring and collaborating with white and grey hat hackers must be noted and companies shouldn’t merely look out for potential hackers like Hutchins that can come in after an attack has occurred. It is extremely difficult to recover servers, infrastructures and networks after a data breach or hacking attack has been taken place. Hence, it is absolutely necessary for corporations, especially large-scale conglomerates, to collaborate with ethical hackers on a regular basis to prevent cyber attacks and combat dark web criminals.
According to Telstra’s latest report, 59 percent of businesses are impacted by at least one security incident or attack every month. Therefore, it is critical for corporations to prevent potential vulnerabilities in their infrastructures.