Threat Actor Profiles: Script Kiddies

Threat Actor Profiles: Script Kiddies 960 540 N2K

Welcome to the fifth installment of our Threat Actor Profile series where we analyze the main categories of actors that represent a threat to your organization. This series is designed for executives. Because we understand the unique roles and responsibilities of executives, and corporate leadership, we’re focused on cyber risk as an enterprise risk—and help explain it without getting lost in the weeds. Our fifth threat actor group is script kiddies.

Click to read our previous posts on Nation State Actors, Cyber Criminals, Hacktivists, and Insider Threats.

Threat Actor Profiles: Script Kiddies

“Greater powers and resources do not guarantee tactical superiority.”

The Chinese military strategist Sun Bin’s observation that powerful resources do not guarantee military victory is a phenomenon that is especially true in the information technology era. Warfare has grown more asymmetric as individual hackers can inflict great financial and reputational damage to powerful, wealthy businesses. Script kiddies represent an example of how individuals with limited resources and knowledge can damage powerful organizations. 

So Easy a Kid Could Do It

As their name implies, script kiddies are novices or amateurs whose hacking exploits rely upon malicious code written by more advanced, sophisticated hackers. Script kiddies use “off-the-shelf” exploit tools to cause online havoc in the name of fun, thrills, or skill refinement.
While script kiddies may seem like a nuisance, they can cause a lot of damage, especially because malicious script (the code that actually searches for and exploits vulnerabilities) is easily copied and executed by anyone. Indeed, YouTube tutorials and chat forums detail how to execute basic and advanced hacks using free or open source software tools.

Dyn DDoS Attack

Just because script kiddies skills are not sophisticated doesn’t mean they can’t damage your organization. In fact, security experts believe the recent Dny DDoS attack, which downed major websites such as Amazon and Twitter last fall, was the work of script kiddies. Not only was the malicious code used in the attack simple, but it was shared in a way that is consistent with how script kiddies communicate and share resources: online forums. Mirai, the source code used to carry out the DDoS attack, was made public and shared throughout online hacking forums. Script kiddies used the code to send massive amounts of unwanted traffic to certain sites. Moreover, there appeared to be no political or financial motivation in the DDoS attack. Rather, script kiddies deployed the Mirai code to wreak disruptive havoc. Finally, the Mirai virus included features that allowed users to customize their attack methods, a rare feature that would be rather enticing to script kiddies looking to test out new capabilities.

How to Protect Yourself Against Script Kiddies

Because script kiddies are usually apolitical, their targets can be unpredictable. That means even if you are a low-profile company, you can still be a target for for vandalism or experimentation.
Consider the following steps to minimize the risk and impact of script kiddies.

  • Patch Management: The Dyn attack was so successful because it exploited known security flaws in IoT devices. These vulnerabilities could have been protected with updated firmware, a process known as patching. A patch management system is a basic, but often overlooked practice in organizations. Patch Management should mandate users to update all of the devices that they bring into the workplace, including their personal mobile phones, laptops, and smart watches.
  • Website Security: A favorite proclivity of script kiddies is the thrill of website defacement. Therefore, web security should be a priority for your organization. Website security best practices include using strong admin passwords, being wary of dangerous plugins, and educating users and staff about security best practices.
  • Network Hardening: Hardening your network involves reducing your attack surface by disabling services that are not absolutely necessary. Port blocking is a common way to defend against DDoS attacks.
  • Monitor Chat Rooms: If you want to get ahead of script kiddies, have your security teams delve into internet chat rooms and gather intel on the next coordinated target. Eager to show off, script kiddies will often detail their next victim publically to their peers. Use their carelessness to your defensive advantage and then alert law enforcement to any impending threat.

Know Your Enemy

When constructing a risk management strategy, companies must first understand their threats.
To learn more about how to build and execute a risk management strategy that considers the diverse threats your organization faces, contact us and learn about Cyber Resolve, N2K’s board and executive cybersecurity training program.