Experts Develop a New Hacker Classification System: From Barbarians to Wizards
Over the past three years, cybercriminals attempting to steal data or deploy malware have repeatedly stumbled upon a honeypot—a decoy virtual machine—located in the United States. Despite having an easily guessable password, this machine was not just any computer, but a monitoring system that allowed researchers to observe hackers’ actions in real time.
Each time a cybercriminal gained access, researchers from GoSecure were able to watch and analyze the hacker’s activities. More than 100 hours of screen recordings captured during these breaches gave the team a unique look into the methods and tools hackers use. Interestingly, some criminals accidentally revealed their tools, techniques, and even personal information during their attacks.
The study, presented at the Black Hat conference in Las Vegas, demonstrated how attackers use the Remote Desktop Protocol (RDP). Over three years, there were 21 million login attempts, with 2,600 successful breaches. The researchers classified the intruders into five categories, inspired by characters from the tabletop game Dungeons and Dragons:
- Rangers: Explored the system without taking active steps.
- Barbarians: Aggressively used tools like Masscan and NLBrute to try to hack other systems.
- Wizards: Used RDP as a portal to attack other vulnerable systems.
- Thieves: Tried to monetize their access by installing cryptominers.
- Bards: The least defined group, acting randomly or without a clear goal. Some bards may have purchased RDP access and used it for various purposes. For example, one searched Google for “the most powerful virus,” while another tried to log into Google Ads. There were also those who unsuccessfully tried to find pornography online.
The researchers paid special attention to how frequently RDP systems are targeted. One security expert noted that hacking attempts occurred every seven seconds. In conclusion, GoSecure experts encourage companies to set up similar honeypots to better understand threats and strengthen their cybersecurity systems.