What really separates the skiddies from the seasoned hacker pro´s? The question has some ties in the article I wrote on APTs. The difference is persistence. Skiddies may not have the capacity or the patience to try 1000 difference ways to get into a system and will simply fire off some scripts they downloaded off the interwebs without really knowing what they are doing or what the code means. The seasoned black hats who are out there making money from their profession simply do not stop once they hit an obstacle. They will develop custom exploits and creative techniques that have not been published as zero-days and they will take their time to make it work and not be seen in the network. That is why the expression “it is not if, but when you have a breach”, is paramount in realising that your networks are never truly 100 percent secure.
You may think that this is a clever marketing strategy by security firms wanting to make a quick buck from the “new” wave of Advanced Persistent Threats, and in part this is true, but in the real world outside of marketing brochures and sales deadlines, there are real threats and professional hackers. They will not stop simply because you have a dual layer firewall implementation or RSA SecurID tokens in place. They will persist and find the hole that you did not anticipate. They are motivated, highly organized and above all they have the quality of persistence that means that they will find the needle in the haystack. It is just a matter of time.