The vast majority of white hat hackers who reported that they were looking for jobs in cybersecurity said that their bug hunting experience helped them land a job.
The report looked at the community of white hat hackers to better understand the skill sets and career aspirations of more than 750 security researchers and found that 41% of white hat hackers are self-taught. In addition, 80% of bug hunters said that their experience in bug hunting has helped them get a job in cybersecurity.
“Cybersecurity isn’t a technology problem, it’s a people problem – and in the white hat hacker community there’s an army of allies waiting and ready to join the fight,” said Casey Ellis, founder and CTO at Bugcrowd in the release.
“Bug hunting is a perfect entry point for would-be info security professionals to gain real-world experience, as well as for seasoned professionals to hone their skills and supplement their income. With cybercrime expected to more than triple over the next five years, bug hunting addresses the dire need for security skills at scale.
A career in bug-hunting can be quite lucrative, with the research showing that the average total payouts for the top 50 hackers totaled around $150K, with the average submission payout coming in at $783. While hackers are finding and submitting plenty of bugs, 15% of hackers have the ambition of being a top security engineer at tech giants like Google and Facebook, yet only 6% have the desire to someday be a CISO.
Some hackers (24%) only spend an average of 6–10 hours a week bug hunting, which could be a function of the fact that more than half of the white hat hacker community are hunting bugs on top of their regular 9–5 positions.
The report also highlighted the continued gender imbalance that plagues the industry, with women representing a mere 4% of the global hacking community.
Email phishing continues to be the most common method of attack, and according to new research from Comodo Cybersecurity Microsoft, PayPal and Google are the top three brands most targeted by phishing.
In its Global Threat Report, researchers in Comodo’s threat research lab found that phishing represents one of every 100 emails received by enterprises, with 19% of those attacks targeting Microsoft, followed by 17% targeting PayPal and 9.7% going after Google.
According to the report, 63% of the emails a business receives are clean, while 24% are spam, and only 1.3% of business emails are phishing attempts. Of those, there were three subject lines that were used with great frequency.
In 40% of the phishing emails examined, the subject line was related to PayPal and read, “Your account will be locked.” Another 10% of phishing emails targeted FedEx and read “Info,” while the third-most popular headline, “August Azure Newsletter,” appeared in 8% of the phishing emails and targeted Microsoft.
While malicious attachments remain the top method of infection, phishing URLs are also gaining popularity and represent 40% of the total phishing emails analyzed. In one example, researchers discovered an email claiming to be a survey of that Azure newsletter. The message contained what appeared to be an authentic URL and Microsoft logo, which made it very difficult for users to determine whether it was legitimate. If users clicked on the link, they were delivered to a malware-laden web page, where they were covertly infected.
The report also found that there was a surge in malware deployment in advance of major national elections across the globe, as well as correlations of malware detection both prior to and immediately following geopolitical crises.