To stop hackers from breaking into your house, study the most likely ways and methods they would use. Mitigate those initial access points or root causes.
There’s no silver bullet for stopping hackers. Users are typically the weakest link, and social engineering is the most successful venue for fringe actors scamming victims. Stu Sjouwerman, founder and CEO of KnowBe4, explains how hackers think and plan the reconnaissance tools they use to gain access and their systemic exploration and execution.
One of the biggest questions security professionals get asked is, “I’m just a small company so why would hackers hack me?”
Most hackers are financially motivated, and the reason for cyber-attacks and data breaches is either because you were a random victim of opportunity or you were targeted. Either way, a human adversary was involved from the start.
See More: What Is Packet Sniffing? Meaning, Methods, Examples, and Prevention Best Practices for 2022
Most hackers are opportunistic, sending out phishing emails to literally thousands of people waiting for a response or simply browsing in search of known vulnerabilities to exploit. If you happened to become a victim of an opportunity, this is because you happened to click the wrong link, visited the wrong website or forgot to patch a known vulnerability.
The second class of attackers are human adversaries. These cybercriminals attack for financial gain, intellectual property, geopolitics, competitive advantage, or partnership with a larger entity. When it comes to targeted attacks, hackers typically follow five key steps:
Reconnaissance is where hackers collect intel about their target. What type of software and hardware does the target use, their email addresses, employee names, etc. Basically, anything that can give them a leg up. Adversaries use tools like the Harvester to discover devices on the network, software and information like employee names. The Nmap tool discovers open ports, operating systems and their version numbers since versions reveal whether a system is fully patched. A tool called Shodan tracks global servers and workstations that are publicly contactable online.
Once the attacker has a reasonable idea about the target’s infrastructure, the next step is learning how to attack, what to attack, and what tools to use to gain initial access. Attackers will conduct exploratory movements, looking for ways to gain further access. Research by the Recorded Future, Insikt Group, shows the primary method through which hackers propagate in target systems is through spam and phishing campaigns. There are also dozens of websites (like exploit-db.com) that offer known exploits attackers can use to break into computers.
Initial access, in simple terms, is the attacker sticking their foot in the door. Attackers gain initial access using methods such as:
Some hackers don’t bother wasting time hacking companies; instead, they buy off-the-shelf packages from other cybercriminals and initial access brokers.
Once hackers enter, they move laterally, exploring the victim’s environment, looking for valuable intellectual property, inserting backdoors, and infecting systems as they move further. Sometimes adversaries will install infostealers and lay idle in the victim’s network, monitoring network activity, watching emails, gaining knowledge of the environment and charting the next course of action. The average dwell time of attackers is currently 15 days.
Once attackers have identified the crown jewels or are confidently planted in the system, they will move towards the execution of their ulterior goal, which can include things like installing ransomware, stealing data, disrupting systems or deploying a wiper malware that deletes files.
Regardless of how or why one gets hacked, implementing these defenses will reduce the risk of all types of hacking attempts:
To stop hackers from breaking into your house, study the most likely ways and methods they would use. Mitigate those initial access points or root causes. An effective defense is always proactive, not reactive.
How are you tackling new-age hackers with their smart technology? Tell us on Facebook, Twitter, and LinkedIn. We’d love to know!
On June 22, Toolbox will become Spiceworks News & Insights