In light of recent events in the cyber-space, it definitely feels like no place is safe anymore. Even giants like Uber have been targeted by cybersecurity threats in the form of a massive hack to extract the data of 57 million users.
The numerous hacks across the globe do not seem to be diminishing either. In the World Economic Forum’s Global Risk Report 2018, cybersecurity risks were the top risk as surveyed among business leadership and this is most likely to intensify in terms of scale and sophistication.
So what countermeasures can you take to prevent customer information or business data from being breached? Like most organizations, you can always turn to your trusty IT security officers or get in touch with a third party cybersecurity firm. This is usually the best course of action, however instilling cybersecurity concepts throughout a company isn’t just about setting up firewalls and encrypting files. It’s a philosophy. Employees need to be fully educated and must be aware of the potential consequences of not following your established protocols and best practices.
In this article, we’ll be taking a look into the mind of the hacker. After all, the first step to a great defense is knowing the opponent’s offense. An attack on your information isn’t carried out the same way each and every time, meaning hackers are always getting creative with their approaches. No matter how unique the approach is, there is a still a generic methodology to carrying out an attack:
- Reconnaissance – getting information about the target and how to get in target system.
- Exploitation – gaining access to the system or getting into the system.
- Privilege Escalation – gaining further access, such as administrator privileges or console commands.
- Leaving a Listener – to keep the progress of the hack and continue the exploit at another time.
- Extracting Data – the actual attack of taking necessary information.
- Covering Tracks – clearing logs, files, or commands made to prevent being discover by the system administrator.
Ultimately, preventing a hack attempt will rely on how prepared you and your system are against the first two steps. So how exactly do hackers do recon and exploit your computers? Here are a few common, consistent, and effective ways to be aware of.
Scanning the weak points of a system or network can be as simple as connecting to a Wi-Fi network and hoping that it’s unsecured, or analyzing the different communication protocols (HTTP, SMTP, TCP/IP, UDP, etc.) and seeing which one is most vulnerable.
Hackers can scour the city in search of a brick-and-mortar store with an unsecured network, connect to the POS system, then use it as a gateway to the company’s main network and database. TJ Maxx and Marshalls know the consequences of this all too well.
They can also look for vulnerabilities in your email server (SMTP) or web page (HTTP). Usual vulnerabilities in protocols will depend on an open port (ex. port 54, port 143, or port 110) which accepts packets for information and communication. Openly accepting packets can result in hackers getting into your servers and doing the dirty work from there, such as stealing account information or company data.
Most databases are run using a structured query language (SQL) to sort data into specific categories and tables. When an SQL database is unprotected, hackers can insert a query on the front end of a database, such as an enquiry form or login field. These queries can either access different user accounts, extract confidential information, or even take control over the database.
Physical Injection/ Injecting Malicious Files
Another way to execute dangerous code on a server is to have a program installed directly on a computer or network. This can be as simple as plugging in a flash drive containing malware, or something less direct such as having an unsuspecting victim open a document or PDF containing the malware. This document can arrive through a seemingly harmless email through social engineering or by downloading it on a tampered website.
Typically the malware will not cause direct damage to your system, but it can act as a key to easily infiltrate it. These files are usually rootkits or listeners.
A hacker can eavesdrop on the conversation between a server and a client by being “in the middle.” By impersonating both the client and the server, the hacker spoofs the client’s IP address to trick the server into sending messages to the hacker instead of the client, and vice versa. The hacker relays the data back to the supposed recipient to cover any suspicions that might arise from the exchange.
Data involved could be login credentials, financial or credit card details, email contents, confidential data, and more.
Passwords to most, if not all, accounts in a database are usually placed in a single file with corresponding usernames. The actual passwords aren’t stored in the file; they’re converted to a hash – a unique set of characters corresponding to the given password. Once a hacker gets a hold of this file, he’ll attempt to match these hashes with a dictionary of keywords or a list of commonly used passwords (which are way more common that you think) in hopes of getting the right match. If unsuccessful, the dictionary or list can be varied to have other outputs such as “password” to “p@ssw0rd123.” And if all else fails, brute force is applied. All character combinations are tested until it finds a match with the hash. This requires a high amount of processing power so this is usually the last resort to password cracking.
This isn’t as much a hack as the previous mentions, but is just as effective. The hacker simply manipulates key people in the organization into giving him the information/access he needs rather than hacking the system. Instead of relying on vulnerabilities in the system, it relies on persuasion and human error.
For example, a hacker can phish or hack an unfortunate sales officer’s email or account on a system. With this information, the hacker can impersonate the officer and ask his colleagues to give him access for more important data, or have them download malware disguised as a sales report directly to their computer, or ask for the information they need upfront.
Don’t rely on anti-virus alone! Stay alert and educated.
Attacks can come from almost any angle, be it through networks, websites, protocols, hardware, software, your colleagues … you name it. Goes to show that your typical anti-virus software may not be enough when it comes to protection from cyberattacks. Sure, your files will be scanned every so often, but all a hacker needs is a few moments to breach, extract, and escape without a trace.
Now that you have an idea of the hacking process, stay tuned for an upcoming article on the countermeasures available and what habits you should be starting to ensure your cybersecurity.
Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign