Detailing Cyber Incidents: Part 1
As is the case with most criminals, cyber attackers have a variety of methods at their disposal. There are nearly endless ways to intrude an IT environment to eventually penetrate internal systems. In an ideal world, all organizations would have the security protections to guard them against every type of attack, but that’s just not realistic yet.
It is well established that when cybercriminals are able to penetrate an organization, the result can be catastrophic for the victim. Data theft/loss and financial extortion can be crippling, sometimes wiping companies (such as FlexMagic Consulting) out of business.
Once a hacker has penetrated or circumvented whatever security is in place, the assailant has many options available to extract data, disrupt business activities, hold the victim ransom, and/or more. Any of these can be achieved through several different types of cyber attacks, but there are some such as the ones below, that are particularly prevalent:
Phishing is the most common hacking method used by cybercriminals because of its ease of use and success rate. Phishing is a form of social engineering that involves the attacker tricking the victim into clicking on a malicious — but authentic-looking — link. Often, attackers launch phishing campaigns through email, but a major misconception is that this is the only attack vector for “phishermen.” There are numerous outlets for browser-based phishing threats, such as schemes launched through malicious apps and extensions, social media, instant messenger, browser-pops, rogue browser plug-ins. These lead the victim to give away sensitive information (such as a password) or enabling ransomware or some other form of malware. Organizations of all sizes can be painfully vulnerable to phishing attacks because criminal hackers target the weakest links in most companies — their employees.
Denial-of-Service (DoS) attacks
This is another frequently used attack method for cybercriminals. The most common DoS attacks involve flooding the victim’s systems with traffic. Once saturated, the victim’s systems crash and cannot carry out business activities. This can disable an organization, preventing their users’ access to and use of IT resources (i.e. email).
One specific sort of DoS attacks are DDoS attacks — Distributed Denial of Service. These are launched as cybercriminals use multiple weaponry sources to launch several synchronized attacks that bombard various points of the victims’ systems. This allows the attacker to hit several components of the victim all at once and remain difficult to detect because of the numerous attack points, both of which make incident response even more difficult.
Man-in-the-Middle (MitM) attacks
Cyber infiltration from a third party results in what is referred to as a Man-in-the-Middle attack. This involves an outside entity intercepting and altering the communication between two parties who believe they are only communicating with each other.
By impersonating them both, the attacker manipulates both victims in an effort to gain access to data. The users are naively unaware that they are both communicating with an attacker. Some examples of this include session hijacking, email hijacking and Wi-Fi eavesdropping.
As you would expect, this type of attack gets its name in reference to the quick-hit, hard-to-detect nature of non-digital drive-by attacks. Assailants swoop in, attack, and quickly leave with little trace but can succeed with significant damage. Drive-by cyber attacks are common methods of spreading malware. Criminal hackers seek out insecure websites and plant malicious scripts into code on one of the pages. These scripts can then install malware onto the computer of someone who visits the site or re-direct the victim to a different site controlled by the malicious actors.
One of the aspects that makes these attacks so dangerous is that this attack strategy does not rely on the unsuspecting user to take much of any action in order to fall victim. Simply by visiting one of the compromised sites, victims can unknowingly be infected with malware. To make matters worse, malware can be slipped inside and remain concealed enough to go undetected if the user and his or her organization don’t have proper security protections in place.
Naturally, password attacks are when cybercriminals specifically target potential victims’ passwords. These sorts of attacks are aimed specifically at obtaining a user or an account’s credentials in order to gain the user or account access. A successful password attack can enable the cybercriminal to obtain access to major internal systems, critical data, and really anything the user or account’s identity can access.
Criminal hackers use a variety of techniques for getting their virtual hands on passwords, such as password-cracking programs, dictionary attacks and password “sniffers,” — or even just by guessing the right words (letters, numbers, special characters, etc.). This last option usually requires at least some personal knowledge of the individual victim (such as the user’s birthday or dog’s name), but cybercriminals are certainly capable of deciphering unchanged default passwords, guessing the simplest of codes which often include “123” or even the credentials of those who use the word “password” to safeguard their accounts. This is why having strong passwords is so important and why all those inconvenient (but necessary) timely password reset requirements should be taken seriously.
Responding to these incidents
Once you know what attacks to be wary of, the next step is preparing for them to target your organization. Since it continues to become a widely accepted theory that “it’s not if you’ll be attacked, but when,” it’s critical that every organization has a plan in place for if they are hit with a cyber attack — an incident response plan.
In part two, I will discuss what to do in order to safeguard your organization from these attacks.