Inside the Mind of a Cybercriminal: Common Hacking Methods, Explained
This blog was originally published by Black Kite here.
Cyber attacks are flooding today’s headlines. Not only are they growing in frequency, but the cost of a data breach in 2021 is more than $4 million per incident— a 10% increase over last year alone. Now all organizations are being called upon to do their part for cybersecurity.
Preventing unrecognized cyber risk requires organizations to understand the signals that suggest suspicious behavior. Recognizing the most common hacking techniques used in cyberattacks and the fundamental techniques to combat them can help organizations avoid becoming the next data breach victim.
The majority of cybercriminals now leverage phishing as an initial attack vector. Unlike the majority of other tactics, attackers target humans rather than computer systems by sending crafted emails in an attempt to trick an individual into clicking to a suspicious link or downloading a malicious file.
Some of the world’s most infamous cyber attacks are initiated through phishing campaigns, and when combined with social engineering attacks, phishing can become extremely dangerous. Take, for example, the strike against the Ukrainian power network, whereas IT staff and system administrators that were employed by various electricity distribution companies were targeted by bad actors.
While organizations will never be able to filter all phishing attempts, they can prevent the attack from becoming successful. Tips to avoid phishing attacks include:
- Configure Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting, and Conformance (DMARC) records to prevent domains from being utilized in a phishing attack
- Make investments in email security
- Implement security awareness trainings
- Train employees not to use corporate email addresses on different platforms
2. SOFTWARE VULNERABILITIES
Software vulnerabilities are a hidden gateway into your network and are becoming increasingly popular across cybercrime networks. According to Security Boulevard, 60% of data breaches involved disclosed vulnerabilities rather than zero-day exploits. In fact, a record number of security vulnerabilities were disclosed in 2020, averaging 50 common vulnerability and exposures (CVEs) per day.
Vulnerability exploits in servers and applications continue to dominate the most common attack vectors used by the top three ransomware variants: Sodinokibi, Conti, and Lockbit. Given the current ransomware risk landscape, organizations must mandate that applications enable constant monitoring, patch management and timely software updates.
Malware is an umbrella term for anything that intends to live in stealth and cause harm on a target network. In most cases, this refers to viruses, worms, trojans and all other advanced persistent threats (APTs). To keep malware from causing irreversible damage, organizations must know what the variants are and how to detect their existence.
- Ransomware is the most dangerous form of malware. In earlier days, the term was referring to the encryption of the target network and demanding ransom afterwards. In recent years, it has evolved into a business model where multiple affiliates took part and specialized in different attack vectors like reconnaissance, pentesting, initial access, locker, exfiltration and payment.
- A worm is a type of malware that replicates itself from computer to computer without any human interaction. It can slowly spread to the entire network, exfiltrate sensitive data and open the door to your network.
- A virus, just like a biological virus, is a type of malicious code that is activated alongside its host file and has similar capabilities to an installed worm.
- Trojan horses, as the name suggests, look like legitimate software programs that execute malicious activities in the background rather than perform the expected operations.
4. MAN-IN-THE-MIDDLE (MITM) ATTACKS
Man-in-the-middle attacks refer to those that intercept communications and change or replicate the content to both parties. Having evolved substantially over the years, MITM attacks can also occur by exploiting unsecured WiFi connections or faking a Wireless Access Point, and most often occur on secured connections as well as those with vulnerabilities.
To avoid MITM attacks, organizations should ensure that they are always using the latest version of security protocols. At a basic level, employees should never send sensitive information over unsecured networks, and avoid free WiFi networks at all costs. A secure VPN connection should always be used.
5. CRACKING PASSWORDS
Cracking passwords is presumably the first method that comes to mind for the non-security community. Cyber criminals leverage a technique called “brute forcing” to guess passwords and infiltrate the target’s system. Brute force hacking usually involves software to guess hundreds of passwords at a time until the correct combination of characters is determined.
Systems often limit the number of passwords to be brute-force, either locking the account or slowing down the process. One exception, however, are WiFi networks, which are built on the assumption that one needs to be very close to make such attempts. To avoid the cracking of passwords, organizations should:
- Enable multi-factor authentication (MFA) wherever possible
- Have individuals complex passwords; i.e. include a combination of special characters, lowercase-uppercase letters and numbers
- Enable WPA-2 for WiFi networks.
6. DISTRIBUTED DENIAL OF SERVICE (DDOS)
DDoS malware attacks are unique in the fact that the malware is intended to cause harm to the agents used to attack the network, rather than the target itself. The DDoS malware recruits an unsecured device to a bot army that the hacker then employs to flood their target’s server with bogus requests and shut it down.
Today, DDoS attacks make up a considerable percentage of security threats. It could result in a financial institution being shut down for days, or a case where an infrastructure provider cripples the entire network of customers. Most DDoS attacks do not result in data breaches, but the organization’s reputation is highly damaged.
Tips to avoid DDoS attacks include:
- Get a DDoS protection from a professional DDoS protection vendor
- Set DNS configuration to thwart DNS-based DDOS attacks, such as amplification.
Hundreds of exploitation and evasion techniques today are at the disposal of cyber criminals, and are not limited to the attack vectors described above. By equipping ourselves and our vendor ecosystems with the knowledge necessary to thwart cyber attacks, we’re able to minimize disruption and improve the health and safety of the global cyber community.