Just like you, cyber criminals run a business. Just like you, they have a business plan, goals, motivations, tools and procedures in place so that they can achieve what they are after, i.e. to get their hands on what you have spent many months and years building. And, like you, these cyber-criminals are pragmatists – they use what works. They don’t follow one specific playbook or one single process or path of execution when they conduct their business. They are experts at mixing and matching the tools at their disposal. Are you doing the same?
Let’s take a quick look at how a typical attack unfolds. Keep in mind that hackers can skip steps, add steps, and even backtrack. It all depends on their motive and reason behind the intrusion.
Phase 1 - Pleasure To Meet You. My Name Is Bond. James Bond
Just like any halfway decent secret agent knows, phase one of any operation is about gathering intel. During the reconnaissance phase hackers set out to compile as much publicly available information as possible about their target. Aggregators ‘scrape” and collect information on social networks (Facebook, LinkedIn) like names, DOB, email addresses, job titles and current place of employment.
These activities can take months, but attackers are patient. Their goals can include information about the key players are in your company, who you do business with and what public information is available about your network (i.e. network ranges, IP addresses, domain/hosts names, etc.).
All this information is collected and analyzed for the sole purpose of exploiting your vulnerabilities.
Phase 2 - “Q” What Are My Gadgets For This Mission?
Now the attackers are ready to engage. Their favorite weapons of choice are (Spear) phishing emails and watering-hole webpages. Phishing emails look like messages from a known vendor or other business contacts, but they often contain malicious links to fake websites (watering holes). Once sent the hacker sits back and waits for that one employee to open that one wrong email and click on that one bad link.
Phase 3 – A Martini, Shaken Not Stirred.
Cheers! Here’s to a Mission Accomplished. Once an employee visits the infected site, malware, spyware, and other software gets inserted on to their computer and as usernames and passwords arrive, the hacker will gain remote access and the ability to start exploring and exploiting your network. They can install a persistent threat backdoor, create admin accounts, disable firewall rules etc., all with the intent of making sure that they can stay in your system for as long as they need to, to achieve their objectives. (or until you stop them).
Can you stop them?
On the big screen, secret agents and (some) spies are considered superheroes. In the very first James Bond movie, Sean Connery pursues the eccentric evil genius Dr. No. and for 90 minutes we all rooted for him to gain the upper hand. In real life, cyber spies are anything but heroes. They are forces to be reckoned with no matter how big or small your business. And with the number of tools that they have at their disposal, it really is only a matter of WHEN and not IF they will manage to interfere with your business.
Your best defense strategy is a layered defense strategy. Starting with basic tools like anti-virus, a properly configured firewall and encryption. However, your strategy is only as strong as its weakest link which unfortunately is us. People. So, make sure you include ongoing employee awareness training to keep your employees informed about the latest threats. Create company-wide policies and procedures regarding the proper handling of your digital data and adhere to them.
Hackers are not about to give up on what is a very lucrative business for them. Question is, will it be their business strategy or yours that has the upper hand?