paint-brush
The Phases of a Cyber Attack and How to Guard Against Themby@areg
460 reads
460 reads

The Phases of a Cyber Attack and How to Guard Against Them

by Areg G.February 10th, 2023
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Almost every second person in the world uses social networks, and this figure is likely to increase significantly in the near future. The majority of successful attacks are due to human error. In many cases, the person in a victim role may not be of any interest to criminals by him/herself, but the person the victim is associated with may be of great interest to hackers.
featured image - The Phases of a Cyber Attack and How to Guard Against Them
Areg G. HackerNoon profile picture


Analyzing the results of statista.com on how many people use the Internet every day and how many of them use social networks, it becomes clear that almost every second person in the world uses social networks, and this figure is likely to increase significantly in the near future.


Personal data protection has been discussed many times, how important it is to be vigilant both online and in real life, and what serious consequences it can lead to. Thanks to public and private programs, various regulations are implemented to protect people's personal data, for example:


GDPR  (General Data Protection Regulation) - Regulation of European Economic Area law on data protection and privacy.

HIPPA (The Health Insurance Portability and Accountability Act) - It is a United States Act of federal law set of national standards to protect patient-sensitive health information from being disclosed.

SOX (The Sarbanes–Oxley Act) - United States federal law that regulates financial record keeping and reporting for investors and corporations.


Similar regulations are numerous and are found in almost all spheres.

But do they reduce cybercrimes?


Below you can see the increase in attack damage by years:



Amount of monetary damage caused by reported cybercrime to the IC3 from 2001 to 2021



It should also be noted that the majority of successful attacks are due to human error.

Well, who needs my data, many will ask?

And the answer may be different: stolen data can contain financial information and you can lose it in a second, it can be your personal documents, or things that you didn't want the public to know and they can blackmail you with it.


In many cases, the person in a victim role may not be of any interest to criminals by him/herself, but the person or organization the victim is associated with may be of great interest to hackers.


For example, let’s say you work for an organization whose rival hires hackers to harm that organization.


How would these hackers go about it?


They work in the following stages:


1. Reconnaissance/Research

Hackers use two methods here.


A. The Passive Approach

When data is obtained from the Internet. For example, when info about the organization, employees and their professional abilities using Linkedin, branch addresses and regions, nearby cafes (where employees visit and use free WiFi, which is the most dangerous network); about open positions, what specialists the organization needs (when the requirements for the necessary positions increase sharply, this implies an additional workload that can be used); about novice employees, who are the most easily vulnerable; about those employees whose personal pages are open and do not have any additional protection.


2. The Active Approach

Here, criminals can visit the premises of the organization for inspections, call to get some data, or even come for an interview and get an inside view of the organization, of course also taking the opportunity to plant a wiretapping device at the place of the interview, which is usually a meeting room where important discussions take place.


2. Scanning

At this point, they begin to collect information about the organization's technical data using various programs, for example, using the nmap tool, scanning the organization's ports, understanding what types of services and operating systems are running, whether IPS, IDS, Firewalls are installed, using Maltego: understand what subdomains exist and other similar data, analyze potential vulnerabilities using Nessus and other similar tools to understand vulnerabilities and develop a plan of attack.


3. Gaining Access

Based on the research results and the formed plan, the hackers mount an attack through the weak points and gain access to the system. There are many methods that can be used here, which are highly dependent on the above intelligence. For example, trying to hack into the social media pages of junior employees, who are likely to use the same password in their organization, and then break into the organization's system on his/her own behalf, exploit previously discovered flaws that have been reported, for example, on cve.mitre.org; visit a coffee shop near the organization and carry out Sniffing/Spoofing in the given WiFi network, gaining access to the given employee's computer, and of course apply one of the most common ways, Phishing, by sending fake messages. There is also a well-known method where infected USB drives are thrown near the organization. When a careless employee finds it and connects it to his/her computer, it will be infected and hackers will gain access to the device.


4. Maintaining Access

At this point, when there is already access, the hacker should escalate the privileges. One way to do this knowing the weak points of the given OS which can be found in the public vulnerability BUG’s reporting platform. Hackers can gain access to the OS, database or, for example, the APP, so privilege escalation can be applied to the system. It is also necessary to establish an uninterrupted connection to safely manage the attack, as well as to install malware as required.


5. Clearing Track

In the end, hackers need to clean all traces, that is, delete or modify the log files using a pre-prepared program, which is exactly what the malicious program can do. As you can see, many approaches can be used for an attack, it might even be enough to do a DDOS attack and demand money to stop it. And with bigger finances, more harmful actions can be done.


How do You Protect Yourself from This?

The organization should allocate funds to cooperate with cyber security specialists because it is much more affordable than the data, money, and reputation loss as a result of an attack.

It is very important for the organization: to educate its own employees by organizing cyber security training to have a business continuity plan for critical or attack cases, for which responsibility will be distributed among employees. One of the most important points is physical protection when only employees with appropriate badges can enter the organization's territory where cameras and security devices monitor the entire territory.


It is necessary to have a Risk Assessment, in which all risk factors will be filled up, for example, possible threats from internal/external employees, updating programs in the shortest possible time, etc. It is also necessary to have secure software, when the internal network is divided into security zones, where inbound and outbound security rules will be applied, as well as IPS, IDS, and Firewall, which will be constantly updated, properly configured, and active, all machines, including employees' computers, must be encrypted and with running antiviruses, access to the internal network should be secured with a secure connection, for example, VPN, and of course use 2FA, use Elastic Stack, which will collect all machine logs and notify about risks or suspicious incidents and of course any software and service must be updated in the latest stable release.


Conclusion

Such approaches will reduce the risks, but it should be noted that every organization, due to its nature, must implement its defense strategy and always keep the systems under control.

Finally, I would like to mention the SOC (System and Organization Control) 2 compliance, which audits the organization's security, data storage, and process implementation.