At the most fundamental level, every person, employee and organization will individually formulate their own opinion of their value as a cyber attack target. This opinion will dictate how seriously you view your cyber security efforts, including how much time and money you will invest. Unfortunately, every person, employee and organization is capable of being targeted, and if you wait until you are a victim to get serious about security, you are too late. Part of being prepared is being informed and aware. So how will you be targeted when your information comes into a hacker’s scope?
Tried and True – Social Engineering
While there is evidence of nation state operators and organized crime syndicates perpetuating cyber crimes, the less spoken truth is they are not alone. Many individuals are engaged in hacking for fun and profit, sometimes just for the thrill of it!
- Phishing still works. The number one social engineering attack vector is Phishing. Generally speaking, these are attempts to gain user credentials via email, banner ads and masquerading websites. These bait recipients with well-crafted appeals to “click here” to support a cause you care about or have a platform to shout your version of the truth – anything to get you another step down the rabbit hole to divulging ID’s, passwords, or even credit card information.
- Reconnaissance makes Phishing better. Social media outlets and public forums provide hackers with a wealth of data about individuals, and especially their “hot buttons”. This information is often used in Spear Phishing, which is a Phishing attack specifically targeted to an individual. Spear Phishing focused on high-value targets like politicians and C-suite executives, where the potential payday is greater is also called Whaling in some circles.
With improvements in security like locking ID’s after 3 invalid password attempts and the awareness to change default passwords, brute-force password attacks are less popular, although still in use. Password Spraying is a variation where a likely commonly used password like Spring2017 is tried against a large number of generated ID’s. Not so much to try to find a magic combination, but rather to harvest a set of valid ID’s, including finding common service or application ID’s that may exist on a server. These actual ID’s can then be targeted for further reconnaissance and Spear Phishing.
Also, while a good quality and well-maintained Anti-Virus program should always be in place, this can never be considered your best defense. Skilled hackers can bypass Anti-Virus programs far too easily, if they gain a foothold on your system. Firewalls likewise cannot be viewed as the gold standard of defense. These are two very helpful weapons in your arsenal, but they are not the end-all. Consider a SIEM for an additional layer of security.
Protecting a network is very similar to protecting a physical building. You need locks, gates, cameras, security dogs, security guards, etc. In the network world, it is very similar. There are multiple tools that you need; however, unless they are all working together, you are only getting a fraction of the real picture. With a SIEM (Security Information and Event Management), you gain visibility and maintain compliance with ongoing maintenance – security intelligence. You’re basically using all “5” senses to take an action. This is called correlation. Learn how Intrinium has added implementation and management of the system.
Remember, a hacker’s first objective is to obtain login access to any of your systems, often aiming at lower value systems initially. Once in, they can use trusted network connections to explore your network for higher value targets and begin deploying their exploits for harvesting data. Individuals or mega corporations, everyone is a target. The biggest difference is the risk versus reward proposition, but there are hackers working all levels of the food chain. It is up to you to keep your domain safe!