Hackers have one thing in common. They’re criminals. Their only goal is to trap you for a variety of reasons and a variety of techniques. The fact is, most of these hackers are better at “cyber-security” than most of the good guy pros. So what do they want to trap you for?
1 – Money:
Generally speaking, the number one motive is to “compromise” or break into a system for monetary gain. They employ various methods to steal your passwords to your bank accounts, credit cards, bit-coin or other fungible assets to funnel your hard-earned money through the convoluted, untraceable tunnels of the under-belly of the internet. (The deep-web or dark-net). When the hackers get their ever-tapping fingers on the crown jewels of your privacy, that’s when their fun starts. Lets’ start with blackmailing you; they can deep fake you into a compromising situation, threaten you with a ransom so you can get your files back, your phone or computer to boot and sell your credentials on the black market or deep web.
According to IBM, the average cost of a data breach was $3.86 million in 2004, and in 2021 it rose to $4.24 million. IAs the trend continues, we’re looking at somewhere in the vicinity of a billion dollars in the coming years.
2 – Hacktivism:
Take a Hack and an activist agenda and you have Hacktivism. There are those hackers, and hacker groups that use hacking to get behind political and social movements, generally with the goal of subversion and violent revolutions. Thankfully, most of them are just interested in expressing their opinions with regard to ”human rights” or creating awareness over certain issues. I will not go into the sordid details but generally they are the perverse movements trying to dominate the morals of civilization. The problem is they can set their sights on anyone they don’t. That can run the gamut of terrorist organizations, white supremacist groups, or even local government representatives.
Generally, Hacktivists fall under the assumed name of “Anonymous” and they prefer to target terror groups like ISIS or white supremacist organizations. Or any group that doesn’t comport with their “socially just” agenda, including local government, school boards, banks and law enforcement, to name a few. Don’t let me forget about private healthcare. That’s a big one. You might recall the January 2016 attack on the Hurley Medical Center in Flint, Michigan. Thousands of documents and patient records were leaked. The organized hackers claimed responsibility providing a video promising “justice” for the city’s ongoing water crisis that resulted in 12 deaths over time. Yes, as I’ve written here many times before, they can lethally destroy our utility and public health infrastructure once they gain access, which is not very difficult if you know what you’re doing. And they know exactly what they are doing. Fueled by the exhilaration of adrenaline when they hit their target they crave more and larger catastrophes. Yes, they are sick.
Hacktivists generally prefer what are called Distributed Denial of Service (DDoS) tools and vulnerability scanners. These are relatively easy to pull off and sneak off and are well proven to create financial losses for many well-known corporations.
3 – The Insider:
In many cases, more likely than not, the biggest threat can come from your employees, vendors, contractors, or a partner, making you feel like you or your company’s crown jewels are about to fall into the abyss.
Someone in your organization can be helping a threat become reality. Your employees, vendors, contractors, and partners are all technically internal to the organization by one network connection or another. Access can be gained even through your desk phone (which, by the way, has the microphone always turned on). This is a major flaw in most desk phones because the hardware and/or firmware (software on a chip) must be replaced or upgraded which is an onerous task. Then there are the basic core “protections”; the firewalls and anti-virus programs which can easily be, trespassed, bypassed or disabled by someone inside your organization that has access to these programs at any one time.
When you think about it, who better positioned than someone you’ve always trusted with key security access and damage control measures to prevent a repeat of a situation as catastrophic as what happened to Sony’s hack in 2014, which I wrote about here at the time.
4 – Revenge:
Perhaps this should be a sub-heading under the insider threat but more often than not, besides some tricky or incompetent techie, you have an unruly employee just waiting for the right moment and method to wreak revenge on you and/or your company. They will take the time to methodically plan a good under-cover attack, or do it in your face leaving you thinking about really dismissing them.
If they can access to your system, you can be assured they will try to find any way possible to use their access privileges to get back at you even after they have left the company. If they can access databases and accounts that require logins and passwords or you didn’t do your due diligence to revoke them when they were terminated, disgruntled workers might even extort you or others with your vital information in exchange for money or even more favorable job opportunities by screwing around with your company and your client’s infrastructure.
What is an Attack Vector?
Cybercriminals make use of a broad spectrum of “attack vectors” (in other words, ways to enter your system surreptitiously). They can then infiltrate your system and exfiltrate your data or take control or possession of it by using ransomware attacks like IP address spoofing, phishing, email attachments, and hard drive encryption. Which I have written about more times than I can remember, here on the Scoop. So, let’s do it again:
5 – Phishing:
This is by far the most common way to spread ransomware. Clicking on a shiny new phishing email. Hackers send carefully crafted fake emails that look so real, its often hard to distinguish them from the real thing. They are designed to trick you into opening an attachment or clicking on a link which contains or leads you to malicious software. Aside from the actual links in the email, let’s take a look at some of the file attachments they might use: Adobe PDFs which are notorious for security flaws, simple and common graphics files like BMP images, the ubiquitous video MOV file, or the macro strewn Microsoft Word DOC.
This is mostly a people problem. All your newly onboarded and veteran employees must be trained in what not to open or click on. HR should have every employee held to account up to and including termination if they don’t follow the HR agreement. This is the number one way that malware has a chance of invading and hijacking your system, encrypting information, and taking all the data stored on your devices hostage.
6 – Remote Desktop Protocol (RDP):
This service typically runs through what is called port 3389. That is network lingo for a door number that is open to service clients and other users. RDP is short for Remote Desktop Protocol; this is what goes in and out of door 3389 to allow IT administrators to remotely access machines and configure them or merely use their resources for various reasons – such as running maintenance.
Usually, the first thing a hacker does is run a port scan on machines over the internet that have port 3389 open. Door 3389 is for something called SMB for short, or Server Message Block. SMB allows basic file sharing between Windows computers and is often turned on by default in a network install and configuration, meaning the door is open even when it’s not necessary.
Now the hacker has access to get to any machines on port 3389. They can brute-force (repeatedly try different passwords by the thousands in a few seconds) and when they hit pay dirt, they can log into them as an administrator. It’s just a matter of time. Now that they’re into your machine via port 3389 they can easily encrypt anything or lock down your data by purposefully slowing down or even terminating critical business processes.
7 – Unpatched Software:
Inherent weaknesses in software are one of the simplest methods of employing an attack. In some cases, software is not fully up to date or patched, (this is public information, so your technical crew must be on top of this on a daily basis). This is the simplest way attackers can gain entry to your network without having to steal any credentials. You might be surprised that most software coders are not aware of the security problems the software they write might present. Security is often an afterthought when it should be a rigorous part of the development cycle from day one.
Hackers are Better Than Legit Certified Pros
Cyber criminals do just as much, if not more, analysis and evaluations as security teams do for their own products. They use the same and even better tools at their disposal to scan and wreak havoc on any system. It’s beyond good practice to be pro-active to predict and foresee their motivation and the profiles of their methods. Having an office wallpapered with certifications doesn’t cut it.
Always assume that the hackers have the advantage. As I said it’s beyond good practice but the top priority to have proactive cybersecurity mechanisms keep your business healthy and alive.