How hackers hack and the tools they use
There is no silver bullet to stop hackers. Users are usually the weakest link and social engineering is the most efficient place for fringe actors to scam victims. Stu Sjouwerman, Founder and CEO of KnowBe4, explains how hackers think and plan the reconnaissance tools they use to gain access, as well as their systemic exploration and execution.
One of the biggest questions security professionals ask is, “I’m just a small business, so why would hackers hack me?”
Most hackers are financially motivated, and the reason behind cyberattacks and data breaches is either because you fell victim to a random opportunity or because you were targeted. Either way, a human adversary was involved from the start.
See more: What is packet sniffing? Meaning, methods, examples and best practices of prevention for 2022
How hackers hack
Most hackers are opportunistic, sending phishing emails to thousands of people waiting for a response or just browsing around looking for known vulnerabilities to exploit. If you’ve fallen victim to an opportunity, it’s because you clicked on the wrong link, visited the wrong website, or forgot to fix a known vulnerability.
The second class of attackers are human adversaries. These cybercriminals attack for financial gain, intellectual property, geopolitics, competitive advantage, or partnership with a larger entity. When it comes to targeted attacks, hackers typically follow five key steps:
Reconnaissance is where hackers gather information about their target. What type of software and hardware does the target use, their email addresses, employee names, etc. Basically anything that can give them a head start. Adversaries use tools like Harvester to discover network devices, software, and information like employee names. The Nmap tool discovers open ports, operating systems and their version numbers since versions reveal if a system is fully patched. A tool called Shodan tracks global servers and workstations that are publicly reachable online.
2. Plan the attack
Once the attacker has a reasonable idea of the target’s infrastructure, the next step is to learn how to attack, what to attack, and what tools to use to gain initial access. Attackers will make exploratory moves, looking for ways to gain further access. To research by Recorded Future, Insikt Group, shows that the primary method by which hackers spread into target systems is through spam and phishing campaigns. There are also dozens of websites (like exploit-db.com) that offer known exploits that attackers can use to break into computers.
3. Get initial access
Initial access, in simple terms, is that the attacker puts their foot in the door. Attackers gain initial access using methods such as:
- Operation of applications intended for the public (50% web applications are vulnerable and attackers use SQL Injection to insert malicious code to compromise them).
- Hacking remote services (RDP tools are one of the most popular targets for infringing companies).
- Phishing users (e-mail phishing is the most popular; some advanced attacks include phone calls, which are thrice more efficient).
- Leverage trust relationships (supply chains are a window into a larger entity).
- Compromising valid accounts (through the use of brute force attacks as well as buying dark web credentials).
Some hackers don’t bother wasting time hacking businesses; instead, they purchase ready-made packages from other cybercriminals and initial access brokers.
4. Explore, develop and exploit
Once hackers enter, they move laterally, explore the victim’s environment, search for valuable intellectual property, insert backdoors, and infect systems as they advance. Sometimes adversaries plant information thieves and sit idle on the victim’s network, monitoring network activity, watching emails, gaining knowledge about the environment, and planning the next course of action. The average stay time for attackers is currently 15 days.
5. Execute Goals
Once the attackers identify the crown jewels or are confidently implanted in the system, they move on to executing their ulterior motive, which can include things like installing ransomware, stealing data , disrupting systems, or deploying malware that deletes files.
How organizations can protect themselves against hackers
No matter how or why one gets hacked, having these defenses in place will reduce the risk of all types of hacking attempts:
- Mitigating social engineering: Establish clear policies and procedures so employees understand their responsibility, accountability, and obligation to cybersecurity. Implement technical defenses that mitigate social engineering attacks.
- Train in security awareness to identify and report suspicious activity: Employees should learn to identify phishing scams with real-life examples to help develop a habit of healthy skepticism. Organizations should focus on building a culture of cybersecurity by adopting safe online behaviors and best practices.
- Fix Internet-connected hardware and software: Regular patches prevent hackers from exploiting known vulnerabilities.
- Lock passwords: Hackers can phish users to bypass traditional multi-factor authentication (MFA). Using a phishing-resistant MFA can serve as an additional layer of defense in case passwords are stolen or leaked. Encourage the use of a password manager (not associated with a browser) to generate long, unguessable passwords for each website or service; change them regularly.
- Think like a hacker: Apply OSINT and monitor the underground markets for any data leaks or mentions of your organization.
To prevent hackers from breaking into your home, study the most likely ways and methods they would use. Mitigate these initial access points or root causes. Effective defense is always proactive, not reactive.
How do you tackle new-age hackers with their smart technology? Tell us about Facebook, Twitterand LinkedIn. We would like to know!