Headline
Hacking Scenarios: How Hackers Choose Their Victims
Enforcing the “double-extortion” technique aka pay-now-or-get-breached emerged as a head-turner last year. May 6th, 2022 is a recent example. The State Department said the Conti strain of ransomware was the most costly in terms of payments made by victims as of January. Conti, a ransomware-as-a-service (RaaS) program, is one of the most notorious ransomware groups and has been responsible for
Enforcing the “double-extortion” technique aka pay-now-or-get-breached emerged as a head-turner last year.
May 6th, 2022 is a recent example.
The State Department said the Conti strain of ransomware was the most costly in terms of payments made by victims as of January.
Conti, a ransomware-as-a-service (RaaS) program, is one of the most notorious ransomware groups and has been responsible for infecting hundreds of servers with malware to gain corporate data or digital damage systems, essentially spreading misery to individuals and hospitals, businesses, government agencies and more all over the world.
So, how different is a ransomware attack like Conti from the infamous “WannaCry” or "NotPetya"?
While other Ransomware variants can spread fast and encrypt files within short time frames, Conti ransomware has demonstrated unmatched speed by which it can access victims’ systems.
Given the recent spate of data breaches, it is extremely challenging for organizations to be able to protect every organization from every hack.
Whether running a port scan or cracking default passwords, application vulnerability, phishing emails, or ransomware campaigns, every hacker has different reasons for infiltrating our systems. It is evident why certain individuals and companies are targeted because of their software or hardware weaknesses, while others affected do not have this common Achilles’ heel due to planning and barriers put in place.
We can bring in support of security experts like Indusface to defend ourselves and pursue an attack-reduction strategy to reduce both the likelihood and impact of becoming the victim of a cyberattack.
But what characteristics do companies possess that tend to attract cyberattacks, and why do hackers target them?
And if you knew your company was a likely target, would it make sense for you to be wary of the many ways your information could be compromised?
What Motivates a Hacker?
When hackers hack, they do so for several reasons. We’ve listed the 4 most common motivations behind the hacking.
****1** — **It’s About Money:****
One of the most common motivations for breaking into a system is monetary gain. Many hackers may try to steal your passwords or bank accounts to make money by taking off with your hard-earned cash. Your customer information wouldn’t be safe if hackers made off with it as they could use this data in several ways, perhaps by blackmailing you or even selling it on the black market or deep web.
The average cost of a data breach was $3.86 million in 2004, according to IBM, and that number has since risen to $4.24 million as of 2021. It’s even expected to rise even more in forthcoming years.
****2** — **Hack + Activism aka Hacktivism****
Some people look at hacking to start political and social revolutions, although the majority are interested in expressing their opinions and human rights or creating awareness over certain issues. However, they can target anyone they like - including terrorist organizations, white supremacist groups, or local government representatives.
Hacktivists, also known as ‘Anonymous,’ normally target terror groups like ISIS or white supremacist organizations, but they have also targeted local government groups. In January 2016, an attack on the Hurley Medical Center in Flint, Michigan, led to the leak of thousands of documents and records. The organization claimed responsibility with a video promising “justice” for the city’s ongoing water crisis that resulted in 12 deaths over time.
Whether it’s a single hacker or a simple online gang, the primary weapons of hacktivists include Distributed Denial of Service (DDoS) tools and vulnerability scanners- proven to cause financial losses for well-known corporations. Remember when donations to WikiLeaks were halted, and Anonymous rode high on a series of DDoS attacks?
****3** — **Insider Threats****
Insider threats can come from anywhere, but they are viewed as one of the organizations’ greatest cyber security threats. Many threats can come from your employees, vendors, contractors, or a partner, making you feel like you’re walking on eggshells.
Someone within your organization is helping a threat become a reality. Now that we think about it, almost all of your employees, vendors, contractors, and partners are technically internal to the organization. One major weakness enterprises have their core systems of protection; the firewalls and anti-virus programs are easily bypassed by whoever has access to these programs at any one time.
So when the next wave of cyberattacks comes, who better than someone you’ve always trusted with key security access, damage control measures need to be implemented to prevent a repeat of a situation as catastrophic as Sony’s hack in 2014 (possibly perpetuated by its own employee).
****4** — **Revenge Game****
If you have an unruly employee looking for a way to get revenge on your company, they will more than likely take the time to think of a good attack, leaving you thinking twice about dismissing them.
If they have access to your system, you can be sure that they will try to find any way possible to use their privileged status to get back at you even after leaving the company. One way of doing this is by accessing databases and accounts that require logins and passwords. In other cases, disgruntled workers might even sell vital information in exchange for money and more favorable job opportunities only to mess with your organization’s infrastructure.
****5** — **Attack Vectors****
Cybercriminals are utilizing a wide range of attack vectors so that they can infiltrate your system or take custody of it by using ransomware attacks like IP address spoofing, phishing, email attachments, and hard drive encryption.
****a) Phishing****
The most common way to spread ransomware is through phishing emails. Hackers send carefully crafted phoney emails to trick a victim into opening an attachment or clicking on a link containing malicious software.
There are lots of different file formats malware can come in. For example, it could be in a
PDF, BMP, MOV, or DOC.
Once hackers take control over your company’s network, ransomware malware has a good chance of getting into your system, encrypting information, and taking hostage all the data stored on your devices.
****b) Remote Desktop Protocol (RDP)****
Running over port 3389, RDP is short for Remote Desktop Protocol, allowing IT administrators to remotely access machines and configure them or merely use their resources for various reasons - such as running maintenance.
The hacker begins by running a port scan on machines over the internet that have port 3389 open. 3389 is for SMB, or Server Message Block, which allows for basic file sharing between Windows computers and is often turned on in the early days of internet usage.
Once a hacker has gained access to open machines on port 3389, they often brute-force the password so they can log into them as an administrator. And then, it is a matter of time. Hackers can get into your machine and initiate the encryption operation to lock down your data by purposefully slowing or stopping critical processes.
****c) Attacks on Unpatched Software****
A weakness in the software is one of the most promising methods of attack deployment in today’s environment. In some cases, when software is not fully up to date or patched, attackers can enter networks without having to harvest credentials.
****The Closure****
Cyber hackers can now do just as much analyzing and evaluating as security teams for their products. They have the same or even more tools to scan any given system, so it’s practical to be able to foresee their motivation and profiles.
With hackers becoming more sophisticated, it is on top priority to have proactive cybersecurity mechanisms to maintain the health of your business.
Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.