READ TIME: 4 MIN
While most of us get into the holiday spirit, threat actors gear up for their holiday hacking sprees. To outsmart sophisticated hackers, you have to understand how they operate. Consider the following as you develop your cybersecurity strategy—if a trickster cyber attacker were planning their holiday hacking methods, here’s what they might do…
A tried-and-true method of gaining access to a company’s network is by tricking employees into downloading malicious files. This type of attack falls under the umbrella of “social engineering” schemes, which often prey upon employees’ trust and benevolence—a rather ruthless form of trickery, indeed.
In one recent example, a notorious hacking group gained access to a cryptocurrency platform, getting away with over $600 million in stolen funds1. How did they gain access? By tricking an unsuspecting engineer at the firm with a fake job offer that induced him to download a pdf that was infected with spyware. The rest is history.
The story above might be falsely reassuring to some small and medium-sized businesses (SMBs). “After all,” you might surmise, “we’re not a cryptocurrency platform with hundreds of millions of dollars at our fingertips, so why would a hacker target us, right?” Wrong.
In 2022, threat actors have tools that allow them to randomly scan billions of IP addresses with ease. What are they looking for? Vulnerabilities that allow them easy access to networks, akin to an “unlocked front door.” Like any other criminal, hackers take advantage of easy opportunities to commit their crimes—the nature or size of the target is secondary. In other words, you don’t have to be an enormous, high-profile enterprise to be a cybercrime target; you just have to leave the front door unlocked to be targeted.
Speaking of easy ways to gain entry into a company’s network, are you aware that some cyber attackers simply BUY access to their future victims’ systems? Yes, it’s true. In fact, Uber was attacked this year by threat actors who purchased a password on the dark web2. Once inside, the hackers were able to download information from one of Uber’s finance tools.
It is believed that the credentials were harvested from a device belonging to one of Uber’s contractors, after the device was infected with malware by the original threat actors. If cybercriminals were looking for an easy way into a company’s network, they might simply peruse the marketplace for stolen passwords. Hence the importance of multifactor authentication to stymie hackers’ efforts to log in!
Unimaginative attack strategies like buying credentials on the dark web might eventually bore sophisticated hackers, who often demonstrate a penchant for creativity. In such case, they might try to replicate an attack that targeted a financial institution in the U.S. earlier this year—one that used drones, no less!
The threat actors in this attack placed devices on two drones and flew them to the roof of the company’s building3. The devices aboard the drones functioned to impersonate the company’s own Wi-Fi network, which then resulted in at least one employee unknowingly logging into the counterfeit network.
The hackers were then able to obtain that employee’s credentials and start their own penetration of the company’s network. Continuous monitoring for aberrant user behavior is what alerted the company to the intruders’ presence, and without such monitoring, it could have been much worse.
Many hackers might try a simple brute force attack where they enter multiple passwords for the same username over and over, only to eventually be locked out of the system. Growing frustrated due to repeated lock-outs might lead them to try password spraying, another prevalent method of attack.
In password spraying, threat actors try the same password with a long list of usernames. The passwords might be known default passwords or commonly used passwords; for example, the password “123456” is used by over 3.5 million Americans4. Password spraying preys upon those who fail to change default passwords and/or use weak passwords that are easy to guess, making good password hygiene a must.
As a managed cybersecurity provider, NexusTek offers a range of preventive and responsive security solutions that help SMBs defend against even the most sophisticated threat actors. From employee awareness training and ongoing threat monitoring, all the way through incident response and remediation, NexusTek has your cybersecurity needs covered.
Would you like to discuss your company’s security posture with a cybersecurity expert?
References:
1,2. Lever, R. (2022, October 28). Data breaches in 2022. U.S. News & World Report. https://www.usnews.com/360-reviews/privacy/recent-data-breaches
3. TechFunnel. (2022, October 31). Halloween special: The scariest cyber attacks of 2022 (so far). https://www.techfunnel.com/information-technology/halloween-special-the-scariest-cyber-attacks-of-2022/
4. Tietsort, J. R. (2022, October 3). 17 types of cyber attacks commonly used by hackers. Aura. https://www.aura.com/learn/types-of-cyber-attacks