1300802163
 

Information Security – The Hacker Methodology

The Hacker's Approach

Background

The last two years have seen a sea change in business strategy, with the consequent knock-on for IT. Businesses have changed their focus to e-commerce and embraced working from home or remote access to their systems. The upshot is a renewed focus on Information Security to ensure that company Intellectual Property is secured, as is customer information. Businesses now have a formal Information Security plan.

As with any defence strategy, it is essential to know what the enemy is up to and use that information to prepare defences against them. Businesses must know how hacker’s operate, and what they can expect from them.

Why Hack At All?

Types of hackers

In general terms hackers are classed in one of two categories:  White Hats; hackers who attempt to identify weaknesses and recommend how to plug security gaps; and Black Hats; the people who try to steal stuff.  However, having said that, there is an entire spectrum of other coloured hats who in one way or another fall into either or both camps.  For example, Grey Hats can operate in either mode.

If we ignore White Hats, for now, the FBI believe that there are several different Black Hat hacking profiles:

  1. The Joyrider or Mischief Maker: Someone who wants to just cause mischief by hacking into a site, perhaps only changing the web landing page.
  2. The Vandal: Someone who hacks into a corporate network and simply destroys. They mangle databases, trash systems and websites, and generally try to cause as much damage as possible.
  3. The Thief: This category has subtypes, including:
    1. They want to steal financial information that they can resell or use to steal money.
    2. Intellectual Property. This could be a competitor trying to find out progress on the development of a competing product, stealing a copy of the response to tender a company is putting forward, or general strategic information about a businesses objectives.

It should be noted that Black Hat hacking is not confined to the private sector. There have been serious allegations that many governments are using hacking as a form of espionage or economic warfare. It has been alleged that there was interference in both the Presidential Election that brought President Biden to power and the 2016 Brexit Referendum in the UK.

The Hacking Process

As with all attacks, it typically follows about 5 recognisable stages:

1. Reconnaissance

Simply put, this is finding out about the proposed target, gaining sufficient intelligence to decide whether mounting a full-on attack is achievable and worthwhile. The hacker can carry it out or perform it through an intermediary.

In other circles, burglars tend to ignore homes with good defences. If they find one, they move on until they find one that has poor defences.

It must be the aim of the IT Security team to convince the hacker after they have reconnoitred the site that the returns they will receive on attacking them is not worth the effort, and they should look elsewhere for an easier target.

2. Scanning

Having decided to mount an attack, the hacker now needs to identify the best way to do so. They use technical tools to gather more intelligence on the target network and systems, for example, vulnerability scanners. They also assess employees.

The IT security team must:

  1. Have approved policies and procedures around information security, not just in IT terms, but in general business aspects as well. For example, the use of flash drives and Cloud storage like DropBox must be stopped.
  2. Put a programme of continuing staff education about malware from induction onwards.
  3. Actively monitor the network to look for probes and other information gathering exploits; and
  4. Make sure all security systems are up to date with the latest software and anti-malware signature information.

3. Gaining Access

This involves taking control of network devices to either draw information or act as a platform for other attacks elsewhere in the network.

They may use phishing exploits to see if they can plant malware in the target network to provide a back door. There are cases where they have phoned a user of the target network, and by posing as someone from IT support, have been able to gain remote access to the network.

A final threat is ex-employees. There is often a time lag between someone resigning or being fired and having their IT privileges removed. The ex-employee can sell their credentials to a hacker or steal information themselves. If the ex-employee has remote access credentials, perfect for the hacker.

This is where vigilance by the IT Security team is essential. They must monitor unusual activity on the network and take appropriate remedial or preventative measures.

4. Maintaining Access

This phase is where the bulk of the damage is done. The hacker must remain connected to the target network for long enough to steal what they want to steal or cause sufficient damage. Obviously, they need to stay under the radar while doing this.

The IT Security team again needs to be vigilant for any unusual activity on the network, for example, sensitive data uploading to Cloud hosting services like DropBox.

5. Getting Away with It

The final stage in the process is completing the task. It may be that the hacker doesn’t want the target to know they have been hacked, for example, if they have stolen credit card information. They need enough time to steal money before the card owners cancel their cards.

They need to revert any system changes they have made back to the prior settings and close any loopholes they opened.

Obviously, sometimes there is no need to cover their tracks. They are quite happy to leave rubble and mayhem in their wake.

At this point, there is little IT Security can do, other than work out how the exploit was carried out and take actions to prevent a recurrence. If the exploit is business-threatening or has external implications, then further action may be needed by senior staff in the business and their communications teams.

In summary, Information Security is more than just IT. The FBI believe that most problems start between the keyboard and the chairback. In addition to the IT anti-malware and anti-hacking software and eternal vigilance by IT Security, the company needs to take a close look at employee training and education, and their policies and procedures. These current working from home and increased remote access environment bring new and different security issues and malware vectors, so these must be included in any review.

Our Specialist Consultants Are Here To Help

If you would like to know more about this process, and how it can specifically help your organisation stay one step ahead of cyber-threats, then please contact Anitech’s information security and cyber security consultants today by filling out this simple online Contact Us form, or by calling us on 1300 802 163. They will be able to go through this process with you in detail, answer your questions, and explain to you how your business could directly benefit from this process.

SERVICE ENQUIRYGet a Quote

We can help you to get your business ISO Certified.

    Leave your details and we will be in touch with you within 24 hours.
    GET IN TOUCHAnitech Social Links
    Taking seamless key performance indicators offline to maximise the long tail.

    Copyright @ 2020. All Rights reserved.