Cyber attacks are on the rise. In the 2015/2016 financial year, CERT Australia responded to 14,804 cyber attack incidents. While businesses continue to use traditional methods to defend against cyber attacks, e.g., firewalls, these are no longer enough to prevent an intrusion by a sophisticated operator. To provide the best defence against hackers, you must first learn to think like they do. This is especially true for SMEs who, due to budgetary constraints and lack of expertise, are most vulnerable to cyber attack.
Why Hackers Love SMEs
In a previous article we discussed how SMEs are most vulnerable when it comes to cloud security. SMEs are often a target for hackers because it’s much easier to gather information about smaller businesses than it is their larger counterparts. They don’t need as much information to hack into smaller businesses. They are agile, creative and they act fast. The best line of defence to hackers is to think like one. The follow is an introduction to how hacking works in 7 steps:
The 7 Steps to Hacking
1. Pre-Attack - Foot Printing
“Footprinting” is a “pre-attack” activity where the hacker performs reconnaissance on the intended target. At this stage, hackers will want to learn as much as they can about your business and the target system, e.g. employees that work at your company, how communications reach the target system…etc. They will find this information through publicly available sources, e.g. social media, corporate websites, WHOIS queries.
Scanning is a process where a hacker will probe for information about the target system. The hacker has three scans in their toolkit: port, network, and vulnerability scans. Hackers use port scanning to find any “open doors” they could use to gain ingress to the system or network. This includes network scanning to identify any active hosts on the networks; and vulnerability scanning to assess if a host or network has any weaknesses.
Enumeration is the process through which the hacker discovers usernames, and information regarding user groups, file shares, and services offered by network hosts. One way to protect against enumeration is to, where possible, obfuscate information about network. A hacker will most likely attempt to learn information about your network by performing a DNS zone transfer, so it’s worthwhile protecting your network against this. Finally, it’s always good practise to disable any default administrator accounts.
Hacking is where the real work begins. A hacker will use the information gathered through footprinting, scanning and enumeration to perform the hack and gain ingress to the target system. This generally results in the hacker trying to access the target system using a discovered host and username. The line of defence at this point is the password for the username the hacker is attempting to use to access the system.
5. Escalate Privileges
Having gained ingress to the target system, the hacker will now want to escalate their privileges, e.g. ensure they have enough privilege in the system to execute their intended action. This can result in the hacker attempting to gain administrator or root privileges. This is generally achieved by the hacker exploiting a bug, design flaw or oversight in some software or the operating system. There are many ways to mitigate against a hacker’s attempt to escalate privileges which are included in this downloadable checklist.
6. Delete Tracks
Having accessed the target system and executed any tasks, a hacker will now want to delete their tracks. This is an important step in the process as the hacker does not want to alert anyone to the fact that they were there. Why? Other than for law enforcement reasons, if a system administrator learns of a breach then they will take steps to fix the weakness in the system, possibly blocking the hacker from gaining access in the future. Deleting their tracks often results in the hacker sanitising log files and sanitising the command history.
7. Plant a Back Door
Before a hacker leaves the target system, they will want to leave a back door to ensure future access. The back door is generally a secret program that bypasses the normal security features of the system. Other than target system access, the backdoor may also be used to turn the machine into an agent for other purposes, such as DDoS or sending spam email.
There’s no doubt that cybercrime is on the rise and it’s said that Australia is one of the top 10 global hosts for cyber threats. If you are ready to optimise your defence strategy and want to learn how Interactive can keep your systems secure, resilient and efficient, get in touch with our team to request a cloud quote.