An organization is never 100% safe from a cyber attack. The more you education your employees on what to be vigilant for and how to practice creating secure passwords, the better posture you will have to prevent certain attacks.
What one sees in movies and on TV when it comes to cyber attacks is not accurate as these type of attacks happen quickly and with quite the bang. The reality is that the criminals more often than not they sit quietly on compromised systems gathering information and seeing what they would be able to get a hold of before choosing the appropriate time to strike.
It takes on average 277 days before a breach is identified and contained. In the next sections you will read how an attack starts and see some real world examples.
How a Cyber Attack Plays Out
A 7-step model, the Cyber Kill Chain, used by Cyber security professionals was first introduced by Lockheed Martin Corporation. This model describes the various stages in an attack.
1. Reconnaissance
The threat actors establish themselves on their victims infrastructure such as tools, tactics, etc that will be used to carry out the attack. To get themselves established on a victims infrastructure, this might employ the use of a phishing kit, reconnaissance on the victims systems for vulnerabilities, determining high value targets in the victims organization, gathering employee information from social media, and lastly gathering information about the organization. They might also go and “shop” on the dark web for any leaked corporate credentials.
2. Weaponization
At this point the attackers craft their payload and attack vector, possibly malware or any other type of vector, to harvest credentials or to exploit an unmitigated vulnerability.
3. Delivery
The attack is ready to be launched. This can be delivered through a phishing email which contains malicious links to steal credentials or even an email that has a specially crafted attachment which contains malware. A VPN (Virtual Private Network) can also be used to break into a victims system.
4. Exploitation
After an attacker is inside a victims machine and or network, they investigate to try to find more weaknesses to take advantage of and exploit. They could escalate their privileges by accessing additional logins, map the environment, or even compromise new and additional systems.
5. Installation
An attacker can gain control by installing additional malware, remote access Trojans (RAT) or back doors.
6. Command & Control (C2)
Once the payload is in place the payload would establish a connection to the command and control servers of the attacker. This would allow them to have full control over the system or users account either to deliver additional instructions to the payload, spread laterally and even establish further back doors for intrusion.
7. Actions
This is where the hackers carry out their objectives. If for example, they want to steal data, they might start collecting data from a staging server then exfiltrate the data back onto their infrastructure.
“Our strongest tools are our reputation and relationships. A breach could do more than take our security; it could remove the trust from our name that we’ve worked so hard to build.”
Chelsea Richardson
Principal, Vice President at JD+A
3 Real World Cyber Attacks that Involved Compromised Credentials
September 2022 – Uber
This hacker, who was claiming to be 18 years old managed to gain access to multiple critical Uber systems. This included email, Slack, and source code. The contractor’s credentials were used, most likely obtained via the dark web as well as social engineering to trick the person into approving the 2 factor authentication request. The full impact wont be known for a while but as a result of this Uber’s reputation was damaged especially since this is not the first time their systems have been breached.
December 2020 – SolarWinds
Hackers, through a sophisticated supply chain attack gained access to SolarWinds’ software source code. This in turn allowed them to compromise dozens of government and private sector companies. The initial egress point was an intern who used potentially already compromised password which already was available on the dark web, which in turn its where hackers most likely obtained it from. Undetected for months, the attackers were able to insert malicious code into the companies software. This gave them access to high profile companies and US government agencies.
July 2020 – Twitter
A 17 year old master mind and leader of a group of amateur hackers, tricked Twitter Employees into revealing their login credentials through social engineering techniques. As a result of this they managed to get control of internal support tools for the platform and took over more than 130 accounts. Some of those accounts included Elon Musk, Barack Obama, Bill Gates, and Kanye West. They tweeted a series of messages which promoted a bitcoin scheme. As a result this damaged Twitter’s Reputation.
Reference:
https://www.dashlane.com/blog/prevent-cyberattacks
Leave a Reply