How Hackers Infiltrate Systems

Uploaded on 2016-09-14 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

To defend your organisation against complex and simple attacks alike, think like a hacker.​.

The recent hacks and subsequent embarrassing data leaks of the Democrat National Convention and the Clinton Foundation  has demonstrated the high stakes and fragile cybersecurity ecosystem of US political campaigns. As the 2016 Presidentail general election heats up, The Takeaway, a news program produced by WNYC in New York reported that Julian Assange and Wikileaks are preparing to release another batch of hacked data.

Though attacks can be sophisticated, it's likely the DNC attacks were the result of simple spearfishing, a tactic that involves tricking an employee to open or click a link inside an email that appears to be from a trusted source. "[Spearfishing] is a relatively easy trick, and anyone, from the CEO to an entry level employee, can be duped," said Skyport Systems CEO Art Gilliland.

The campaign leaks should serve as a cautionary tale for companies big and small, Gilliland said. Many businesses, he explained, are as vulnerable as the DNC and should learn from this summer's hack attacks. "In building an effective program to protect the enterprise, companies should consider the reality of the adversary marketplace." Meaning, hackers often behave like rational actors within traditional markets.

To defend your company against complex and simple attacks alike, Gilliland said, think like a hacker. "[Kill chain] is taken from military parlance. The attack lifecycle enumerates the steps that an attacker follows to steal or damage a target asset inside a company." Although much more sophisticated attack lifecycles exist, he said, the basic kill chain process is easy to understand.

  • Think like an attacker and focus on adversary disruption.
  • Most attacks follow these steps, Gilliland said:
  • Recon - The attacker researches, profiles, and tests the environment and its people.
  • Infiltrate - Breaks in and takes positions inside the organization.
  • Discover - Uses the internal position to understand more about the environment and the surrounding systems.
  • Capture - Works to take control of the asset, typically information, that is valuable.
  • Exfiltrate - Moves the asset out, or in some cases damages the asset.
  • Monetize - Sells or uses the asset to make money or gain advantage.
  • Create identity-based perimeters for cloud services

As more organizations consume services or infrastructure from SaaS and cloud providers, the need for a different model of security becomes important. The challenge isn't that they don't deliver security, the challenge often is that they don't deliver all of the security that an organization requires. Create what Gartner calls the Cloud Access Broker. These are gateways that implement policies on the interactions between users and the cloud.

Develop individual trust zones in the cloud

The most promising new architectural approach is in the creation of individual security perimeters around every workload that runs in the data center. This approach is often referred to as micro-segmentation and represents the separation of the network trust zones into units of a single zone of trust for each application or workload.

Encrypt sensitive data

Broad use of encryption can help ensure that the data that is stolen is useless. Find technologies that can encrypt data without breaking applications. Approaches like tokenization and format preserving encryption can help to protect without breaking the existing environment. Finally, start with the stuff that really matters and work from there. It is not necessary to encrypt everything all at once. Start small, reduce risk, and move on.

"The hardest part of cybersecurity is that many of the tools used by adversaries are also used by the good guys," Gilliland said. The best way to improve defensive posture is to focus more on adversary disruption tactics and less on technical architecture. "If the adversary is profit motivated, they will likely just move on. Remember that old adage: If you are in a group chased by a bear you don't need to be faster than the bear, you only need to be faster than the others with you," he said.

TechRepublic

 

« Mass Surveillance: Cuba Filters Text Messages
Effective Drone Defence & Control »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Link11 GmbH

Link11 GmbH

Link11 provides DDoS protection solutions to protect websites and complete server infrastructures from DDoS attacks.

CERT Polska

CERT Polska

CERT Polska is the first Polish computer emergency response team and operates within the structures of NASK (Research and Academic Computer Network) research institute.

SharkGate

SharkGate

SharGate provide a cloud-based website security solution to protect websites from being hacked.

MSAB

MSAB

MSAB is a pioneer in forensic technology for mobile device examination.

Advantech

Advantech

Advantech is a leader in providing trusted innovative embedded and automation products and solutions. Activities include IoT security.

Shadowserver Foundation

Shadowserver Foundation

Shadowserver Foundation aims to improve internet security by raising awareness of compromised servers, malicious attackers and the spread of malware.

ATIS Systems

ATIS Systems

ATIS Systems offers first-class complete solutions for legal interception, mediation, data retention, and IT forensics.

KLDiscovery

KLDiscovery

KLDiscovery is a global leader in delivering best-in-class eDiscovery, information governance and data recovery solutions.

OCM Business Systems

OCM Business Systems

OCM are experts in the safe, secure and responsible disposal of IT & EPoS assets.

A3Sec

A3Sec

A3Sec provides professional solutions in the areas of Cybersecurity, Device Monitoring, Business Intelligence and Big Data.

Aware

Aware

Aware is the only comprehensive AI solution for governance, risk, compliance and insights for leading collaboration platforms.

ClosingLock

ClosingLock

ClosingLock is the leading provider of wire fraud prevention software for the real estate industry.

6WIND

6WIND

6WIND deliver virtualized, cloud-native, distributed high performance & secure networking software solutions to support new applications such as 5G, IoT, SD-WAN.

Flawnter

Flawnter

Flawnter is a security testing software that finds hidden security and quality flaws in your applications.

USX Cyber

USX Cyber

USX Cyber was founded on the idea that small and medium businesses deserve and require the same level and sophistication of cyber protection as large enterprises.

Synergy ECP

Synergy ECP

Synergy ECP has a talented, dedicated staff to provide a broad range of services to the defense and intelligence industries.