It’s easy to grow numb to numbers. The projected loss, in dollars, from what is clearly an unabating wave of cyberattacks has gotten so extreme that it has become, well, meaningless. Seven years ago (a lifetime in technology), CSO reported that companies and governments were losing $400 billion per year to cybercrime.
Truth is, cybercrime is just getting warmed up, fueled by sophisticated criminal enterprises and state-sponsored terrorists flocking to cyberspace. It’s hardly news.
Let’s understand in a bit more detail the motivations behind cyber crime and common methods criminals use.
WHY HACKERS HACK
There are many different types of cyber crimes, and the kind of attack can vary based on the end goal or motive of the criminal. Motivations include:
• Financial: Data is the new oil, and money is obviously the biggest lure for crime. When we talk about cyberattacks like ransomware or business email compromise, we know that a majority of these attacks are financially motivated.
• Nation-state attacks: State-sponsored attackers (or transnational organized crime) are looking to disrupt large organizations, disturb economic activity, create political instability, or steal trade secrets. For example, Russian and North Korean attackers actively targeted COVID-19 vaccine manufacturers.
• Corporate espionage: The theft of trade secrets, proprietary data, or intellectual property can reduce competitiveness and market leadership.
• Computer resource theft: The trillion-dollar value of cryptocurrencies and NFTs have made hackers rush to hijack the processing power behind thousands of networked computers in a scheme known as cryptojacking. The purpose is to mine cryptocurrency.
• Hacktivism: Politically motivated hackers, nation-state sponsored or otherwise, purposely attempt to cause disruption or vandalize property they believe is counter-productive to their agenda.
HOW HACKERS HACK
Regardless of whether attacks are opportunistic or targeted, cyber-criminals typically follow these seven steps, sometimes referred to as the cyber kill chain.
1. Reconnaissance: Attackers spend time researching, identifying targets, and creating an attack strategy. This includes leveraging open-source intelligence tools (OSINT), researching social media, or purchasing stolen credentials on the dark web.
2. Weaponization: Based on what attackers have discovered, they plan their next phase of attack. This may include creating phishing emails or websites outfitted with a malicious trojan or a backdoor.
3. Delivery: An extremely well-crafted, highly targeted spear-phishing email delivered to specific contacts of an organization. Attackers can also deliver the payload via a software vulnerability, compromised credentials, or through a USB stick.
4. Exploitation: With a foot in the door, the attacker moves laterally through the network to gain more leverage, learning roles and reporting structures, and accessing systems and data.
5. Installation: The attacker now injects malware on the compromised asset, evades detection, and signals command and control servers.
6. Command and control: These purpose-built servers enable attackers to take complete control of the compromised network.
7. Act on objectives: Finally, attackers proceed toward their ultimate agenda. That can include exfiltration of data, execution of ransomware code, deletion of sensitive files, or other hacks.
HOW CAN ORGANIZATIONS BEST DEFEND THEMSELVES?
Just as a business expands and evolves, so do cyber threats—and organizations must be prepared to mitigate these risks. Here are five suggested best practices:
1. Build a culture of cybersecurity: Culture represents a mix of security awareness, attitudes, and behaviors. Coaching employees regularly about various threats and consequences of their actions is crucial to building resilience. Start at the top and engage employees at every level. Employees should not be seen as part of the problem, but as part of the solution.
2. Protect credentials: Billions of stolen login credentials can be purchased on the dark web and 85% of employees still reuse passwords, which means most enterprises are at high risk of getting compromised. Ensure employees change their passwords frequently and use long and complex passwords since shorter ones are easily hacked. Although multi-factor authentication is not entirely invulnerable, make MFA mandatory for all account logins.
3. Run OSINT on your org: Think like an attacker: If someone wanted to target your CEO, your employees, or your critical resources, how would they do it? Run open-source intelligence on your organization, or involve a partner to help.
4. Patch systems frequently: Cybercriminals exploit publicly known and often unpatched vulnerabilities. The rise of remote working has exacerbated the problem as patching remote systems can be a complicated affair compared to on-prem devices. Most software updates contain security fixes, so it’s critical that operating systems are updated.
5. Have reporting processes in place: Flag critical people, systems, and resources and ensure you have an alerting mechanism in place that rings alarms when it encounters an anomaly. After technical controls, employees are your last line of defense; teach them to report suspicious items or activity at once.
No one is truly immune from cybercrime. Organizations that prepare for this eventuality will always be in a better position of defending, responding, recovering, and surviving.
Stu Sjouwerman is the Founder and CEO of KnowBe4 Inc., the world’s largest Security Awareness Training and Simulated Phishing platform.