Cyber criminals love a vulnerable system, whether for the chance to break a hard security line, or find the unsuspecting employee who will open the wrong email. The typical thought when it comes to security against cyber crime is that if defenses are good, the criminal will move on.
But cyber criminals are more sophisticated nowadays, and greed makes them patient. Ransomware is big business, and the measures cybercriminals use have developed to become more sophisticated. They are willing to analyze a system thoroughly and use reconnaissance methods.
We have been involved in IT for 30 years and have partnerships with the best in the industry. Utilizing the knowledge of cyber crime and defense, we are constantly looking at the cutting edge of criminal activity as well as the solutions.
In this article we will be discussing how cyber criminals operate before they actually strike, as well as the methods they use to gain entry. We will also look at potential current and future developments that are being used or considered for better security.
When Defense Is Not Enough, Look Closer
Cyber attacks use a series of methods as they attempt to exploit a vulnerability. These are:
Pre-attack strategies, including reconnaissance, planning and development
Execution phases, including: launching malware and stealing data
The pre-attack strategies include advanced persistent threats (APTs), such as looking to see what vulnerabilities exist in the network, gaining illegal access, and masking their presence. When these kinds of methods are used, there is a high probability that nation states or state-sponsored actors are involved. It is easy to assume that such attacks would not affect a business, but many hackers and cyber criminals are hired by foreign powers to generate money, including through ransom of business data.
The biggest issue here is that most security efforts are not aimed at pre-attack strategies at a time when cyber attacks are becoming more destructive. As we learn more about the sophistication of cyber criminals in their efforts, it is up to us to develop ways to stop them before they get started. The cost of being a victim of ransomware attacks is going to increase, because a greater ability to carry out attacks brings with it the desire for a greater reward.
Add to this already serious threat the usage of distributed denial of service (DDoS) attacks often used to make security teams focus elsewhere, and the ability for criminals to wipe your system, and you see why companies sometimes pay out quickly. Another troubling fact is that if you are attacked once, you will often be hit again.
More Cybercrime Success Means More Greed
Cyber criminals often compete with each other and revel in notoriety among their peers. It is a sick version of having a “good” reputation. Because of this and increasing security, they pay more attention to pre-attack strategies than they ever have before.
Reconnaissance is where they hone in before the attack, maximizing their chances of success. If a technique works, they will use it again and again on other businesses, until enough security specialists catch on and develop ways to stop them.
Another important thing they use is attack kits, a type of exploit kit which helps them identify potential victims. After finding the hole in the security, they are able to launch a variety of programs. Because of the nature of these kits, they can team up and launch many attacks at once.
We Need Counter-Reconnaissance Methods
The only way for organizations to counter these sophisticated attacks is to implement communication across a network that allows for visibility. The use of artificial intelligence that can detect intrusions by picking up on interrupted patterns should be used by security services to stop threats as they occur. This would include the ability to scale the response when attacks increase.
AI detection included in malware can be very effective, picking up on unusual traffic before it does damage. AI is becoming more in-depth in its capabilities and expanding into every facet of life. This will address and help mitigate some of the Day Zero threats that exist in the marketplace.
Having an Endpoint Detection Response (EDR) can guard individual devices and report anything suspicious. If a hacker can get into an individual’s device, they can utilize it to get into the system once it is connected. This includes cell phones as potential ways to breach security.
An Intrusion Prevention System (IPS) will detect malicious traffic, and once it is detected, the IPS will not allow it to enter into the system, where it can corrupt or steal data. There are different kinds of these systems including: network-based, wireless, host-based, and Network Behavioral Analysis (NBA).
Sandbox solutions can detect harmful traffic and report it, but they usually still allow the traffic in. They can be enhanced by using them with the MITRE ATT&CK framework. While a sandbox solution is beneficial, they need to be improved so they can isolate the threat.
Make sure that you use next-generation firewalls, which are much more effective than older ones.
When you consider the elements of your business, you have to think holistically on how to use these methods equally across the board. Your endpoints, your home office, the cloud: all of these and more should be protected.
Cybercrime isn’t going away; it is just becoming more adept and inventing new methods. Developing a complete security response to prevent any breaches should be a top concern for any business.
Novatech is partnered with Fortinet, leaders in the field of cyber security. If you would like to learn more about our IT solutions, give us a call.