Hacker Recon: How Data Thieves Do Their Homework

Hacker Recon.jpgWhat does a hacker want to know about your system? What OS you’re running? Your IP address? Your CRM vendor? Malicious breaches are happening at an ever-increasing rate, and it’s tough to know what angle a hacker plans to use to exploit you. Attacks in the healthcare industry in particular are on the rise, thanks to the valuable personally identifiable information (PII) and electronic protected health information (ePHIthese providers house. While the Health Insurance Portability and Accountability Act (HIPAA), along with other mandates, puts in place a range of safeguards, getting inside the mind of a hacker can also go a long way toward protecting yourself.

You’ve maybe heard the saying, “keep your friends close, but your enemies closer.” This is extremely applicable in the realm of securing your IT infrastructure. If you know what hackers are looking for, you can cut them off at the pass. Cybercriminals are using increasingly sophisticated attack strategies to infiltrate systems, but their efforts begin long before the actual malware is sent and an intrusion takes place. The first step in a malicious attack involves learning as much about the target and system as possible. Again, if you know what they’re looking for, you’re all the more prepared to hide and protect it.

Choosing a Victim

Hackers usually have specific motivations that spur an attack. They might just want to prove the point that they’re more intelligent or sophisticated than the collective target. They might want to steal PII for their own use, or they might want to actually profit by selling the info on underground marketplaces. Whatever the case, very few breaches are random—cybercriminals choose their victims very carefully.

Their first step is intelligence gathering. Hackers research a group of potential targets, looking for details about each organization’s technological solutions, plus the vulnerabilities that exist within those systems.

Experian notes that gathering intel can begin with something as simple as a Google search. A hacker can do a quick internet search and come across a job posting that lists the types of software or hardware potential candidates should be fluent in. This provides a glimpse into the enterprise’s infrastructure and it’s often all a hacker needs to pinpoint a vulnerability, craft a piece of malware, and exploit all the data you’ve got.

Targeting Specific Employees

In addition to researching institutions as a whole, hackers will identify specific employees in an organization and go after them as their entry point. Phishing and ransomware attacks, for example, are typically delivered via email, but experienced hackers know a standard spam message isn’t going to penetrate most modern organizations.

So the emails—which typically contain a malicious link to launch the malware and initiate the infection—must be customized to appeal to the recipient and designed to appear legitimate. The hacker may search your website to get names of current employees, then research them via their social media or other online profiles. A Facebook profile can quickly tell a hacker what someone is interested in, allowing them to easily craft an intriguing and convincing email for their target that dramatically increases the chances that the victim will not only open it, but click on the link that then launches the malware used to support the breach.

Widening the Scope: Partners, Customers, and Beyond

Intelligence gathering can also include organizations outside of the target institution, such as strategic partners, suppliers, or even customers. Breaching an ancillary organization provides a surprisingly easy path to the true target victim.

As CIO pointed out, this was the strategy that was used to initiate the now infamous Target breach. It sounds like something straight out of a movie, with an infiltrator crawling through an air vent, but it’s complete reality in that hackers gained intelligence about Target’s HVAC vendor and stole authentication credentials that supported the large-scale breach.

Aligning Vulnerabilities with Attack Strategies

The purpose of doing all this recon is to find the best way to breach an organization, remove sensitive data, and cover the cybercriminal’s tracks. A hacker obviously wants to write malware code specifically tailored to an organization’s weakest point.

For instance, if a hacker learns that a company uses an outdated system for which security patches are no longer being issued, that’s the perfect avenue for a breach. It’s the same concept as stalking specific employees to create a targeted phishing message. Whatever the process used in exposing a vulnerability, you can be assured the exploit wasn’t random.

And so if hackers are going to do their homework, so should you. A more in-depth understanding of the process cybercriminals use to support data breaches can inform architecture design decisions as well as giving you the tools to educate staff members and to monitor for the type of suspicious activity that could alert you to the beginnings of an attack.

To better understand your company’s security exposure and how to mitigate the risk of a potential infiltration, contact the experts at Hostway for a free risk assessment. We’ll help you understand your risk profile and then work with you to design a solution for your specific needs.

Call +1.866.680.7556 or chat with us today.