How hackers choose their victims

0

Enforcement of the “double blackmail” technique, aka “pay now or get hurt,” has emerged as a head-turner over the past year.

May 6, 2022 is a recent example.

The State Department said that Conti ransomware was the most expensive in January in terms of payments made by victims.

Conti, a ransomware-as-a-service (RaaS) program, is one of the most notorious ransomware groups and has been responsible for infecting hundreds of servers with malware to obtain corporate data or digital damage schemes and essentially wreaking havoc on individuals and spread to hospitals, businesses, government agencies and more around the world.

So how different is a ransomware attack like Conti from the infamous WannaCry or NotPetya?

While other ransomware variants can spread quickly and encrypt files in a short period of time, Conti ransomware has demonstrated an unmatched speed with which it can access victims’ systems.

With the recent spate of data breaches, it’s a huge challenge for organizations to be able to protect any business from any hack.

Whether it’s port scanning or default password cracking, application vulnerabilities, phishing emails or ransomware campaigns, every hacker has different reasons for infiltrating our systems. It is obvious why certain individuals and companies are targeted because of their software or hardware weaknesses, while others do not share this common Achilles heel due to planning and erected barriers.

We can use security experts such as Indusface to defend ourselves and to implement an attack mitigation strategy to reduce both the likelihood and impact of becoming a victim of a cyber attack.

But what are the characteristics of companies that attract cyberattacks, and why are they targeted by hackers?

And if you knew that your company is a likely target, would it make sense to be wary of the many ways your information could be compromised?

What motivates a hacker?

When hackers hack, they do so for a number of reasons. We have listed the 4 most common motivations behind hacking.

1 It’s about money:

One of the most common motivations for breaking into a system is to gain money. Many hackers may try to steal your passwords or bank accounts to make money by withdrawing with your hard-earned money. Your customer data would not be safe if hackers got away with it as they could use this data in various ways, perhaps by blackmailing you or even selling it on the black market or the deep web.

According to IBM, the average cost of a data breach was $3.86 million in 2004, and that number has since grown to $4.24 million by 2021. It is even expected to increase even further in the coming years.

2 Hack + activism aka hacktivism

Some people look at hacking to start political and social revolutions, although the majority are interested in expressing their opinions, human rights, or raising awareness on specific issues. However, they can target anyone they want — including terrorist organizations, white supremacist groups, or local government officials.

Hacktivists, also known as Anonymous, typically target terrorist groups like ISIS or white supremacist organizations, but they have also targeted local government groups. In January 2016, an attack on Hurley Medical Center in Flint, Michigan leaked thousands of documents and records. The organization claimed responsibility for the city’s ongoing water crisis, which has resulted in 12 deaths over time, with a video promising “justice.”

Whether it’s a lone hacker or a simple online gang, hacktivists’ main weapons include Distributed Denial of Service (DDoS) tools and vulnerability scanners that have been proven to cause financial losses to big-name companies. Remember when donations to WikiLeaks were halted and Anonymous was flying high with a series of DDoS attacks?

3 Insider Threats

Insider threats can come from anywhere, but they are considered to be one of the top cybersecurity threats faced by organizations. Many threats can come from your employees, suppliers, contractors, or a partner, leaving you feeling like you’re walking on eggshells.

Someone in your organization is helping make a threat a reality. Now that we think about it, almost all of your employees, suppliers, contractors, and partners are technically internal to the organization. A major vulnerability of companies is their central protection systems. The firewalls and antivirus programs can easily be bypassed by anyone who has access to these programs.

So when the next wave of cyberattacks arrives, who better than someone you’ve always trusted with key security access, mitigation measures need to be implemented to prevent a repeat of a catastrophic situation like Sony’s 2014 hack (possibly caused by maintain one of its own). Employee).

4 revenge game

If you have an unruly employee looking for a way to get revenge on your company, they will most likely take the time to think of a good attack, making you think twice about firing them.

If they have access to your system, you can be sure that they will try to use their privileged status to get their revenge on you even after they leave the company. One way to do this is by accessing databases and accounts that require logins and passwords. In other cases, disgruntled employees might even sell vital information for money and cheaper employment opportunities just to hurt your company’s infrastructure.

attack vectors

Cyber ​​criminals use a wide range of attack vectors to infiltrate your system or take custody using ransomware attacks such as IP address spoofing, phishing, email attachments, and disk encryption.

a) phishing

The most common method of spreading ransomware is through phishing emails. Hackers send carefully crafted fake emails to trick a victim into opening an attachment or clicking a link containing malicious software.

There are many different file formats that malware can invade. For example, it could be a

PDF, BMP, MOV or DOC.

Once hackers take control of your organization’s network, ransomware malware has a good chance of entering your system, encrypting information and holding all the data stored on your devices hostage.

b) Remote Desktop Protocol (RDP)

RDP runs over port 3389 and is short for Remote Desktop Protocol, which allows IT admins to remotely access and configure machines or simply use their resources for various purposes – such as: B. to carry out maintenance work.

The hacker starts running a port scan on computers over the Internet that have port 3389 open. 3389 stands for SMB or Server Message Block, which provides basic file sharing between Windows computers and is often enabled in the early days of internet use.

Once a hacker gains access to open machines on port 3389, they often brute-force the password so they can log in as an administrator. And then it’s a matter of time. Hackers can get into your computer and initiate the encryption process to lock your data by intentionally slowing down or stopping critical processes.

c) Attacks on unpatched software

A software vulnerability is one of the most promising attack vectors in today’s environment. In some cases, if the software is not fully up-to-date or patched, attackers can penetrate networks without having to collect credentials.

The closure

Cyber ​​hackers can now analyze and evaluate just as much as security teams can for their products. They have the same or even more tools to scan any given system, so anticipating their motivations and profiles is handy.

As hackers become more sophisticated, having proactive cybersecurity mechanisms in place is a top priority to keep your business healthy.

Share.

About Author

Comments are closed.