How hackers choose their victims

0
37

Enforcing the “double extortion” technique, also known as pay-now-or-get violation, emerged as a landmark last year.

May 6, 2022 is a recent example.

The State Department said the Conti strain of ransomware was the most expensive in terms of victim payments as of January.

Conti, a ransomware-as-a-service (RaaS) program, is one of the most infamous ransomware groups and has been responsible for infecting hundreds of servers with malware to gain corporate data or digital damage systems, essentially causing havoc. distributed to individuals and hospitals, businesses, government agencies and more around the world.

So, how different is a ransomware attack like Conti from the infamous “WannaCry” or “NotPetya”?

While other Ransomware variants can spread quickly and encrypt files in a short amount of time, Conti ransomware has demonstrated an unparalleled speed at which it gains access to victims’ systems.

Given the recent wave of data breaches, it is a huge challenge for organizations to be able to protect every organization against every hack.

Whether performing a port scan or cracking default passwords, application vulnerabilities, phishing emails or ransomware campaigns, every hacker has different reasons for infiltrating our systems. It is clear why certain individuals and companies are targeted because of their software or hardware weaknesses, while others who are affected do not have this common Achilles heel due to planning and barriers erected.

We can enlist support from security experts such as: industry face to defend ourselves and pursue an attack mitigation strategy to reduce both the likelihood and impact of falling victim to a cyber attack.

But what are the characteristics of companies that attract cyber-attacks, and why are hackers targeting them?

And if you knew your business was a likely target, would it make sense to be wary of the many ways your information could be compromised?

What motivates a hacker?

When hackers hack, they do it for a variety of reasons. We have listed the 4 most common motivations behind hacking.

1 — It’s about money:

One of the most common reasons for breaking into a system is monetary gain. Many hackers can try to steal your passwords or bank accounts to make money by making off with your hard-earned money. Your customer information wouldn’t be safe if hackers got away with it, because they could use this data in a variety of ways, perhaps blackmailing you or even selling it on the black market or deep web.

The average cost of a data breach was $3.86 million in 2004, according to IBM, and that number has since risen to $4.24 million as of 2021. It is expected to rise even more in the coming years.

2 — Hack + activism, also known as hacktivism

Some people look to hacking to start political and social revolutions, although the majority are interested in expressing their opinions and human rights or raising awareness about certain issues. However, they can target anyone they want — including terrorist organizations, white supremacist groups, or local government representatives.

Hacktivists, also known as ‘Anonymous’, normally target terror groups such as ISIS or white supremacist organizations, but they have also targeted local government groups. In January 2016, a attack at Hurley Medical Center in Flint, Michigan, led to the leak of thousands of documents and records. The organization claimed responsibility with a video promising “justice” for the city’s ongoing water crisis, which led to 12 deaths over time.

Whether it’s a single hacker or a simple online gang, hacktivists’ main weapons include Distributed Denial of Service (DDoS) tools and vulnerability scanners that have been proven to cause financial losses for well-known companies. Remember when donations to WikiLeaks were stopped and Anonymous ran a series of DDoS attacks

3 — Threats From Within

Insider threats can come from anywhere, but they are seen as one of the biggest cybersecurity threats facing organizations. Many threats can come from your employees, suppliers, contractors or a partner, giving you the feeling of walking on eggshells.

Someone within your organization helps a threat become a reality. Come to think of it, almost all of your employees, suppliers, contractors, and partners are technically internal to the organization. A major weakness of enterprises is that they have their core protection systems; the firewalls and antivirus programs can be easily bypassed by anyone who has access to these programs at any time.

So when the next wave of cyber-attacks arrives, who better than someone you’ve always trusted with key security access, damage mitigation measures must be taken to prevent a repeat of a situation as catastrophic as the Sony hack. in 2014 (possibly maintained by his own employee).

4 — Revenge game

If you have an unruly employee looking for a way to get revenge on your company, he will most likely take the time to come up with a good attack, making you think twice about firing him.

If they have access to your system, rest assured that they will try to find every possible way to use their privileged status to call you back, even after they leave the company. One way to do this is to access databases and accounts that require logins and passwords. In other cases, disgruntled employees may even sell vital information in exchange for money and more favorable job opportunities just to tamper with your organization’s infrastructure.

Attack Vectors

Cyber ​​criminals use a wide variety of attack vectors so they can infiltrate or take possession of your system through ransomware attacks such as IP address spoofing, phishing, email attachments, and hard drive encryption.

a) Phishing

The most common way to spread ransomware is through phishing emails. Hackers send carefully crafted fake emails to trick a victim into opening an attachment or clicking a link containing malicious software.

There are many different file formats that malware can enter. For example, it can be in a:

PDF, BMP, MOV or DOC.

Once hackers take over your company’s network, ransomware malware stands a good chance of entering your system, encrypting information and taking all the data on your devices hostage.

b) Remote Desktop Protocol (RDP)

RDP, running over port 3389, is short for Remote Desktop Protocol, which allows IT administrators to remotely access and configure machines or just use their resources for various reasons, such as performing maintenance.

The hacker starts by performing a port scan on machines over the internet with port 3389 open. 3389 is for SMB or Server Message Block, which enables file sharing between Windows computers and is often enabled in the early days of internet usage.

Once a hacker gains access to open machines on port 3389, they often brute force the password so they can log in as an administrator. And then it’s only a matter of time. Hackers can invade your machine and initiate the encryption operation to lock your data by purposefully slowing down or stopping critical processes.

c) Attacks on unpatched software

A software weakness is one of the most promising methods of deploying attacks in today’s environment. In some cases, when software is not fully up-to-date or patched, attackers can penetrate networks without having to collect credentials.

The closing

Cyber ​​hackers can now analyze and evaluate as much as security teams for their products. They have the same or even more tools to scan a particular system, so it is practical to be able to predict their motivation and profiles.

With hackers becoming more sophisticated, having proactive cybersecurity mechanisms in place to maintain the health of your business is a top priority.