How I Would Hack You: Come Join My Plan of Attack
Understanding the details behind a cyberattack can help you to reduce risk and highlight weaknesses in your security plan. Three cyber experts will discuss how to leverage threat intelligence to help your organization take the security-first route. Cybercrimes are increasing in frequency. Understanding what happens behind closed doors can help you align your business objectives, mitigate risk, and highlight weaknesses in your security plan. You can look at your business from the perspective of a threat actor to gain a holistic view and use this intelligence to protect your customers and yourself.
Jason Slagle, president and CEO of CNWR, Matt Lee (security and compliance senior director for Pax8), and Tom Lawrence (president and CEO of Lawrence Technology Service) put themselves in the shoes and described how they would hack a company during a session at CompTIA’s ChannelCon 2022. The goal was to help you understand how to get your organization on a security-first track. Here’s what they had:
Step 1: Evaluate the Landscape
POV: I am a threat actor with hacking abilities and you are in my crosshairs. I will access your system using publicly available information, unpatched security gaps, and some social engineering. I don’t mind calling around to find out who will grant me access. It’s amazing what you can do there.
The first stage of an attack usually involves someone who has criminal intent and is looking for an opportunity. Hackers are always looking for big paydays and a large attack surface with unchecked vulnerabilities. Because of the large number of endpoints MSPs have and their connection with tons of clients, often with admin rights, they target managed service providers.
Slagle stated, “The first question is: What do you look like to other people?”
Lee stated, “That also includes your people and operation security posture.” Lawrence said, “There are resources that you can use to look into your own infrastructure and say, ‘oh, I left that exposed!'” These tools can be used to look at your domains.
Threat actors love to map out the system’s landscape. They can use open-source intelligence tools to create a visualization of your world. They can connect different open-source data sets to get a complete picture of your organization, your infrastructure, and where your past data is located.
It is a phase of enumeration. They will inspect your infrastructure and create a map to assess the value of the data they are trying to steal.
Step 2: Evaluate the Attack Vectors
POV: Now, I’m going see what I can do to get in. I’m trying to break into your home like a burglar. Did you forget your default password? I will look for vulnerabilities that are exposed and weak security positions to exploit.
Here are some questions you can ask about cyber criminals who plan potential attacks.
Do they attack infrastructure or users?
Do they have an easy and clear vulnerability path to exploit?
Can they just coerce a user to approve MFA?
Can they con your users into a rival?
Are your OAuth tokens and cookies susceptible to theft?
Do your employees post personal information on social networks?
Hackers can exploit infrastructure vulnerabilities to attack it. They can attack people based on fundamental human weaknesses and attack your authentication configuration and vulnerabilities. There are many ways to ruin your day.
If they don’t have the resources to fully attack you, they can sell access to another threat actor via an initial access brokerage site. Slagle stated that initial access is often the most difficult part of an attack, so people will pay for this.
There are many specialties with their own monetization goals.
Lee stated that most people don’t know that there is an entire ecosystem where threat actors are as entrepreneurial and as successful as the companies they attack. Lee said that there are ransomware specialists and malware specialists, vulnerability specialists, and zero-day specialists who all contribute to the ecosystem. To keep threat actors out jail, there are money launderers.
Step 3: Compromise, Attack
POV: Now that we have a plan of attack, and possibly a team, we can get to work. Access, deploy ransomware, extort or steal valuable intellectual property