What Hackers Want
Hackers spend their time and resources attempting to illegally acquire data and information from other people’s and organization’s computers. What motivates hackers to invest their energy and take legal risks? The bottom line answer is simple. They want a financial reward. But what type of information do hackers steal and how do they convert the stolen information to money? How can we prevent hackers from achieving their goals?
Hackers are resourceful criminals and can leverage many types of data and information for financial gain. You should consider no data or information stored on your computers, mobile devices, or the cloud as unimportant or lacking value to hackers. Below we share a list of some of the most common types of information and data stolen and we highlight a few ways the hackers leverage the stolen property for financial gain.
Credit Card Data:
Hackers steal information that allows access to the credit card accounts. Stolen information includes account owners name, credit card number, expiration dates, account balance, account credit limit, web access passwords, and account PIN. They can also steal personal information used to verify account ownership, such as social security number, date of birth, and any other information in the database associated with account verification. Typically, hackers sell this information to people or organizations who use it to purchase goods online.
Electronic Protected Health Information:
Stolen health information includes medical records and other patient personal information. Criminals commonly use this information for identity theft.
Business/Financial Account Information:
Stolen account information may include account numbers, pass codes, customer personal information, etc. Hackers use this information to gain access to individual accounts with businesses and financial institutions such as banks and investment firms. Businesses are also at risk for having their financial account information hacked. With this information, available, a hacker (or hacker’s customer) can gain online access to the accounts and transfer cash out of the account to virtually untraceable sources.
Cybercriminals use ransomware with a singular objective, to extract a ransom. The victim of a ransomware attack, however, realizes a cost much greater than the ransom demand price. Total cost to the victim includes cost of disruption of business while the networks assets are frozen. The hacker is aware of this situation, and uses this knowledge to identify targets that have the most to lose. This allows the hacker to demand a higher ransom price than would be paid by the average computer owner.
Methods of Entry and Consequences of Cyber-Attacks
To effectively prevent hackers from invading our private information, we first need to understand the various methods they use to penetrate security barriers. The list in this section provides a basic description of some of the more common invasion tactics.
When the attacker accesses a computer or network of computers from a source other than the machines attacked. Techopedia provides a good description of the various remote attack mechanisms. Remote attack mechanisms detailed in this article include:
- Domain Name System (DNS) Poisoning
- Transmission Control Protocol (TCP) Desynchronization
- Denial of Service (DoS) Attacks
- InternetControl Message Protocol (ICMP) Attacks
- Port Scanning
SQL Injection is when code is inserted into an application that manages data in a SQL database. The malicious code gives the attacker the power to perform a variety of data manipulation operations. An attacker can use SQL Injection to gain administrative rights and use them to the application to perform a data dumps, void transactions, etc. This is a powerful tool that can cause chaos for a business that relies on the database for financial and operational control of their business workflow.
This type of attack occurs when the attacker uses vulnerabilities of applications used by operating systems to invade the computer and plant malicious code. To demonstrate, consider Microsoft Windows 10 as the operating system. Windows 10 uses applications such as PDF reader/writer, internet browsers (e.g. MS Edge), and word processors (e.g. MS WORD) to enhance user experience. With the Client-Side Attack, the attackers deliver malware through the applications, as opposed to attacking the Windows 10 operating system. Downloading and opening an infected pdf file, for example, can introduce the malware to the computer. Because the applications tend to receive less attention than the operating system, their cybersecurity threat detection capabilities are less robust than those of the operating system. This leaves them more vulnerable to attack.
RFI (Remote File Inclusion):
RFI is an attack that targets vulnerabilities in web applications that dynamically reference external scripts. Imperva Incapsula (a web app security services company) provides a detailed explanation on how RFI works.
User interaction is required catalyst for many cyber threats to become cyber-attacks. User interaction can include basic maneuvers such as clicking on links, downloading files containing malicious code, opening infected email attachments, etc.
When a user logs into a system, the first security action is authentication. For example user account password, bio-metric scanning, etc. The system makes authorization checks after authentication. Authorization is how the network administrators delegate access to various functions and content. A hacker can exploit an Authorization Flaw to gain access to restricted information or to gain access to administrative functions normally reserved for network administrators. If you want to prevent hackers from accessing your system, you need to audit your system to identify and remove any authorization flaws.
Some do not consider physical theft as hacking, however the consequences can be similar. A hacker can attempt to enter the computer directly as opposed to remotely. Once the attacker has gained access, he/she can insert malicious code and obtain information the same way as if attacker plants the malicious code remotely. Additionally, an astute attacker may find a way to use the stolen computer for remote access to a network.
The primary mechanism a malicious website uses for attack is to prompt a user to download an infected file. Normally the attacker attaches malicious code to another file the user believes has some value. You should avoid downloading files or clicking on links if you want to prevent hackers from contaminating your network.
What Should I Suspect?
Cybercriminals will take advantage of a variety of platforms to spread malware. You should be wary of any and all platforms used to transmit data. This section describes several platforms and mechanisms used to spread malware or steal data. The next section describes a variety of means for avoiding cyber-attack from these sources. If we want to prevent hackers from achieving their malicious goals, we have to start with awareness. The list below highlights a few common ways they invade our privacy.
- Emails With Attachments – All it takes for infection is the user to open an infected file attached to an email note.
- Phishing emails – The attacker disguises an infected file with a variety of trickery. For example, the phishing email may include a link to a file that the criminal advertises as something else of value.
- Spam Emails (w/ malware or links to malicious websites)
You can download links to files containing malicious code from many different sources. Common sources with links to files containing malware include emails, websites, and blog posts.
Many users believe that if a public WiFi is password protected, then the connection is secure. This is simply a false belief. Cybercriminals in many situations find ways to intercept data transmissions or download files to other computers using the PW protected WiFi.
File Sharing Services:
Using a file sharing service to obtain information is rife with risk of cyber-attack. Sharing files can provide opportunity for another user to copy files without your knowledge. Also, file sharing exposes users to the obvious risk of sharing infected files.
Using new and unfamiliar devices can provide a means of malware entering your system. For example, sharing a file that is stored on a USB memory stick can offer a means of downloading malware to your computer.
Employees Uploading Files from External Sources to Network Servers:
Employees can and have uploaded infected files from a variety of sources to the company’s computing network shared drives. Uploading sources can be thumb drives, email attachments, web downloads, etc.
What Can I Do to Prevent Hackers from Invading Our Network?
A wide range of tactics is required to successfully manage cybersecurity risks, and to prevent hackers from stealing private information. There is no single solution. The list below is quite extensive, and may seem impractical to achieve. We have grouped these tactics into categories to facilitate discussion and to assist with efficient strategy development and deployment.
Site Access (Authentication and Authorization)
You can invoke password protection at different levels. Password protection can be required for entry to the network (authentication), or to gain access to specific file folders or even to open specific files (authorization).
A single password sign in provides only one barrier against entry by unauthorized persons. Most security professionals recommend use of multi-factor authentication. Adding a biometric identification log in requirement (see description below) to a password log in requirement is an example of two-factor authentication. You can install additional barriers for any data repository or at the individual file level.
A good network security practice is to allow access only to entities that need access to the data in order to perform the functions of their job. For example, access to file folders or portal pages can defined by position or user ID. Responsibility for maintaining authorization approvals typically lies with the Network Administrator. The Network Administrator can delegate approval authority to department managers or supervisors.
Biometric Identification Technologies:
Examples include fingerprint and retina identification.
Disable Remote Access:
Remote access allows users to access their computers or networks from another location. This can provide flexibility for achieving work objectives from remote locations. However, remote access can provide additional point of entry exposure. Some of the risk can be mitigated by accessing work files from a secure connection (VPN) to a controlled access portal mitigates some of the risk. This assumes the portal contains adequate security measures.
Enable Firmware Password:
A firmware password refers to password protecting a device at the hardware level, as opposed to the network or file storage level. When you enable firmware passwords, a user cannot access the device without first entering the firmware password. If you forget the firmware password, the devices becomes inaccessible. There is no default recovery mechanism.
Log Out of Accounts When Inactive:
Enabling auto log-out will not only go to screen saver mode, but will actually log the user out of the machine and/or network after a pre-determined time of inactivity. This is to protect the system against an unauthorized user accessing the system from an unattended device connected to the system.
File Storage and Transfer
Encrypt Data Storage Devices:
Encrypting files makes them inaccessible without applying a decryption key. Using file encryption before storing files will prevent hackers from accessing the data and information in the file, even when they have possession of the file. This is a valuable cybersecurity protection measure to enable when data security is critical to successful operation of your business.
Use Secured Wireless Networks:
Hackers can intercept data transmitted over unsecured wireless networks. Don’t be fooled by thinking that a password requirement proves WiFi security. If you need a secure connection, you need to verify the wireless network security. Look for information printed on the router that indicates WPA or WPA2 encryption. If this is a public WiFi you should consider establishing a VPN connection while using the WiFi.
Use a VPN:
Virtual Private Networks allow users to securely access a private network and share data remotely through public networks. They provide security by combining dedicated connections and encryption protocols.
Avoid Plugging In Devices You Are Not Sure About:
If you are not sure about security of information contained on a device, do not connect it to any other device on your network. Doing so would expose you to risk of transmitting unwanted malware. If you need to connect the device, you should first scan the device and subject it to any other security protocol used on other devices in your network.
Run Anti-Virus and Anti-Malware Software:
You should run anti-malware and anti-virus scans periodically on the entire network. Additionally, you should scan all files before opening or storing on the network.
Understand Cloud Vulnerabilities:
Do not make the mistake of believing that all cloud services are secure. All systems have cybersecurity vulnerabilities, whether internet based or local networks. You should verify the cloud’s security features before contracting cloud services.
Download Programs/Files Only From Reputable Sites:
Downloading solely from reputable sites provides no guaranteed prevention of downloading malware or a virus from the site. Conversely, downloading from sites for which you cannot verify reputation increases your risk of encountering a cyber-attack. If you are unsure of a websites security reputation, investigate and verify before downloading anything from that site.
Recognize Fake Websites:
Hackers often build a website that copies the look of a recognizable brand. They do this to gain trust and entice a web surfer to click on a link or download contaminated files. Before clinking on links or downloading files, look carefully for signs that indicate the website may be a fake. Indications that a website is fake could be offers that offer significant value for small investment. Another sign would be hyperlinks to web addresses that do not align with the business they are attempting to impersonate. Investigating integrity of the site may take a bit of effort, but worth the effort. With practice, you can efficiently recognize fake websites and investigate them for authenticity. This practice will help prevent hackers from invading your network.
Shop Only on Secure Sites:
Using an unsecured website for online shopping exposes the shopper to risk of having their information exposed. This includes your credit card information as well as your shopping records.
Verify Website as Safe:
The first step to take to verify security of a link is to ensure the web address (URL) starts with “https” as opposed to “http”. The “https” means that the website has a SSL certificate. The SSL certification indicates your data will be secure when passing from your browser to the website. GlobalSign provides a good explanation of the different levels of SSI certification. You can refer to this site for details. For simplicity and brevity, let’s consider that you can increase your level of security in this regard by using a later version mainstream browser and turning on the safe browsing feature. When operating in this mode, the browser will check each website you attempt to enter, and will block access if the website security cannot be verified to a high standard.
Keep Personal Information Off Social Media:
Social media sites often sell user information to a variety of buyers. Although the user has to provide permission for the site to share their personal information, some of these sites are infamous for disguising permission in sly ways. The safest action is to ensure you input no personal information in your profile or in any posts to the site.
Browse Using Secure Web Apps:
Ensuring a web application is secure is much more complex than verifying security of a website. Application operations open up a variety of security risks. You need to address each of these potential security risks by adopting specific security measures to contain the risk. Basically, web applications have the same types of security risks as network applications, except that there are additional hacker entry points. Before contracting services for a web application, you need to verify that the application security meets the same standards that you impose on your internal network applications.
Download Apps Only From Verified Sources:
You should download applications from sources you have verified as safe (see bullet point above: Verify Website as Safe).
Read Privacy Policies:
Access to ‘free’ applications, data and information comes at a price. Typically the cost of ‘free stuff’ includes, at a minimum, allowing the website install cookies on your device and/or network. The cookies let the entity track your web browsing history. Another common price to pay is to allow the website access to contact information, both personal and your business and personal contact list and associated information. All of the permissions you give when agreeing to terms are included in the privacy policies.
Network Administration & User Guidelines
Use Machine Learning (ML) to Track Abnormal Activity:
In the cybersecurity arena, machine learning acts as a double edged sword. Cybersecurity solutions use ML to enhance discovery of cyber-attacks. Hackers also use ML to enhance identification of targets to attack and to enhance discovery of cybersecurity system weaknesses. In order to stay ahead of the cybercriminals, you can employ machine learning as part of your cybersecurity solutions.
Uninstall Software You Don’t Use, Patch Software You Do Use:
It is a good practice to delete obsolete software from your system. You must update software routinely to account for emerging cyber security threats. Those software that are not routinely used may not get updated frequently enough to remain secure. For the same reasons, be sure to patch actively used software with updates as soon as the suppliers make them available.
Frequent Data Backup:
You should back up your data frequently to a source independent of your primary network. This exposes the network to less risk of a data breach or data theft.
Always Work With Firewall Active:
You should never turn off firewall protection for convenience sake. When you turn off the firewall, you have eliminated an important barrier to prevent hackers from entering your system.
Maintain Updated Software and Apps:
Updating software as updates become available is the best way to ensure you are using the latest security features provided by the software vendor.
Trust but Verify:
This mantra is useful in the cybersecurity area from several perspectives. Network administrators install security systems they trust, but they must verify that the systems have the correct configurations on all devices and applications that connect to the network. Additionally, you need to dig into the details of claims by security software vendors to verify that the solutions they represent are a good fit for your specific applications.