To catch a hacker: The subtle mistakes of an
attack
attack
For all the benefits that it brings, new
technology tends to open up a wealth of opportunities for
malicious parties to compromise sensitive data. Even as businesses strive
to protect themselves by employing advanced cyber security tools,
hackers are keeping pace with developments of their own.
technology tends to open up a wealth of opportunities for
malicious parties to compromise sensitive data. Even as businesses strive
to protect themselves by employing advanced cyber security tools,
hackers are keeping pace with developments of their own.
Many organizations focus on alerts of an
attack, such as blaring notifications that something just isn’t right. However,
a threat could easily be sleeping in their systems right now or attacks
could be perpetrated right under their noses in the guise of normal
transactions.
attack, such as blaring notifications that something just isn’t right. However,
a threat could easily be sleeping in their systems right now or attacks
could be perpetrated right under their noses in the guise of normal
transactions.
In fact, the quieter variety of cyberattacks
is particularly dangerous and underprepared for. Methods are becoming more
sophisticated and harder to detect, but there are ways that these threats can
be caught.
is particularly dangerous and underprepared for. Methods are becoming more
sophisticated and harder to detect, but there are ways that these threats can
be caught.
Look at the evidence
Hackers in movies and television shows have
helped perpetuate the myth that cyberattacks can only be detected when
they are caught in the act. Data breach systems can detect when someone
breaches and is inside your systems. This tool can help identify and mitigate
attacks quickly, reducing potential risk and costs.
helped perpetuate the myth that cyberattacks can only be detected when
they are caught in the act. Data breach systems can detect when someone
breaches and is inside your systems. This tool can help identify and mitigate
attacks quickly, reducing potential risk and costs.
But sometimes hackers remain undetected, and
that calls for some cyber forensics. While malicious parties can certainly
cover their tracks, there is typically a breadcrumb trail left behind. In fact,
Hexadite co-founder Barak Klinghofer told USA Today that cyber criminals always leave evidence behind. Organizations can analyze this information
to identify how the attack was perpetrated and who did it.
InfoSec analysts take a deep look into attack vectors, the timing of the
breach, what information was stolen and to whom the data might be useful.
Evidence can create a substantial picture leading to the culprit and mitigating
similar attacks in the future. No matter how subtle an attack may be when it
happens, organizations still have an opportunity to rectify it afterward by
utilizing advanced cyber forensic tools and plugging the gaps.
that calls for some cyber forensics. While malicious parties can certainly
cover their tracks, there is typically a breadcrumb trail left behind. In fact,
Hexadite co-founder Barak Klinghofer told USA Today that cyber criminals always leave evidence behind. Organizations can analyze this information
to identify how the attack was perpetrated and who did it.
InfoSec analysts take a deep look into attack vectors, the timing of the
breach, what information was stolen and to whom the data might be useful.
Evidence can create a substantial picture leading to the culprit and mitigating
similar attacks in the future. No matter how subtle an attack may be when it
happens, organizations still have an opportunity to rectify it afterward by
utilizing advanced cyber forensic tools and plugging the gaps.
Cyber forensics can analyze evidence hackers
leave behind.
leave behind.
Determine the number of actors
EyePyramid, an information-stealing malware,
was active earlier this year, and attacks that utilized this malicious software
resulted in the theft of 87GB of sensitive data. It also targeted more
than 100 email domains and 18,000 email accounts in Italy, the U.S., Europe and
Japan. Despite the extent of this attack, it was eventually attributed to a brother-sister team who were using the malware to profit
from the stolen data. A Trend Micro report by Martin Roesler found that their
identification was a result of operator error. Their habits, quirks and
techniques were their ultimate downfall. Cyber security tools must be able to
recognize trends within behavior, allowing breached organizations to track
down an attack to the source. “Hackers can make simple mistakes by
revealing too much about themselves.”
was active earlier this year, and attacks that utilized this malicious software
resulted in the theft of 87GB of sensitive data. It also targeted more
than 100 email domains and 18,000 email accounts in Italy, the U.S., Europe and
Japan. Despite the extent of this attack, it was eventually attributed to a brother-sister team who were using the malware to profit
from the stolen data. A Trend Micro report by Martin Roesler found that their
identification was a result of operator error. Their habits, quirks and
techniques were their ultimate downfall. Cyber security tools must be able to
recognize trends within behavior, allowing breached organizations to track
down an attack to the source. “Hackers can make simple mistakes by
revealing too much about themselves.”
Track social interactions
Hackers are no stranger to using forums and
other means to sell their tools. However, even these individuals can make
mistakes by simply posting too much online. In July 2014, when Limitless
Logger was at its peak, cybercrinimals used it to disable security
controls, record keystrokes and exfiltrate account passwords.
other means to sell their tools. However, even these individuals can make
mistakes by simply posting too much online. In July 2014, when Limitless
Logger was at its peak, cybercrinimals used it to disable security
controls, record keystrokes and exfiltrate account passwords.
Trend Micro research started to dig into information about the original author by looking into them on Hackforums. From
information within the posts, it was found that the culprit just completed the
first semester in a university as well as contact details for Skype and PayPal
accounts. Following the rabbit hole of these clues, public social network
profiles were eventually found and Hackforum chat logs confirmed his true name.
Hackers can make simple mistakes by revealing too much about themselves. A
profile can be made from this data to narrow down the suspect pool and develop
other leads to ultimately identify the culprit.
information within the posts, it was found that the culprit just completed the
first semester in a university as well as contact details for Skype and PayPal
accounts. Following the rabbit hole of these clues, public social network
profiles were eventually found and Hackforum chat logs confirmed his true name.
Hackers can make simple mistakes by revealing too much about themselves. A
profile can be made from this data to narrow down the suspect pool and develop
other leads to ultimately identify the culprit.
Watch for spelling errors
Hackers are human, and that means they make
mistakes, especially when trying to phish for credentials. It’s common for
employees to easily glance over spelling errors in URLs and
messages automatically clicking links without second thought. But that’s
not the way that spelling errors signal an attack.
mistakes, especially when trying to phish for credentials. It’s common for
employees to easily glance over spelling errors in URLs and
messages automatically clicking links without second thought. But that’s
not the way that spelling errors signal an attack.
For example, in early 2016, Bangladesh Bank
experienced this firsthand. Hackers breached the institution’s systems and
stole payment transfer credentials. These authorizations were used to make
nearly three dozen requests to move money from the bank to entities in the
Philippines and Sri Lanka, Reuters reported. After the fifth request, a
misspelling caught the eye of a routing bank, causing them to look into the
transactions. While the error prevented a $1 billion heist, the hackers still
managed to get away with $80 million for their efforts.
experienced this firsthand. Hackers breached the institution’s systems and
stole payment transfer credentials. These authorizations were used to make
nearly three dozen requests to move money from the bank to entities in the
Philippines and Sri Lanka, Reuters reported. After the fifth request, a
misspelling caught the eye of a routing bank, causing them to look into the
transactions. While the error prevented a $1 billion heist, the hackers still
managed to get away with $80 million for their efforts.
Organizations can be overwhelmed by the
thought of cybercrime. However, there are a number of ways to spot a potential
threat and stop it in its tracks. With capable cyber security tools, businesses
can have peace of mind that their systems and data are secure.
thought of cybercrime. However, there are a number of ways to spot a potential
threat and stop it in its tracks. With capable cyber security tools, businesses
can have peace of mind that their systems and data are secure.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!