In my earlier blog, I elaborated on the first two phrases that typically take place in a cyber attack. My hope is that a better understanding of the actual process will enable small and medium businesses to better visualize their vulnerabilities, and hence make better decisions when it comes to investing to enhance their security.
Today, I will talk about the last three phrases of a cyber attack as observed in Operation Aurora, also known simply as the "Google hack."
While there will always be people using unsafe computing practices, it is becoming progressively harder to persuade users to click on unidentified file attachments. Using social engineering, however, hackers are taking a new approach to get their victims to open specially altered attachments or to click on poisoned URL pages.
Perpetrators can pretend to be friends, colleagues or family members. Masquerading as people they know tends to get users to lower their guard, making it easier to influence them to perform the desired actions. Note that such schemes need not be limited to e-mail alone; other vectors can include the use of IMs or even social networks, many of which provide direct messaging.
A successful exploit typically takes mere seconds to complete as users open malformed documents or Web pages. Establishing a single beachhead is all that is necessary. Indeed, it is common to see malware that can be remotely updated or that is used to quietly load a host of other tools for spying or for stealing proprietary data.
Hackers generally target popular software using known security flaws, in the hopes that they have not been patched. More sophisticated entities might use undiscovered security vulnerabilities, with a specially crafted attack designed to exploit the target system.
It world would be much simpler if each workstation in the corporate network has to be attacked and broken into separately. However, a cyber attack targeted at an organization does not end with the compromise of a single machine. You see, cyber attackers exploit a specific workstation with the intention of using it as a launching pad for further attacks within the network.
Remember, attacks launched from the compromised machine effectively negate the protective capabilities of the external firewall. In addition, a plethora of hacking and probing tools can be brought to bear from within the network to attack machines normally protected by the firewall.
I have resisted from making any solutions or suggesting ways to mitigate the various attacks. However, I promise I'll be writing more about it in a blog later this week. In the meantime, I would love to hear your thoughts on this subject.
Please drop me an e-mail if your SMB uses security practices or tools that you have found to be of use.