Is Your Enterprise Prepared for a Hack?

Is Your Enterprise Prepared for a Hack?
A static defensive security posture is
breach prevention by itself isn't enough. 

By Scott Murphy
VP Strategic Business Development,  Data Perceptions Inc. 

The reality of cybersecurity today is everyone is getting constantly bombarded with automated attacks of various types that are each looking for network vulnerabilities. It seems just a matter of time until an organization is compromised. The challenge is no longer stopping the compromise but rather the
speed and capabilities of an organization to notice the compromise and then respond effectively.

Security Risks - Hackers are looking a easy way in.

Threat actors or hackers are focusing on three primary methods of getting a foothold in an enterprise: 

  • Human error 
  • Unpatched systems 
  • Trust-chain issues 


The Anatomy of an Attack

 To protect themselves, enterprises need to develop capabilities that detect when a system has been compromised and then respond accordingly with a treatment plan. In order to do this, a high-level understanding of the techniques that adversaries are using to gain and escalate access to your organization is needed. 

A hacker’s first step is to gain initial access to the organization. This is commonly done through phishing social engineering techniques to trick users into allowing the hacker basic access to the system. The hacker will typically attempt to remain unnoticed by keeping the compromise in only the memory of the system so that Antivirus (AV) and Endpoint Detection and Response (EDR) systems will not notice. The hacker may use some other social engineering techniques to determine the specific AV and EDR systems that your organization is using, and then customize their payloads and techniques to avoid detection.

The next step for the hacker is to establish local persistence of the compromise, usually by escalating local privileges on the compromised system and deploying a Remote Access Trojan (RAT) on to the system. They now have a solid foothold in your organization to start to escalate access to the organization’s data.  The threat actor will look to move latterly within the organization, looking for data and information to further escalate their access to systems and files. They’ll continue to use social engineering, take advantage of unpatched systems, and exploit trust-chain issues within systems. The chain of trust in systems is a secure way of ensuring that someone cannot modify systems easily. If the system contains a bug, hackers can exploit the bug and cause the execution of untrusted code or scripts.

While they are there.....

As the threat actor moves latterly within the organization and gains escalated privileges and access to data, they begin to exfiltrate data offsite for further analysis, keeping their backdoor open to go back for more data.  Data is often encrypted and compressed (zipped) for sending offsite to avoid detection. 

They will analyze the data looking to further escalate their privileges, often by finding passwords embedded in code, files, databases, and even offsite systems.  

Once a breach is detected an organizaton can respond and treat quickly and effectivelyThey will analyze the data looking to further escalate their privileges, often by finding passwords embedded in code, files, databases, and even offsite systems.  Hackers will often find re-used usernames and passwords in test systems or cloud-based systems that will allow them to gain even more access. Onsite regular users are often admins for cloud-based systems. 

Threat actors don’t necessarily have a plan or a specific target. They’re opportunistic and take advantage of the information that they glean from the “low-hanging fruit” available and use it to exploit an organization for profit.  

Share this post:

Comments on "Is Your Enterprise Prepared for a Hack?"

Comments 0-5 of 0

Please login to comment