Monday, June 27, 2022
CybersecFill
Advertisement
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
CybersecFill
No Result
View All Result
Home Article

Inside The Mind Of A Threat Actor!!!

Tactics, Techniques And Procedures Explained....

Henrietta Ijenebe by Henrietta Ijenebe
August 11, 2021
in Article
0
Inside The Mind Of A Threat Actor!!!

ImageSource:https://www.stninc.com/

Share on FacebookShare on Twitter

They lure their victims with the bait of a seemingly innocent email or landing page in an attempt to steal their user credentials. And they only need to succeed once to get in.

Once they have hooked their victim, a cybercriminal can take over an entire network in a matter of minutes. Or worse yet, they can lurk quietly on a connected device for months, unbeknownst to the IT team, plotting how to extract the most profit and/or disrupt the now compromised network.

We care about this seemingly inconsequential phishing lures because once a hacker has a foothold on your network, they can exploit it to infiltrate deeper into your systems and cause significant harm.

Using a variety of Tactics, Techniques, and Procedures (TTP), the hacker will succeed – whether it’s ransom, theft, or a more sinister type of attack – it’s only a matter of time before they will get exactly what they want.

The infographic below illustrates how simply an attack starts, and how persistent an attacker can be once inside your network.

ImageSource:https://research.ci.security/

Phishing Is the Entry Point

You may think of phishing as some old-timey Nigerian Prince scam that only works on your grandma, but the attack vector has become wildly sophisticated and widely successful since its inception in the 1990s.

While certainly not the only tactic in the cyber criminal’s toolkit, phishing scams are the easiest and most effective way to gain access to a network or obtain personal information.

The FBI recently warned of a 270 percent increase in identified victims and exposed loss from the business e-mail compromise scams. According to the data collected, law enforcement received reports from 17,642 victims in every U.S. state and in at least 79 countries, which amounted to more than $2.3 billion in losses between October 2013 and February 2016.  It’s not just grandmas falling for the things.

VIPs Are Walking Targets for Spearphishing

Let’s just start with spearphishing. If an attacker is a spearphishing you, it’s a targeted attack that’s looking for something you have. Your login credentials, your HR privileges, your bank account number, whatever. Spear phishers aren’t just spraying untargeted Nigerian Prince scams out to some email list they bought—they’re looking for something specific you have and tailoring the message to you. And when crafted with skill, the emails they send will appear much more authentic than whatever lands in your spam box on the daily.

Whale phishing, or whaling, is the practice of marking CEOs and other high-value targets. Board members — with high levels of trust and names that carry weight inside their respective organizations — are increasingly targeted.

Regardless of the target (or lack thereof), hackers will often disguise malware inside of Office documents (macros), encrypted zips, or even “password reset pages.”

There are gobs of pre-built phishing kits available on the dark web, so even relatively unskilled threat actors can look like pros.

Tactics, Techniques, and Procedures (TTP) Executed after the Breach

So, who cares if someone got the email login credentials for Jeff from Accounting or Admin privileges to the printer on Floor 6, you might ask.

We care about these phishing incidents because once a hacker obtains credentials, there is nothing to stand in the way of the threat actor. Access from an unprivileged account is sufficient to begin the job of getting administrative access, after which he/she will have full clearance to do their worst to get your best, most valuable, assets and data. Furthermore, the actor can lurk for months, exploring internal systems, and then carefully extracting valuable treasures residing deep within the network.

Here are just a few post-breach TTP:

Beaconing

Attackers can use beaconing to get back into a compromised computer. The installed beacon will “call out” to the internet and check for commands from the attacker.

Reconnaissance

With a logged-in user’s credentials, attackers can use reconnaissance to gather useful information to further compromise other systems. Often the goal is access to local admin and/or domain admin accounts.

Continued Phishing

Once attackers have compromised Jeff from Accounting’s email account, they can use it to send further phishing emails, this time from within the organization’s email server.

Long-Term Persistence

Hackers can perform beaconing stretched out over long periods. Since the activity occurs so infrequently, it’s harder to detect. This allows hackers to harvest data over weeks, months, and sometimes years.

Destruction or Denials of Service

In the case of a total compromise, hackers can alter and/or destroy access. The most effective attacks begin weeks or months before leading to more overt and destructive activities.

Phishing Tactics Continue to Evolve

But no one is going to fall for the old Nigerian Prince scam anymore, right…?  Wrong! As soon as the old tricks quit working, cybercriminals get creative and employ a new trick to get the same, predictable outcome. One upcoming escalation is the implementation of artificial intelligence by threat actors for more surgical targeting, and crafting better ”bait”.

The numbers can be murky because companies aren’t required to report such compromises, and therefore have no incentive to broadcast to the world when a malicious actor gets into their systems. And while it’s best to scrutinize stats offered by organizations that peddle anti-phishing solutions, it’s also best to recognize that the problem is real and take steps to shore up your defenses.

The truth is that as long as humans are opening emails, phishing will continue to be an effective tactic for the foreseeable future.

How to Protect Your Business from Phishing Attacks

Wondering how to protect your business against all this nastiness? The FBI offers this handy shortlist of best practices for businesses who want to fend off phishing attacks:

  • Be wary of email-only wire transfer requests and requests involving urgency
  • Pick up the phone and verify legitimate business partners
  • Be cautious of mimicked email addresses
  • Practice multi-factor authentication

Lastly, note that many of the TTP employed will create a signal on the network, which can be teased out of the aggregated intrusion detection, log, and other events, using analytics that employs statistical, frequency, signature, reputation, and other methods. We all have to assume that periodic compromises will occur and that to the greatest extent, they will be caused by user action. If you detect and put out the stove fire quickly, the house will not be engulfed and your records, finances, and critical services will have no impact.

 

Tags: BeaconingReconnaissanceSpear PhishingWhale Phishing
Henrietta Ijenebe

Henrietta Ijenebe

Another Breed striving to make our cyber.space a better state of existence. CyberContent Writer at Cybersecfill. Cybersecurity Threat Intelligence Analysis... Penetration Testing... I code in Javascript...Python...PHP I convey with HTML I beautify with CSS

Next Post
9 Steps To Reduce Your Digital Footprint…

9 Steps To Reduce Your Digital Footprint...

0 0 votes
Article Rating
Login
guest
guest
0 Comments
Inline Feedbacks
View all comments
  • Trending
  • Comments
  • Latest
CEH_PRACTICAL

CEH PRACTICAL EXAM – TICKET TO CEH MASTER

February 6, 2021
Wireless Access Point

How To Secure Your Wireless Access Point (WAP)

August 3, 2019
Wifi 6 Security

Did Wi-Fi 6 come with an Improvement In Security?

May 13, 2019
credit card cloning

How Credit/Debit Cards are Cloned / Preventing Card Cloning

December 26, 2019
Nationa Cybersecurity Strategy

A Review of the Nigeria National Cybersecurity Strategy

9
Facebook

Facebook’s New Settings Allows Hackers To Easily Pentest Facebook,Instagram Mobile Applications

8
Cybersecurity Jobs

Cybersecurity Jobs – You can create your own Cybersecurity Role

4
open Source intelligence tools

Open Source Intelligence tools – OSINT

4
Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

Recommended

Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

© 2020 CybersecFill. All Rights Reserved.

No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us

© 2020 CybersecFill. All Rights Reserved.

wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply

Privacy Policy - Terms and Conditions