Hacking today is, for the most part, run by large organized criminal gangs. Hacking generates hundreds of millions of dollars a year in revenue for these gangs. Because so much money is involved, these organizations can invest in developing new attacks and in finding ways around your defenses. These targeted attacks, sometimes called Advanced Persistent Threats (APTs), can be nearly impossible to detect and avoid. Many targeted attacks focus on individual users’ computers since they can then be used to gain access to data on servers. Let’s look at one of the most common targeted attacks, spear phishing attacks.
Spam is unwanted email, annoying but not directly harmful. But spam emails are the delivery method for phishing attacks, which try to get the recipient to open an attachment or click on a link, which then infects their system with malware such as a bot virus or reverse shell.
Phishing emails are usually mass-produced and not targeted at individuals or organizations. Targeted phishing attacks are called spear phishing and are run against high-value targets as the initial phase of an attack aimed at stealing the organization's data.
Imagine a hacker wants to steal your organization’s data. They research your organization from its website and other online resources. The hackers find out the names of key executives and then target one or more with a spear-phishing attack. If your CEO has school-aged children, the hackers may attack and take over the email servers at the child’s school.
They then send a forged but authentic-seeming email to the CEO with an attachment that appears to be information about a school activity. This email comes from the actual school email server, so all the red flags we have been taught to look for (e.g. wrong email domain) are not present. There is nothing to arouse the target’s suspicion, so he opens the attachment and his office computer is infected with malware.
The malware will probably be a “reverse shell”, which wakes up late at night and connects to a computer run by the hackers, allowing them access to the target’s computer. From that starting point, the hackers can expand their access to other computers on the network until they ultimately gain access to servers with confidential information. By the way, your internet firewall offers no protection, as the reverse shell is already behind it, calling out to the hackers. This appears to the firewall as a legitimate web access.
Since modern targeted attacks like this are difficult to identify and avoid, what can your organization do? The best defense is to encrypt all files. If you practice whole disk encryption of sensitive data, even if files are stolen, nothing is really lost. Few hackers have the resources or time to break modern encryption. Other effective defenses against spear phishing are:
Unfortunately, there's not yet a way to make any web technology completely invulnerable to hackers and cybercrime. Cyber attacks continue to evolve every day, resulting in a need to be constantly improving and implementing new cybersecurity measures. This concept can be overwhelming for any cybersecurity team, no matter how big or small. That's why we've created a free ebook to help you design a comprehensive cybersecurity plan.
Click here to download the ebook. >>