Vulnerabilities / Threats
1/13/2013
11:09 PM
Dark Reading
Dark Reading
Quick Hits
50%
50%

How Cybercriminals Choose Their Targets And Tactics

Targeted attacks are becoming pervasive. Here's a look at how those targets are chosen -- and how your organization might avoid being one of them

[Excerpted from "How Cybercriminals Choose Their Targets and Tactics," a new, free report posted this week on Dark Reading's Advanced Threats Tech Center.]

When police officers go undercover, they must successfully blend into an environment that few of us would ever willingly choose to live in. Good undercover officers know the tactics of traditional criminals because they live in the criminals' world. They study the criminals' tactics, tools and psyches, and can thus anticipate certain behaviors because they understand the end goals.

In some respects, staying a step ahead of cybercriminals is much more difficult than staying ahead of your average street criminal. You won't catch black-hat hackers with traditional surveillance, because they can inflict as much damage in their pajamas as they could if they got dressed and robbed a bank.

Cybercriminals often fit no specific profile. They can effectively hide their tracks through proxies and spoofing. They change their tactics often, and they are adept at hiding tools and other malicious code through obfuscation. Good cybercriminals understand the digital trails they leave, and how easy or hard it is for big-business security tools to detect those activities.

And unlike many security pros, good cybercriminals can code. Talented black hats enjoy decompiling a piece of commercial software for fun,or coding a new botnet with a feature set that is a security admin's worst nightmare.

So how do you defend yourself against an ever-evolving, nameless, faceless enemy that adapts to your defenses as quickly as you can deploy them? The unfortunate reality is that you can never fully defend yourself against a truly skilled cybercriminal, but you can certainly make your organization a more difficult target by deploying the right tools and implementing the right best practices.

A security pro's best defense is to act like an undercover cop, gaining intimate knowledge of how the bad guys operate. Attackers care about advanced cryptography, decompilers and reverse-engineering methods. They know about APIs and SQL. Indeed, as a security pro, you won't necessarily get the knowledge you need to protect your organization by studying for a CISSP all day long -- you need to spend time living in the world that cybercriminals inhabit.

Before motivated attackers can launch a strike, they need to target a victim. The choice of target depends largely on the motive for an attack, but it also depends on organizations' vulnerability to attack.

While some cybercriminals focus their efforts on spreading damage far and wide through malware development, others are content to troll the Internet for sites that are vulnerable to a more direct attack. A black hat who is trolling around for a victim generally uses a simple methodology to set up an attack, but step one of that process always requires the discovery of a target.

The most effective way to select a target is to use a vulnerability scanner. Every organization has exposed public-facing services that could be used as a conduit for attack, and vulnerability scanners and bots can make quick work of finding potential targets for attacks.

Some black hats prefer to exploit network-centric vulnerabilities, so they will unleash scanners on your externally facing IP block, looking to attack hosts listening for SSH, FTP, HTTP, Telnet and RDP (to name a few). Other attackers will use vulnerability scanners to look for externally facing sites that are vulnerable to SQL injection, cross-site scripting attacks or local or remote file include attacks. If an attacker is motivated to hit a specific application or database, then multiple vulnerabilities may be exploited to set up an attack.

To read more about cybercriminals' methods of choosing a target and an attack -- and what you can do to reduce your chances of being a victim -- download the free report.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
1/21/2013 | 11:23:32 PM
re: How Cybercriminals Choose Their Targets And Tactics




Great article and
very informative for anyone. -áThink about
a bank robber and how long they stake out a target bank before actually committing
the robbery. The criminals gather everything from delivery times, to employees
break scheduling. Why wouldnGÇÖt a cybercriminal do the same thing with a target they
were planning on attacking? Information on these topics is the best defense to
avoid finding you a victim.

Paul Sprague

InformationWeek Contributor


MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
1/18/2013 | 2:26:40 PM
re: How Cybercriminals Choose Their Targets And Tactics
In my opinion, a Security Tester,
or hacker, has one of the most exciting and creative jobs in the industry. They
are asked to find as many critical security vulnerabilities in complex software
systems with limited resources - before the application is released or shipped.
They have the challenge of knowing more about the system in the first couple of
days than the developers who wrote the system. They have to find every
vulnerability in the system, while the attacker effectively has all the time
and resources in the world to find only one issue. ThatGÇÖs why, I truly believe
that to be effective, they have to get in the attackers mindset, think like the
enemy, if I may say. Also, we have to keep in mind that it takes dedication,
practice and a laser-like focus for years to become the best. Actually, hereGÇÖs
a great article on this matter: http://blog.securityinnovation....-á
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7402
Published: 2014-12-17
Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request.

CVE-2014-5437
Published: 2014-12-17
Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php,...

CVE-2014-5438
Published: 2014-12-17
Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php.

CVE-2014-7170
Published: 2014-12-17
Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

CVE-2014-7285
Published: 2014-12-17
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.