Vulnerabilities / Threats
1/13/2013
11:09 PM
Quick Hits
Quick Hits
Quick Hits
Connect Directly
RSS
E-Mail
50%
50%
Repost This

How Cybercriminals Choose Their Targets And Tactics

Targeted attacks are becoming pervasive. Here's a look at how those targets are chosen -- and how your organization might avoid being one of them

[Excerpted from "How Cybercriminals Choose Their Targets and Tactics," a new, free report posted this week on Dark Reading's Advanced Threats Tech Center.]

When police officers go undercover, they must successfully blend into an environment that few of us would ever willingly choose to live in. Good undercover officers know the tactics of traditional criminals because they live in the criminals' world. They study the criminals' tactics, tools and psyches, and can thus anticipate certain behaviors because they understand the end goals.

In some respects, staying a step ahead of cybercriminals is much more difficult than staying ahead of your average street criminal. You won't catch black-hat hackers with traditional surveillance, because they can inflict as much damage in their pajamas as they could if they got dressed and robbed a bank.

Cybercriminals often fit no specific profile. They can effectively hide their tracks through proxies and spoofing. They change their tactics often, and they are adept at hiding tools and other malicious code through obfuscation. Good cybercriminals understand the digital trails they leave, and how easy or hard it is for big-business security tools to detect those activities.

And unlike many security pros, good cybercriminals can code. Talented black hats enjoy decompiling a piece of commercial software for fun,or coding a new botnet with a feature set that is a security admin's worst nightmare.

So how do you defend yourself against an ever-evolving, nameless, faceless enemy that adapts to your defenses as quickly as you can deploy them? The unfortunate reality is that you can never fully defend yourself against a truly skilled cybercriminal, but you can certainly make your organization a more difficult target by deploying the right tools and implementing the right best practices.

A security pro's best defense is to act like an undercover cop, gaining intimate knowledge of how the bad guys operate. Attackers care about advanced cryptography, decompilers and reverse-engineering methods. They know about APIs and SQL. Indeed, as a security pro, you won't necessarily get the knowledge you need to protect your organization by studying for a CISSP all day long -- you need to spend time living in the world that cybercriminals inhabit.

Before motivated attackers can launch a strike, they need to target a victim. The choice of target depends largely on the motive for an attack, but it also depends on organizations' vulnerability to attack.

While some cybercriminals focus their efforts on spreading damage far and wide through malware development, others are content to troll the Internet for sites that are vulnerable to a more direct attack. A black hat who is trolling around for a victim generally uses a simple methodology to set up an attack, but step one of that process always requires the discovery of a target.

The most effective way to select a target is to use a vulnerability scanner. Every organization has exposed public-facing services that could be used as a conduit for attack, and vulnerability scanners and bots can make quick work of finding potential targets for attacks.

Some black hats prefer to exploit network-centric vulnerabilities, so they will unleash scanners on your externally facing IP block, looking to attack hosts listening for SSH, FTP, HTTP, Telnet and RDP (to name a few). Other attackers will use vulnerability scanners to look for externally facing sites that are vulnerable to SQL injection, cross-site scripting attacks or local or remote file include attacks. If an attacker is motivated to hit a specific application or database, then multiple vulnerabilities may be exploited to set up an attack.

To read more about cybercriminals' methods of choosing a target and an attack -- and what you can do to reduce your chances of being a victim -- download the free report.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Apprentice
1/21/2013 | 11:23:32 PM
re: How Cybercriminals Choose Their Targets And Tactics




Great article and
very informative for anyone. -áThink about
a bank robber and how long they stake out a target bank before actually committing
the robbery. The criminals gather everything from delivery times, to employees
break scheduling. Why wouldnGÇÖt a cybercriminal do the same thing with a target they
were planning on attacking? Information on these topics is the best defense to
avoid finding you a victim.

Paul Sprague

InformationWeek Contributor


MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
1/18/2013 | 2:26:40 PM
re: How Cybercriminals Choose Their Targets And Tactics
In my opinion, a Security Tester,
or hacker, has one of the most exciting and creative jobs in the industry. They
are asked to find as many critical security vulnerabilities in complex software
systems with limited resources - before the application is released or shipped.
They have the challenge of knowing more about the system in the first couple of
days than the developers who wrote the system. They have to find every
vulnerability in the system, while the attacker effectively has all the time
and resources in the world to find only one issue. ThatGÇÖs why, I truly believe
that to be effective, they have to get in the attackers mindset, think like the
enemy, if I may say. Also, we have to keep in mind that it takes dedication,
practice and a laser-like focus for years to become the best. Actually, hereGÇÖs
a great article on this matter: http://blog.securityinnovation....-á
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web