Vulnerabilities / Threats
1/13/2013
11:09 PM
Dark Reading
Dark Reading
Quick Hits
50%
50%

How Cybercriminals Choose Their Targets And Tactics

Targeted attacks are becoming pervasive. Here's a look at how those targets are chosen -- and how your organization might avoid being one of them

[Excerpted from "How Cybercriminals Choose Their Targets and Tactics," a new, free report posted this week on Dark Reading's Advanced Threats Tech Center.]

When police officers go undercover, they must successfully blend into an environment that few of us would ever willingly choose to live in. Good undercover officers know the tactics of traditional criminals because they live in the criminals' world. They study the criminals' tactics, tools and psyches, and can thus anticipate certain behaviors because they understand the end goals.

In some respects, staying a step ahead of cybercriminals is much more difficult than staying ahead of your average street criminal. You won't catch black-hat hackers with traditional surveillance, because they can inflict as much damage in their pajamas as they could if they got dressed and robbed a bank.

Cybercriminals often fit no specific profile. They can effectively hide their tracks through proxies and spoofing. They change their tactics often, and they are adept at hiding tools and other malicious code through obfuscation. Good cybercriminals understand the digital trails they leave, and how easy or hard it is for big-business security tools to detect those activities.

And unlike many security pros, good cybercriminals can code. Talented black hats enjoy decompiling a piece of commercial software for fun,or coding a new botnet with a feature set that is a security admin's worst nightmare.

So how do you defend yourself against an ever-evolving, nameless, faceless enemy that adapts to your defenses as quickly as you can deploy them? The unfortunate reality is that you can never fully defend yourself against a truly skilled cybercriminal, but you can certainly make your organization a more difficult target by deploying the right tools and implementing the right best practices.

A security pro's best defense is to act like an undercover cop, gaining intimate knowledge of how the bad guys operate. Attackers care about advanced cryptography, decompilers and reverse-engineering methods. They know about APIs and SQL. Indeed, as a security pro, you won't necessarily get the knowledge you need to protect your organization by studying for a CISSP all day long -- you need to spend time living in the world that cybercriminals inhabit.

Before motivated attackers can launch a strike, they need to target a victim. The choice of target depends largely on the motive for an attack, but it also depends on organizations' vulnerability to attack.

While some cybercriminals focus their efforts on spreading damage far and wide through malware development, others are content to troll the Internet for sites that are vulnerable to a more direct attack. A black hat who is trolling around for a victim generally uses a simple methodology to set up an attack, but step one of that process always requires the discovery of a target.

The most effective way to select a target is to use a vulnerability scanner. Every organization has exposed public-facing services that could be used as a conduit for attack, and vulnerability scanners and bots can make quick work of finding potential targets for attacks.

Some black hats prefer to exploit network-centric vulnerabilities, so they will unleash scanners on your externally facing IP block, looking to attack hosts listening for SSH, FTP, HTTP, Telnet and RDP (to name a few). Other attackers will use vulnerability scanners to look for externally facing sites that are vulnerable to SQL injection, cross-site scripting attacks or local or remote file include attacks. If an attacker is motivated to hit a specific application or database, then multiple vulnerabilities may be exploited to set up an attack.

To read more about cybercriminals' methods of choosing a target and an attack -- and what you can do to reduce your chances of being a victim -- download the free report.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
1/21/2013 | 11:23:32 PM
re: How Cybercriminals Choose Their Targets And Tactics




Great article and
very informative for anyone. -Think about
a bank robber and how long they stake out a target bank before actually committing
the robbery. The criminals gather everything from delivery times, to employees
break scheduling. Why wouldnGt a cybercriminal do the same thing with a target they
were planning on attacking? Information on these topics is the best defense to
avoid finding you a victim.

Paul Sprague

InformationWeek Contributor
-

MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
1/18/2013 | 2:26:40 PM
re: How Cybercriminals Choose Their Targets And Tactics
In my opinion, a Security Tester,
or hacker, has one of the most exciting and creative jobs in the industry. They
are asked to find as many critical security vulnerabilities in complex software
systems with limited resources - before the application is released or shipped.
They have the challenge of knowing more about the system in the first couple of
days than the developers who wrote the system. They have to find every
vulnerability in the system, while the attacker effectively has all the time
and resources in the world to find only one issue. ThatGs why, I truly believe
that to be effective, they have to get in the attackers mindset, think like the
enemy, if I may say. Also, we have to keep in mind that it takes dedication,
practice and a laser-like focus for years to become the best. Actually, hereGs
a great article on this matter: http://blog.securityinnovation....-
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.