Anatomy of a Cybersecurity Breach: How Hackers Break In – and How You Can Fight Back

1. Anatomy of a cybersecurity breach How hackers break in –and how you can fight back Download the e-book to get detailed guidance on how to create an effective cyber defense strategy for your business now.

2. Security threats are relentless A cyberattack can cause millions of dollars in damage to both your company’s bottom line and its reputation. Are you aware of the potential cybersecurity threats to your company? Read more on cybersecurity threats in the following slides—

3. The four stages of a cybersecurity breach Getting the initial foothold Expanding to the network Gaining elevated control Staying for the short-or-long-term

4. STAGE 01 Getting the initial foothold The four stages of a security breach Attackers breach defenses and gain network access through compromised workstations, unpatched internet-facing servers, and poorly configured third party-managed devices. Once inside, attackers identify and target your organization’s valuable information assets.

5. STAGE 01 Getting the initial foothold – common techniques The four stages of a security breach • Exploit • Attackers deploy a code to exploitsoftware vulnerabilities for accessing sensitive information on a server/device or installing malware. • Password spraying • Hackers cast a broad net with ‘spraying’ several common passwords at thousands of accounts to gain unauthorized entry. • Malware • Attackers deploy malicious programs to hijack your PC, steal information and send spam. • Phishing • Attackers send deceptive emails to trick users into giving out sensitive information and gain unauthorized access to internal infrastructure.

6. STAGE 01 Getting the initial foothold – common techniques The four stages of a security breach • Ransomware • This malware locks a user out of their computer or network without access to files, folders, or drives. Attackers then demand a financial ransom to recover access. • Supply chain vulnerabilities • This involves tampering an external vendor’s products, IT systems, or processes during sourced components’ development, manufacturing, or delivery. • Watering hole • Attackers identify specific websites where their targets frequently visit, and place malicious links to malware on the sites for infecting hosts when they visit. • Zero day • Exploitation of a vulnerability that the software vendor hasn’t disclosed or patched.

7. The four stages of a security breach STAGE 02 Gaining elevated control Attackers look for ways to consolidate control of the local system and gain access to administrative systems. Attackers attempt to identify and impersonate administrator accounts to manage, update, and access system resources. A supply chain is a vulnerable entry point for attackers to exploit a weakness and gain elevated control!

8. STAGE 02 Gaining elevated control – common techniques The four stages of a security breach • Keystroke Logging (Keylogger) • A type of malware that records a user’s key strokes to collect usernames and passwords for attackers to log into the target organization’s network. • Network scanning • Attackers catalogue host machines, services, and resources to target and gain unauthorized access with their newly acquired administrative credentials. • Pass the hash (PtH) • Attacker use a victim’s password’s underlying hash (code) to masquerade as that user. The attacker doesn’t need to know the actual user credentials to authenticate to a remote server/service.

9. The four stages of a security breach STAGE 03 Expanding the network At this point, the attacker has gained widespread access to a network by spreading out from an individual workstation or server into as many systems as possible. The attacker then installs a permanent backdoor using malware implants to get back into the network and hide in plain sight to gain long-term access to the systems.

10. STAGE 03 Expanding the network – common techniques The four stages of a security breach • Botnet • A network of private computers infected with malicious software controlled by a hacker who can use it for large-scale attacks. • Command and control (C&C) • Servers and infrastructure are used to control several computers via centralized commands such as a botnet. • Implant • A small, hidden program that an attacker installs on your PC without your knowledge. • Living off the land • A phrase that refers to when attackers rely on native resources (as opposed to malware) to maintain a low profile and wreak havoc on a system.

11. STAGE 04 Staying for the short or long-term The four stages of a security breach The attackers monitors and extracts data while remaining undetected for the longest possible time. They’ll create accounts for themselves to ensure that they stay on the network and change passwords to evade detection. For the short haul, attackers may take a smash-and-grab approach, breaching a system and taking whatever they can quickly get, with little interest in staying put.

12. STAGE 04 Staying for the short or long-term – techniques The four stages of a security breach • Advanced persistent threat (APT) • A targeted attack against a specific entity that tries to avoid detection and steal information over a period of time. • Assume breach mindset • A strategic mindset that business leaders and CISOs adopt, requiring a shift in focus from purely preventive security measures to ongoing detection, response, and recovery from threat occurrences. • Backdoor • An entry point into a system or network that enables continued access. • Smash-and-grab technique • A carefully orchestrated hacking approach where an attacker exploits a system, steals data, and then leaves.

13. Want to learn a holistic approach on how to protect, detect, and respond to targeted attacks? Get detailed guidance on how to create an effective cyber defense strategy for your business. Download this e-book now.