Evolving Cyber Threats & Hacking Techniques


Posted on by Greg McDonough

While there are many methods of hacking that threat actors use to achieve their goals, the most prevalent forms of attack typically include malware, phishing, and ransomware attacks. In this article, we will explore these different types of hacking techniques.

Malware, Phishing, and Ransomware Attacks

Malware, phishing, and ransomware attacks are among the most common forms of cybercrime and are typically associated with unethical black hat hackers. Malware, or malicious software, is any program that is designed to compromise the security of a computer or system, whereas phishing is any attempt to gain sensitive information such as usernames and passwords by fraudulently posing as a legitimate party. Phishing attacks often take the form of emails purporting to represent a company asking a user to login or provide other sensitive information.

Ransomware is one of the fastest growing areas of concern for the cybersecurity industry. After unlawfully gaining access to critical information or services, attackers can encrypt information and prevent the legitimate owner from accessing it until an agreed upon ransom is paid to release the information. This approach is particularly devastating against critical infrastructure such as hospitals and energy providers.

SQL Injection and Cross-Site Scripting (XSS)

SQL injection is a common web-based attack. Hackers are able to take advantage of vulnerabilities presented by forms asking for input items such as username or date of birth. Instead of entering this information, bad actors are able to “inject” lines of code that the system will unknowingly execute. This can result in access to secure information asked for by the form or even access to the underlying servers themselves. Cross-site scripting (XSS) attacks are also web-based. However, these programs are executed on the user side when they click on a malicious link that often brings them to a legitimate website while also stealing sensitive information, such as cookies, from the user’s device.

Social Engineering and Pretexting

Social engineering and pretexting rely on the attacker’s ability to create and exploit a relationship with their victim. Pretexting refers to the initial contact stages where the hacker develops some fraudulent pretext such as having met the target at a conference or being an old school acquaintance. This phase typically lasts only as long as it is necessary for the attacker to feel that they have laid a significant enough foundation to bypass some of their target’s better instincts. At this point, attackers will often attempt to get their target to divulge sensitive information or even do something as simple as click on a malicious link or attachment that they would typically avoid from an unknown sender.

Exploiting Vulnerabilities and Using Zero-Day Attacks

Unlike the previously mentioned attacks, exploiting vulnerabilities and launching zero day attacks do not require any level of involvement on the part of the victim. These approaches focus on fundamental flaws in a program or system that can exist in software or hardware. Once attackers recognize these targets, they deploy malware that takes advantage of these specific weaknesses. While some vulnerabilities are known to developers and patches are developed, zero-day attacks are completely unforeseen flaws without currently existing solutions.

Distributed Denial-of-Service (DDoS)

A distributed denial-of-service (DDoS) is a type of hacking attack that looks to overwhelm a server or network with a flood of information requests. Attackers typically will employ a system of connected devices that they have infected with malware that allows them to be controlled remotely. Hackers use these devices, known as bots, in an orchestrated attack that disrupts service and prevents legitimate traffic from accessing a site. Most recently, an example of this kind of attack can be found in the Microsoft Azure outage that disrupted Azure services for over eight hours.

Cybersecurity Prevention Measures

When it comes to defending against attackers and their various types of hacking, there is no one-size-fits-all approach. However, there are some agreed upon best practices that should be maintained industry wide. Every organization should implement robust firewalls and intrusion detection systems. Effective firewalls are the first layer of defense that dictate what enters and exits a controlled network and prevents most threats from even reaching their intended targets. Intrusion detection systems allow for swift mitigation when penetration occurs, minimizing lateral movement and compartmentalizing damage.

It is also necessary for every organization to regularly test its own defenses by conducting regular security audits and performing penetration testing on its systems. Security audits can be employed to evaluate a number of aspects of an organization's security in areas such as vulnerabilities or compliance. Penetration testing is a specific type of security audit in which an auditor simulates an attack and tries to gain control of the system. This can be particularly valuable in identifying unforeseen weaknesses.

Patching refers to the process of updating operating systems or software for the purpose of addressing a known security vulnerability or improving upon the system in place. On its surface, it would seem like patching should always be performed as soon as a vulnerability is discovered or an improvement is developed. However, the decision of when, and if, patches should be deployed depends on a variety of factors such as the cost of the patch vs the projected cost of leaving the issue unaddressed, the stability of the patch, and scheduling system downtime among others. In his presentation for RSAC, Ahmik Hindman addresses some of the complexities involved in patching known vulnerabilities in operational technology (OT). Assessing and prioritizing patching is an essential role for any security team.

It is also of the utmost importance to develop a sound organizational plan that meets the realities of current business practices. In its nascent stages, cybersecurity was a niche industry that was only concerned with a small piece of an organization’s infrastructure. With the proliferation of technology that is now embedded in every facet of modern business, designing and implementing resilient systems needs to be a fundamental aspect for every endeavor. As Vaibhav Malik writes, “by breaking down silos, leveraging industry frameworks, and fostering a culture of risk awareness and accountability, we can build organizations that are resilient by design.” Systems that are designed with security as an integral component, rather than an afterthought, present significant impediments to penetration and provide greater speed and flexibility in recovering from a sustained attack.

Examining Cyber Defense Against Hackers

 While there are a number of steps that every organization should take, it is imperative to consider the central role that information security should take in any enterprise.

Cybersecurity can no longer be viewed as a compartmentalized aspect of business - it needs to be woven throughout every aspect of an organization that wishes to maintain true security. For professionals who recognize the importance of this mandate and want to remain informed on all of the latest developments in cybersecurity, visit our cybersecurity events calendar where you’ll find a wealth of educational content provided by industry leaders including links to upcoming virtual cybersecurity events.


Contributors
Greg McDonough

Cybersecurity Writer, Freelance

Hackers & Threats

phishing malware ransomware fraud social engineering zero day vulnerability exploit of vulnerability denial of service Pen Testing / Breach Simulation

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs