While it seems like a worn-out trope to describe our world as “shifting rapidly,” it can’t be understated how the pandemic changed everything regarding cybersecurity. Ransomware, for example, has risen in prevalence over the years and continues to threaten all sorts of industries in 2022. With all of these changes happening, it’s crucial now more than ever to truly “know your enemy” when it comes to cyber crime. What better place to start than the methods and motives for hacking?
Here is a quick starter guide to learn the mindset of a hacker that’ll put you on the path to hunting down the biggest dangers to your organization, from insider threats to stealth malware.
What are the motives for hacking?
There are lots of reasons a hacker looks to target a business or organization. These motivations help determine what they’re looking to breach, what they might take, and how hard they’ll work to succeed. These are the five most common motives for hacking.
1. Financial Gain
One of the most obvious motives for hacking is the possibility of financial benefit. Attackers have several different methods for making money off their exploits, including demanding some sort of ransom from the victim in exchange for breached data, selling the information on the dark web, or directly stealing money from a victim via credit cards, bank accounts, or other financial institutions.
2. Theft of Intellectual Property
Not all hackers are looking for a direct payout for their crimes. State and corporate sponsored attacks occur for the purposes of stealing intellectual property, either to gain some sort of market or military advantage. These kinds of attacks are typically carried out via third party attackers so governments and corporate entities can maintain plausible deniability of knowledge. These kinds of attacks seek out anything from weaponry blueprints to product patents.
3. Political Statements
These attackers are known as “hacktivists” and their goal is to disrupt websites, systems, and infrastructures to make a political statement. These individuals or groups aren’t necessarily seeking financial benefits, unless it furthers their political goals. Usually, these attacks are accompanied by public statements claiming responsibility for the breach in order to spur political action of some kind.
Never underestimate the power of disgruntled individuals. Revenge is a common motivation for hacking, with financial benefit or disruption being a byproduct of their anger. This is especially true when dealing with disgruntled employees since their intimate knowledge of their current or former employer gives them a leg up against security systems.
Hackers routinely claim responsibility for high-profile attacks because some are just after the recognition for their “ingenuity” and skill. This is done for many reasons, including trying to make a statement about a particular organization, such as a “secured” government entity or large bank.
Bonus Motivation: Because they can
Some see hacking as a challenge and enjoy the thrill of breaking into restricted systems. They’re not after the recognition, money, or property of their victims. They are just looking for a puzzle to break through.
No matter the reason an attacker has for breaching your organization, the result is compromised systems, devices, and data. This impacts the integrity of your operations and understanding the mindset of a hacker will help you prevent future intrusions.
What are some common hacking methods?
Now that we’ve covered the motives for hacking, it’s important to understand the different methods used by these attackers. This is by no means an exhaustive list of methods, as there are new attack vectors that are discovered every day. These are some of the more common methods used by hackers and what to expect from these kinds of breaches.
1. Human Hacking
People are often the weakest link in your security infrastructure. Unlike computer systems that operate by sets of rules and rarely deviate from those parameters; people are malleable, gullible, and sometimes downright ignorant of the threats that exist. Social engineering is the process of gaining access to systems, data, facilities, and other crucial assets by exploiting unsuspecting personnel.
Humans often have a trusting nature and hackers take advantage of this trait to trick employees into divulging information or access. This happens in many ways including:
- Phishing: Using communication methods (phones, emails, instant messaging, etc.) to trick victims into giving up sensitive information or credentials.
- Tailgating: Attackers will play on the trusting nature of other people to follow them into sensitive areas, either by faking a lost identification or by keeping quiet while following a large group.
- Dumpster Diving: While not necessarily deceptive in nature, this is an effective method for acquiring sensitive documentation. Attackers may even dress up as custodial staff to gain access to office trash in the hopes of recovering credentials or other valuable information.
This means that malicious insiders are even necessary to facilitate an attack. Sometimes all a hacker needs is one good natured individual to grant them access.
2. Stealth Malware
Once attackers gain access to your infrastructure, the typical next step is to deploy malware made to evade detection and provide continuous access. There are several forms of malware detection and most legacy anti-malware systems use what is known as signature detection. This means that the anti-malware program is looking for specifically known actions taken by programs to infect and exploit their target. This is a signature.
Modern malware avoids signature detection either by using unique and uncommon attack vectors or by using a technique known as “polymorphism.” In the latter case, malware will repackage itself in order to appear unique to each individual system it infects and thereby avoid detection by signature.
This type of malware is particularly useful for setting up backdoors into computers and other devices in order to provide continuous access to attackers, giving them the time they need to conduct lateral movement to other areas of your infrastructure.
3. Unauthorized Remote Access
The pandemic accelerated the inevitable shift to a remote and hybrid workforce. While this led to a new way of accessing new talent and productivity on a global scale, it also increased the threat landscape we all face. Attackers are taking advantage of this new paradigm and exploiting all kinds of remote functions, including the Remote Desktop Protocol (RDP).
Whether through a man-in-the-middle (MITM) attack or by other means, attackers are gaining access using RDP for malicious purposes, including infecting systems with malware, ransomware, and other forms of code. Once they have access and deploy their software, they exfiltrate valuable data, encrypt systems, and destroy entire infrastructures.
4. Recruiting Insider Threats
Hackers don’t need to perform all steps of an attack themselves. Hackers even hire out third parties that work within an organization to carry out steps of a breach. These malicious insiders provide the hacker with intelligence, access, and other valuable secrets.
This is especially problematic because unlike social engineering attacks, hackers don’t have to rely on personnel accidentally spilling the beans on confidential information. Their insiders are more than willing to do some digging on behalf of the attacker for their own financial gain.
Hunting down threats and stopping them in their tracks
The good news is that there are specific methods and mindsets you can adopt to hunt down these threats and prevent them before they turn into successful breaches. Our Threat Analysis Unit at VMware has updated our Threat Hunting Dummies Guide that you can download today for free.
In this latest edition of our guide, you’ll learn more about today’s biggest security threats, the tools used in threat hunting, building a threat hunting team, and much more. So, if you want to become a master threat hunter or you’re looking to level up your organization’s threat hunting capabilities, be sure to download our guide today.