The Business-Technology Weave

Jan 8 2013   12:34PM GMT

Cyber-crime Continued: Attacks’ methodology

David Scott David Scott Profile: David Scott

No matter the nefarious goal of attack, subsequent entry, and exploitation, (such as those mentioned in articles below), there are basic steps for breaking your defenses, and taking advantage of the breach, that are common to all attacks.

Exploration, or scouting, for potential targets: Breaching entities here are searching for networks and systems that have vulnerabilities. These vulnerabilities can include easily breached or guessed authenticating credentials, outdated and susceptible software, and missing or misconfigurated settings for both software and hardware. Recognize that in addition to hard, empirical, soft spots – such as easily hacked firewalls or default/too-simple login credentials, there is the liability of simple human failing. This is going to include an exploration for naiveté regarding phishing; that is, fraudulent e-mails that solicit sensitive data by posing as legitimate enterprise e-mail/authority. Also pharming, whereby fraudulent websites that pose as legitimate partnering/enhancing entities can glean registration, and thus make solicitation of sensitive data. Be aware too that once an outside entity establishes a relationship, any manner of “legitimate” download can be recommended and thus penetration made.

Taking stock goes hand-in-hand with exploration, in expanding the knowledge gained regarding vulnerabilities. Correlation of known bugs regarding the software surveyed during exploration happens. Human error can be paired with what that person has access to, and breaching entities can then reference other people and specific knowledge in looking legitimate to others… climbing a ladder of access, into ever more rarified and sensitive circles…

Penetration can be for any of the purposes mentioned in the day’s prior article, but also it can be to perpetrate simple Denial-of-Service (DoS) attacks, which will not only render networks and sites inoperable, but can also crash business reputation.

Next: The introduction of malware to the environment…

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • KPITBoard
    cyber crime is most emerging issue nowadays, must b considered
    10 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: