Cyber Security incidents have become more and more common for small and medium-sized businesses, making it critical to know how to prepare and respond. If your business hasn’t been hacked yet, it could very well be next. A study by the Better Business Bureau found that 23% of small businesses (≤ 250 employees) reported having been the target of a cyberattack, with nearly half of those occurring in the preceding 12 months. Read on to learn about the four stages of an attack and what you can do protect, detect, and respond to reduce your risk and repair the damage.
1. A foot in the door
Hackers use any vulnerability they can to gain network access. Some of the more common methods are:
- Exploit –Taking advantage of software vulnerabilities, particularly out-of-date software, to access information or install malware.
- Malware – Malicious software that can steal information, send spam, or lock your systems.
- Ransomware – Malware that locks users out until a ransom demand is met.
- Password spraying – “Spraying” common passwords at multiple accounts at once to gain entry.
- Phishing – Malicious links in legitimate-looking emails that trick users into giving information.
- Watering holes – Malicious links placed on websites frequently visited by a target
2. Setting up shop
Once an intruder is in, they look for ways to gain more control by identifying and impersonating accounts that have management privileges, which gives them deeper access to your systems. Hackers use a variety of methods at this stage, including:
- Key loggers – Malware that records each key a user presses to collect usernames and passwords.
- Network scanning – Exploring and cataloging a target list of accessible network resources
- Pass the hash (PTH) – Using a victim’s underlying identifying code (hash) to authenticate access remotely, without the need for the actual user credentials.
3. Expanding their territory
Once an attacker has widespread access to your network, they will infiltrate as many systems as possible. They may look to establish means for long-term access while evading detection using malware “implants” installed without your knowledge. Some common techniques hackers use are:
- Botnets – Networks of computers infected with malware and controlled by a hacker to launch coordinated, largescale attacks.
- Command and control (C&C) – Servers and infrastructure used to control multiple computers through centralized commands, such as a botnet.
- Living off the land – Exploiting your systems using your own network resources (as opposed to malware) while maintaining a low profile.
4. Making themselves at home
Some hackers just want to get in, get something, and get out—in other words, a smash-and-grab approach. But others decide to stay a while. Longer-term hacking techniques include:
The last thing you need is a scattershot approach, leading to an ineffective response against an increasingly sophisticated attack. Fight back by integrating your solutions through a comprehensive security strategy.
- Advanced persistent threats (APT) – These are hackers who stay on the network long-term, continuously stealing information while remaining undetected.
- Backdoor – An entry point that allows an attacker to come and go as they please for as long as they want