I recently returned from Black Hat, one of the world’s largest cybersecurity conferences in the heart of Las Vegas, Nevada. While there I was able to learn various techniques used by hackers to infiltrate and take over entire networks. We were taught these techniques so we can understand how to defend against the various hacks being used in today’s attacks. My objective is to help describe how to help keep your network more secure by understanding more about how cybercriminals work.
One of the most effective ways to understanding how to protect your network and assets from attacks is through understanding the mentality of a hacker. Hackers will always act based on motivation for whatever it is they are after. Motivators could include money, espionage, convenience, fun, ideologies, political, anger, and a myriad of other reasons. According to
Verizon’s 2018 Data Breach Investigation Report (VDBIR), 76% of all reported breaches were backed by some financial incentive, which means if you have something that someone else sees of value, they will probably try to steal that information.
Some common misconceptions concerning what is valuable can be confusing because the most natural target to think of is banks since their business is literally money. Although a bank would be a great start for hackers, it’s not high on the list of places to attack. Your business might collect thousands of records containing customer names, e-mail addresses, and login information. This information alone is not worth a lot by itself, but when combined in large quantities, can be very valuable on the black market.
With those critical pieces of information, I can describe the methods used by security professionals to help mitigate these attack vectors. Bear in mind, there is no solution which will protect your network from every attack vector, but the end goal is to reduce the methods available to hackers into your network.
This step is tedious and never-ending since there will always be updates to just about everything. However, the more outdated items you have, the more options an attacker has to infiltrate your network. Luckily our deployment software, PDQ Deploy, will significantly improve your ability to maintain your network with very little interaction on your part. Meanwhile, our network management software, PDQ Inventory, will also help find which systems are outdated. At Black Hat, I was able to leverage unpatched vulnerabilities to gain further access to the lab environment we were using to learn.
Passwords can be a touchy subject because everyone has a different method for implementing strong ones. I believe a somewhat strong password should consist of a minimum of 10 characters. However, I would highly recommend a strong password have 15 or more characters. Coincidentally passwords do not require any special characters or numbers. The length of a password will always win in a war with complexity. For the sake of time, I’m not going to go into the details here. Reusing passwords is also bad practice, this includes local administrator and service accounts across systems. Also, sometimes you don’t even need to know the actual password to an account in order to hack it. Often merely sending the hashed version of a password to gain access to other systems is sufficient.
2-Factor authentication isn’t anything new, but when implemented, acts as a second form of verification to a system. There are methods for bypassing 2-factor authentication (again, I am not going to go into details here) but this will help deter hackers who have no other way of gaining access to an account.
Sometimes all it takes is one misconfigured permission setting for an attacker to gain access to a system they were never meant to access in the first place. Auditing for errors within your network can significantly reduce unwanted exposure of sensitive information.
A network share that doesn’t require authentication.
A particular user who has higher access levels than intended.
A service account that was never disabled or forgotten about.
According to the 2018 VDBIR, errors similar to those just discussed were the fourth largest cause of a data breach. While at Black Hat I was able to gain access to a computer whose privileges allowed full administrative rights due to an error in group membership.
The security professionals who taught my class at Black Hat stated the mentality of, “It’s only a matter of time until you are hacked,” has changed to now, “Assume you have [already] been breached.” With this ideology, you can plan accordingly. The amount of time a hacker can be inside your network can be anywhere from months to years. Knowing this tidbit of information can give you an advantage. You will become more aware of how to actively defend your network, from inside your network. Simply put, our mindset needs to change. Focus on more than the perimeter of your network (i.e. looking only at firewalls, and web servers, etc.) to looking at internal assets to protect as well. Hypothetically assume hackers are already inside your network.
As hackers keep evolving, we also need to change our mindset. This will help us understand how they work so we can continue to win the seemingly endless battle of cybersecurity.