What was once a series of isolated incidents has now become almost common place in our ever evolving Corporate world with tons of successful innovations. By attacking business networks, servers and devices, hackers are accessing secrets and confidential strategies and creating huge losses for the overall economy.
Hacking is often called the biggest danger to the economic security and financial technology. It poses a new age threat of cyber security given the prevalence of the Internet of Things (IOT).
Many of the economic espionage cases are in the tens or hundreds of millions of dollars and that can or definitely translate into job losses.
Every company is at risk. Even big names are not immune — LinkedIn was the victim of hackers, yahoo (a hackers haven) and Google too was attacked in 2011, when hackers gained access to hundreds of user accounts.
“Operation Aurora, which was an attack on Google, I think, was a watershed moment where we suddenly realized that even the best companies with tremendously smart people, great security, are vulnerable to the threat,” cyber security expert Dmitri Alperovitch said.
So how do hackers get in the door?
Here I have a few ways in to which a hack can be implemented into a company system or network;
Email Social Engineering/Spear Phishing
“Spear phishing” — social engineering through email — is one of the most common tactics hackers use when attacking a system.
Cyber spies can get into a network by sending an email or instant message to a targeted victim that will have an attachment or perhaps a link to a website. It will also be customized for the recipient.
For example, “if you are in the sales department, it will ask for information about products,” see?
Once you open the attachment or click on the link, a vulnerability in the system’s application such as a word processor or browser will be exploited. Malicious software, known as malware, will then start executing on the machine and open up a communication channel to the hacker to allow them to browse and control the system.
Hackers can also use the infected computer “as a beachhead to get into other machines within that network” (This probably is how Google was hacked, and maybe many other organizations, institutions out there).
Infection Via a Drive-By Web Download
If cyber spies are interested in a lot of people within a larger group, they can target a website that’s used by the group or company, the hackers will look for a vulnerability on the website to get in, or access it through spear phishing.
They will implant a piece of code on that website so that anyone who comes on that website will be immediately infected.
It’s a tactic that has grown in popularity and is a common way to target dissidents. However, it can also affect company or government websites.
USB Key Malware
Malware can also get onto a computer through a USB key. For instance, someone can slide infected USB keys into packets given out at a conference.
Once the unsuspecting person plugs the key into his or her machine, malware is installed.
It can also be surreptitiously inserted into a computer by a spy on the inside of a company.
Scanning Networks for Vulnerabilities and Exploitment
Hackers can remotely scan servers to determine vulnerabilities within that system. Once they find a vulnerability, they exploit it by sending a command or data to the server that will cause the application to crash and will then start executing code.
In other words, it is like a potential burglar looking at your house and seeing your doors unlocked and simply [walking] in.
Typically it’s the smaller companies that get hit this way, since most large companies have good security around its system perimeters.
Guessing or Social Engineering Passwords
Most companies have the ability for their workers to log in remotely to the corporate computer system, or to access company email through a website. To get into the system, workers need a username and password, which are coveted by hackers.
If [hackers] can find out the credentials for that user, they can log in [remotely] as that user and access network resources.
To obtain passwords, hackers have various ways to trick users into giving up their credentials. For example, they can send an email asking their target to reset their password. Once the target clicks on the supplied link and enters his or her password, the hacker now has it and will use it to remotely log into the computer system. (so when next time you get an email asking you to change your password or login ‘again’ do not be impulsive, know what your doing).
Hackers can invade a system by exploiting an open wireless network, or one with easy security. They can literally sit outside a business firm’s physical location and get into the system through the unsecured or poorly secured wifi.
Stolen Credentials From Third-Party Sites
Some cyber spies like to troll for victims on third-party sites, like LinkedIn.When they find someone working for a company they want to infiltrate, they attempt to hack into the third party website and steal the employee’s credentials. Since some people tend use the same username and password for both work and other websites, the hacker can now log onto the company website and compromise the system.
This is why IT security experts recommend using different user names and passwords for different websites (see I told you guys! your passwords need to be not the same).
Compromising Web-Based Databases
When a person enters information on a website, like an email address or credit card, it gets stored in that company’s data base. Those web-based forms are a simple tool for users, but they are also another way hackers can exploit a company’s system.
Instead of inputting a name into the website, cyber spies can put in a specially crafted text that may cause the database to execute the code instead of simply storing it, the result is a “malicious takeover of the system.
Exploiting Password Reset Services to Hijack Accounts
Some hackers are able to hijack email accounts by resetting the user’s password without the person’s knowledge, the execution is quite simple;
Hackers find out the answers to possible security questions by researching the victim on social networking sites and other places, and use the email company’s reset service to change the password. Once the password is changed, they have unlimited access to its victim’s email account.
Even in a high-tech world, cyber spies have resorted to old-fashioned cloak-and-dagger techniques to infiltrate systems. Spies find ways to get hired by companies, and once inside they try to get into the system. They’ve also been known to bribe an individual already employed by the corporation they’re targeting to hack into the network.
Well there goes part of my trolling online and being able to get to the least of how you can get hacked. I think it would be awesome to have your comments and maybe if you have experienced any threat into your network, server or system and what was it? how did you resolve it? Did you understand how it happened?
share as a comment below
Latest posts by Peter Kivuti (see all)
- Banking Trojan Trickbot New Tricks - January 10, 2019
- Internet-facing endpoints are exposing businesses worldwide to a botnet which is now being used in targeted ransomware campaigns: Phorpiex worm - January 10, 2019
- How safe is your data?: Two-pronged cyber attack infects victims with data-stealing trojan malware and ransomware - January 9, 2019