Top 4 Methods Used to Attack Networks
Threat actors use several different techniques to gain access to company networks so that they can deliver ransomware payloads. In this blog, we look at four of the most common techniques currently being used to attack networks
Where Do Most Network Threats Originate?
In a recent Cyber Insurance Webinar, cyber security expert Dr. Siegfried Rasthofer, set out what he saw as the most common techniques threat actors are using to get into our systems. These included:
1.Social Engineering
Even for big ransomware gangs, social engineering attacks like phishing are still one of the most popular—and effective—ways to deliver malware into an organization. Emails containing files, like infected Word, Excel, or PDF documents, can allow the bad guys to open up a back door and get a foothold in company’s network, once those documents are opened by an unsuspecting user.
2. Credential Phishing
This is where threat actors create a website that mimics, for example, an official Microsoft site, and encourages the user to enter their Windows account details. As an offshoot of this we’re also seeing a rise in Call Back Phishing, where a user will get an email or SMS saying that they have a serious security issue with their device and that someone would like to give them a call back to resolve the problem. During that call the bad guys will attempt to get the victim to install remote access software and the malware will be installed through this. While this is a little more effort for the bad guys it can be very effective for them.
3. Vulnerability Exploits
Any system that is public facing can be easily scanned for known vulnerabilities that haven’t been patched, and then targeted for exploitation. While we necessarily make a big thing about Zero Day vulnerabilities, Dr. Rasthofer pointed to a more concerning fact is that the majority of exploits he is seeing are actually to systems with N-Day vulnerabilities, where the vulnerabilities are already well known and have a patch available. Threat actors often use these well-known vulnerabilities to gain access and download their payload. There is also a version of this that uses brute force attacks to target external remote services like RDP. If your RDP is publicly exposed you need to think hard about whether this is actually necessary.
4. Initial Access Brokerage
Here, threat actors (either groups or individuals) harvest company log-in credentials to gain access to systems. Once they have access, they don’t try to make any movement within the network, instead they sell that access to other threat actors and ransomware gangs, who will then continue to go and do an attack. These credentials are normally readily available on different markets on the Dark Web and cost on average around $4600 for big organizations. Compromised RDP credentials can be purchased for much less, as low as a few dollars in bulk.
Security Procedures and Solutions to Help Defend Against Network Compromises
This is far from an exhaustive list of techniques being used but they do represent the more common vectors used by threat actors. A more comprehensive list of the tactics, techniques and procedures used by threat actors can be found in the Mitre ATT&CK framework. However, knowing the above can help guide you to some of the most effective methods to protect your network, including (but not limited to):
-
- Email protection to stop phishing email from getting through.
- Security awareness training so people can spot a phishing attack and know what to do.
- Dark Web monitoring to know if your credentials have been compromised and are up for sale.
- DNS filtering and web protection to block spoof or malicious sites and prevent communication with C2 servers.
- Documented and auditable vulnerability management processes that include timely application of OS and application patches and updates.
- Monitoring for failed local login attempts on workstations and servers or remote login attempts.
Critically, you also need to have a solid backup and recovery solution in place so that when an incident occurs, you can get your systems back up online as quickly as possible, and with as little interruption and impact to your business as possible.
Adetti can help ensure you have solutions and systems in place to protect your data from attack, including reliable backup and recovery. Contact us today to find out more.