You have surely heard all possible and unimaginable stories about cyber-attacks, whether on the Internet or via more traditional media. Risks to such attacks may relate to theft of money, databases with private information of individuals, or access to email accounts, and the severity of each depends on the amount of information or data that can be leaked and how hackers can use it. Usually there are five steps that an attacker uses to carry out a hack:
Selection of a Victim
There are mainly two types of hackers. Those who focus on a person or organization to obtain financial or political benefits and opportunists, who scan the ports in search of vulnerable systems.
Once the target has been selected, the hacker embarks on the most important process that is the research phase. The aim of the attackers is to gather as much information as possible, from companies such as domains, contact names, web site addresses, phone numbers and emails. These are all major pieces of information that a hacker is willing to acquire.
The more information an attacker has, the easier it will be to access a system. People should be careful when posting information on computer forums because hackers often browse these sites to collect information on possible goals. Hackers are always on the lookout for mergers and acquisitions as these are viewed as “easy targets” because companies usually want to link IT systems quickly and can sacrifice security.
Hackers do not waste time in breaking down firewalls, they seek to exploit vulnerable zones of the system through a web server that may not have been patched properly or a test machine that has been kept connected.
Leave a Backdoor
After the access has been found, a hacker always leaves a backdoor to retrieve the entry, by planting a rootkit or a remote shell. Some may even modify access rules.
Cover the Tracks
The best attackers deactivate the audit processes and eliminate event logs.
How to fight back?
The first thing a good administrator will do if he suspects there has been an attack is to check the logs, hackers want to cover their clues by disabling these. There have been several high profile pirates including recently infiltrating the Google Gaia password system in January. This happened when an employee clicked on an MMS link that had infiltrated his machine, and that was used to gain access to the company’s management system.
However, Twitter experienced one of the most embarrassingly simple hacks last year when a user used a brute-force password cracker to gain administrator access. Passwords were changed, private information was viewed, and user tweets were sent. Twitter could have avoided this simply by employing a locking account after three password attempts.