Showing posts with label Cloud Phishing. Show all posts
Showing posts with label Cloud Phishing. Show all posts

Cyber Security - What Methods Do Hackers Use To Hack In 2022?



    We devote a lot of effort to attempting to explain to different organizations and people the many sorts of hackers that exist and how people are likely to come into touch with them, as this is the root cause from a social engineering perspective. 

    The sorts of hackers to be on the lookout for are listed below, along with some information on how they could attempt to take advantage of you or your company.


    Which Major Hacker Organizations Should We Be Aware Of?


    1. Nation States:

    We won't include any names for political reasons, but you can probably guess which nations are engaged in global cyberwarfare and attempting to hack into pretty about everywhere they believe they can gain an advantage.

    A list of target names, nations, and industries will be managed by highly sophisticated industrial style espionage, sabotage, and ransom attack type activities in accordance with the nation state's present agenda.

    Please keep in mind, though, that western governments won't be totally blameless in this.


    2. Organized Crime:

    Most of us are probably most familiar with organized crime, which consists of groups or people whose only goal is to steal money from anybody they can hack. Rarely is it personal or political; they usually simply ask "where they can get money from."


    3. Hacktivists: 

    While it might be difficult to forecast the kind of targets that these organizations will attack, in reality, they are self-described cyber warriors that attack political, organizational, or private targets in order to promote their "activist" agendas.


    What Are The Most Likely Ways That You Could Be Hacked?


    1. Device Exploits: 

    This is one of the most typical methods of hacking. Basically, all that occurs is that you will get a link to click on that seems safe but really tries to execute some local malware to attack a weakness on your computer.

    Therefore, you are vulnerable since you haven't properly updated Windows Updates (or any other device you're using), handled vulnerabilities in the software you've placed on your devices, or misconfigured software that you've installed (I.e all macros enabled in your Microsoft Office or something like that).

    Once the attacker has "got you," which is often done with a remote access trojan of some kind, they will look for another place to hide inside your network, prolonging their capacity to take advantage of you. 

    They will often search for whatever on your network they can obtain a remote shell on since they will effectively know that the way they got you in the first place (through your computer) can be readily fixed (i.e a printer or an old switch or something).


    2. IP address exploits:  

    Discovering your office's, data center's, or home's exterior endpoints is another frequent method of hacking. 

    Your IP addresses are initially determined using a variety of techniques; sadly, this is relatively readily done via internet lookups or rather often by simple social engineering.

    It would be simple for someone to call your workplace and claim to be from your IP service provider in an effort to persuade you to reveal your office's IP address. 

    For nation governments and bigger organized criminal organizations, they will simply efficiently maintain databases of known ports and known susceptible software operating on those ports while continuously scanning through millions of IP addresses depending on the nations and regions they are interested in.

    Millions upon millions of IP addresses, ports, and known vulnerabilities are posted on Shodan, which is essentially a "Hacker Search Engine," and are available for anyone to see and query at any time. 

    In reality, anybody with access to the Shodan API may quickly search across the whole Shodan database, gaining instant access to millions of entries.


    3. Cloud / SaaS Phishing: 

    Multi-factor authentication is thus beginning to fend against this issue, however many organizational accounts continue to exist throughout the globe without it enabled.

    In actuality, you or a member of your team might be the target of an attack on your Office 365, Google G-Suite, or even your online accounting platform. 

    In many cases, you will simply get a link to something that seems absolutely innocuous or nice in order to "re-enter" your login information for a crucial platform (something you wouldn't want the bad guys to have access to).

    Once within the platform, the bad guys may do a wide range of things to attempt to take advantage of you; a popular tactic is to send emails pretending to be a senior staff member in order to transfer money to an account.

    The hackers will continue to keep an eye on you in an attempt to uncover new methods to cause havoc in your digital life. They may even just discreetly send communications for a senior member of staff to another external anonymous account.

    In reality, anybody may strike you at any moment. However, how you should approach your defense will rely on your cyber security risk profile (i.e., what you could have that adversaries might attempt to exploit). 

    To begin with, it's wise to maintain tabs on anyone you suspect of wanting to hack you and their motivations.


    What Are Some Examples Techniques Used By Hackers?



    You are more likely to be targeted by a "Nation State" if you work for a government contractor on specialized intellectual property. 

    This doesn't have to be drugs or weapons; it might be anything that a Nation State would want to duplicate or own for itself.


    You're far more likely to be targeted by organized crime if you're the CEO of a corporation or the finance department (which granted can also be a Nation State). 

    You are probably aware that in phishing campaigns and other situations where bad guys use LinkedIn and Google to scrape information about people's job titles and seniorities in order to figure out how to target their attacks more precisely to the most valuable targets, hackers will target business leaders more frequently.


    If you're the CEO of a large company, national security hackers will attempt to target your children's or family's gadgets in an effort to gain access to your house for espionage or other similar operations. 

    This is why it makes sense to have a closed network at home/private spaces that are only for the gadgets of family/children.


    At the lower end of the spectrum, all of us are sometimes targeted by hackers using phishing emails. 

    As indicated above, emails sent requesting us to click on links are also used to attempt to run remote access trojans in order to allow the bad guys access to your workstations, so we need to be aware that this isn't only for our credentials (i.e., that Multi-Factor authentication may save us from). 

    Once a back door has been built, gangs may manually disseminate ransomware using this.


    Hacktivists are likely to attack you if you work as an executive for a corporation that pollutes foreign rivers and ecosystems.


    Therefore, the main goal of this blog isn't to spook people or incite worry, but rather, we believe that having a basic awareness of the many kinds of adversaries out there may help individuals frame how they should be thinking about their own security.


    ~ Jai Krishna Ponnappan

    Find Jai on Twitter | LinkedIn | Instagram


    You may also want to read and learn more Cyber Security Systems here.



    What Is Artificial General Intelligence?

    Artificial General Intelligence (AGI) is defined as the software representation of generalized human cognitive capacities that enables the ...