End-users are juicy targets for hackers
The old days where attackers were hitting servers are gone; they still hit them, but there's a juicier target - the end-users.
So said Antonio Forzieri, Europe, Middle East and Africa cyber security practice lead at Symantec, who presented yesterday during ITWeb Security Summit 2015, in Midrand.
He noted, even if organisations put in place the toughest security solutions to fend off cyber criminals, if end-users lack awareness about attacks, they remain the weakest links to IT security.
According to Forzieri, the three most common attack vectors that cyber criminals are using are spearphishing, drive-by download attacks and supply chain hacking.
Spearphishing is an e-mail spoofing fraud attempt that targets a specific organisation, seeking unauthorised access to confidential data. As with the e-mail messages used in regular phishing expeditions, spearphishing messages appear to come from a trusted source.
He explained a drive-by-download attack is a malware delivery technique that is triggered simply because the user visited a Web site. Traditionally, Forzieri added, malware was only activated as a result of the user proactively opening an infected file.
However, cyber criminals have become much more sophisticated and in drive-by-download attacks, malware may be served as hidden codes within a Web site content, served content like banners, advertisements and used as a vehicle for hacking and other cyber crime. The simple act of visiting a site is enough to get a user's computer infected or their personal details stolen.
With supply chain hacking, Forzieri said, a software of a vendor gets compromised and hijacked with the objective to infect its clients.
As an example, he said during a 2012 malware attack, manufacturers and suppliers of military-grade computers were observed installing a Trojanised Intel driver application. The attackers bundled an Intel driver application with variants of the Backdoor.Moudoor malware.
In the DragonFly attack of 2013, targeting the energy sector, three different industrial control systems equipment providers were targeted and malware was inserted into the software bundles they had made available for download on their Web sites, said Forzieri.
Describing the stages of an attack, he said hackers start by "incursion". During this process, the attacker breaks into the network by delivering targeted malware to vulnerable systems and employees.
The next stage is "discovery", where the attacker then maps an organisation's defences from the inside before creating a battle plan.
The attack then moves to the "capture" stage when the hacker accesses data on unprotected systems and installs malware to secretly access data or disrupt operations.
The final stage is "exfiltration". During this stage, data is sent to the attacker for analysis; the information may be used for various purposes including fraud and planning further attacks, he explained.
In order for organisations to be secure, Forzieri suggested they should go "back to basics" by ensuring end-point security, patch management, vulnerability management, as well as perimeter security.