10 Ways Hackers Will Get The Best Of You

The First Step In Thwarting Attacks? Being Aware

The 2014 Verizon Data Breach Investigations Report outlined many of the most commonly used hacking techniques to steal sensitive information. The firm's analysis of specific threat actions observed over time shows a variety of longtime hacking methods that are popular because they consistently pay off. Being aware of the threats impacting you and your business is half the battle, said security experts. Precautionary measures, from using a password manager to avoiding clicking on links or opening unsolicited email attachments, can greatly reduce risk, according to Verizon. Meanwhile, business owners should conduct a risk assessment and address potential weaknesses. In most cases, it takes seconds to compromise a computer, said Christopher Porter, a managing principal at Verizon. CRN provides some top ways the report said hackers can get the best of you.

10. Stolen Credentials

Using stolen credentials to impersonate a valid user was the most significant threat action used in 2013, according to Verizon. Stolen credentials are used by financially motivated cybercriminals, hacktivists and clandestine operations, Verizon said. An attacker can use stolen credentials to appear to be a valid user on a corporate network. It's prompted security experts to call for the increased use of two-factor authentication and other measures to validate a user attempting to log into systems. Behavioral analysis systems also can be put in place to trigger an alert if it observes suspicious activity, such as a user attempting to log in at an unusual time.

9. Phishing, The Ultimate Human Error

A general phishing campaign that uses only 10 messages has a better than 90 percent chance of getting a click, according to phishing defense vendor ThreatSim. The Verizon report calls targeted phishing attacks the most prolific and "old faithful" way for criminals to gain initial access to a corporate network. It is used in 95 percent of cyberespionage incidents, where 68 percent of threat actions were carried out by cybercriminals conducting espionage campaigns in 2013. The attacker typically uses a file attachment containing a zero-day exploit, Verizon said. The messages are often carefully designed to look like a report or accounting document and sent to the employees who may typically receive them.

8. Back-Door Access

Use of a back door is commonly used in targeted, cyberespionage attacks, according to Verizon, which found back door use in 70 percent of cyberespionage cases it analyzed. Once a cybercriminal establishes a foothold, a back door helps them maintain remote access to an infected system. They remain stealthy while often uploading more malware or pivoting to systems containing more sensitive data. Back-door access was observed in some of the latest retail breaches. It also is used in some automated attack toolkits by financially motivated cybercriminals, according to the Verizon data. The firm referenced Nitol, a popular crimeware toolkit in Asia, which allows back-door access and causes infected systems to participate in distributed denial-of-service attacks.

7. Spyware-Keyloggers

Spyware attempts to steal user credentials. It is associated with keyloggers that can record keystrokes or take a screenshot of the victim's monitor. In some recent findings, researchers have seen spyware that uses video to capture a victim logging into a bank account or other service. Spyware was observed in 38 percent of cyberespionage attacks, Verizon said. It also is seen in financially motivated attacks, and a capability associated with the Zeus banking Trojan, which is designed to install other malware but often grabs login and banking credentials from within browsers, Verizon said.

6. Capture Stored Data

The use of malware that captures stored data is most commonly associated with credit card theft, Verizon said. BlackPOS, a memory scraping malware, was used in the massive Target breach, successfully vacuuming up data stored temporarily in clear text in point-of-sale system memory. It's also a top threat action taken by criminals carrying out cyberespionage attacks, according to Verizon.

5. SQL Injection

SQL injection is a common and longstanding technique used in web application attacks and commonly used because they're widely available automated tools that can detect and attack them, said security experts. Coding errors that enable SQL injection have been in decline in recent years, according to data from WhiteHat Security, but it is still frequently detected by vulnerability scanners. It is the third-ranked technique used by financially motivated cybercriminals behind phishing and brute-force attacks, according to the Verizon analysis. Verizon said the hacking technique was used in 80 percent of attacks against web applications in the retail industry.

4. Brute-Force Attacks

Weak and default passwords are a favorite target of criminals that use brute-force attacks to pry their way into systems. Automated tools have lists of frequently used passwords and passphrases, and default system passwords established by vendors. The tools have become more powerful, cranking through potential passwords in minutes. Verizon recommends businesses slow down the rate of repeated attempts into systems or temporarily locking accounts with multiple fail attempts.

3. Rootkits

Rootkits are malware packages that establish a foothold and enable an attacker to gain complete control of an infected system. Rootkits are associated with getting into the underlying operating system processes, making them difficult to detect. The malware can enable full administrative privileges over a laptop or other device. Security experts have told CRN that rootkits have been in decline, simply because other attacks provide easier and faster access to sensitive data.

2. Tampering

In the Verizon report, tampering refers to gaining physical access to an automated teller machine or a gas pump terminal to install a skimming device that reads data from credit card swipes. Card skimmers used by organized criminal groups is a top concern, according to Verizon. In 2013, 87 percent of skimming occurred on ATMs and 9 percent on gas pumps, Verizon said. Attacks against gas stations and convenience stores have become more sophisticated, with an increasing number of cases of data being exchanged over the network, an SMS text message or Bluetooth, without the criminal needing to return to retrieve the device. Verizon urges business owners to use newer tamper-resistant and monitoring terminals more closely for suspicious activity.

1. Privilege Abuse

Privilege abuse happens when an employee or trusted partner takes advantage of system access privileges that they are granted and use them to simply view files or conduct data theft, according to Verizon. The report said 88 percent of the insider misuse security incidents it analyzed involved some form of privilege abuse. The firm said its analysis found some cases of insiders being bribed to steal data for fraud schemes. Organizations need to more closely monitor employee activity, Verizon said. Quickly remove access to employees that leave the company. Monitor systems for unusual login attempts and other actions that could signal an issue. Limit access to the most sensitive systems and segment them from the rest of the network, Verizon said.