As threats increase in number and severity, cybercrime improves its positioning on the Internet. A thorough description will guide us to understand the current problem. We can outline the steps a cybercriminal uses to attack your information.
by Osvaldo Callegari*
Its main goal is to find vulnerabilities through recognition, real network penetration in intrusion mode. Insert malware and delete all clues to your position or stay.-
Malware enters your network in various ways, in some cases simple and in others extremely dangerous. Its range ranges from advertising launch (sales and promotion of items) to potentially devastating attacks affecting the entire infrastructure.
Within integral solutions we analyze a Dell product, SonicWall (recently acquired company), which is designed to face all stages of cyber attacks and eliminate all types of malware that is affecting the computer of your company.
Phases of a cyberattack
1. Recognition
The goal of the recognition is to learn about vulnerabilities in the targeted network and systems, including credentials, software versions, and system startup configurations.
2. Enumeration
The second step in any type of cyberattack is the enumeration that surreptitiously expands obtaining the recognition of the data. File scanning and marking services are very popular during the enumeration phase.
3. Collection
One of the methods for collecting this information is through social engineering, which tricks end users by handing over private information. They are often perpetrated by phishing (fraudulent email), pharming (fraudulent websites) and drive-by pharming (Configuration and redirection of DNS on wireless access points).
4. Dialing War
The dialing war involves using an automated system to call each of the phone numbers belonging to a company in hopes of finding a modem that can provide direct access to the company's internal resources.
5. Intrusion and advanced attacks
Once attackers have identified known and correlated vulnerabilities, they can exploit them to penetrate the network.
Even more dangerous are sophisticated "zero-day" attacks, attacks that exploit software weaknesses, which although not publicly disclosed, could have been distributed on the black market among attackers, ranging from petty crime to transnational organized criminal gangs.
6. Denial of Service (Denial of Service)
It is another advanced form of malicious intrusion, denial of service (DoS), which aims to render networks inoperative by bombarding external communication requests or requests.
These include Smurf denial attacks, SYN Flood ping flood attacks, and Ping of death ping attacks.
7. Malware Insertion
After infiltrating a network, the next step in an attack is to secretly insert malware to maintain permanent control over systems at a distance and finally execute the code within the network to achieve a particular goal. Once inserted, malware can be a nuisance (e.g., marketing audio tracks), controller (providing the gateway or remote control), or destructive (to cause damage or to cover the attacker's tracks).
Types of malware
Nuisance
Some types of malware are not excessively malicious in nature, but they can cause discomfort, affect system performance and productivity.
Spyware
Used to collect sensitive information and return back to your distributor, it can also be a major nuisance, usually infecting web browsers making them almost inoperable.
Spyware is often used for deceptive marketing purposes, such as tracking user activity without their knowledge.
Adware
As the name suggests, it is typically used to spread advertisements, providing some kind of economic benefit for the attacker.
After being infected by adware, the victim is continuously bombarded by pop-ups, toolbars and other types of advertisements when using the infected computer, browsing for example.
Within the annoyances you can see pharmaceutical advertisements, contests or the classic "Earn money with little".
Malware Control
The other malware codes work while waiting to issue controls or execute attacks. Trojan-executable code embedded in some cases (usually commonly used) within applications are often designed to be released by a trusted user without them knowing. Remote Access Trojans (RATs) create new access doors for remote control.
RootKits, we have mentioned in previous articles, are insidious, hide at a low level, use the resources of the operating system to provide the attacker with unrestricted access to the network, can go unnoticed by conventional antivirus, which makes it difficult to eradicate them.
Trojans and rootkits often create zombies, which attack other computers in the form of botnets.
Destructive malware
Usually designed to inflict damage, computer viruses can purge an entire hard drive, rendering data useless in a matter of seconds. Commonly spread through file shares, internet downloads, or email attachments, viruses must run on the target system before they actually pose a threat. Once activated, they reproduce throughout the infected system.
Your goal: Search for and destroy specific files or parts of the hard drive.
Unlike viruses, worms can spread through networks without user activation. Once infected by a worm, the compromised system begins to scour the local network in an attempt to locate other target systems. After locating a target, the worm exploits vulnerabilities in its operating system, injecting it with malicious code.
Although sometimes seen as a nuisance, worms can also spread other malware and inflict damage.
Clean-up (Final Stage)
The final stage of the attack cycle is to rid the infected system of forensic evidence. A proactive element for this step is for attackers to be as discreet as possible in the previous steps.
For example, an attacker can seize the credentials of a user on the trusted network without sounding alarms for accessing target systems or using common applications, such as instant messaging, to insert malicious files or extract information.
The main purpose of this step is to erase any traces of the system attack.
This can be done by manually deleting, automating command line or event logs, disabling alarms, and updating or revising outdated software after the attack has been achieved.
In addition, hackers and cyber thieves often unleash viruses and worms to potentially destroy incriminating evidence.
A skilled criminal can compromise your network without you knowing.
SonicWALL offers a full line of defenses against all forms of cyber attack and malware.
Among the main functions we can mention:
* Deep Packet Inspection Reassembly ® (RFDPI)
* Multicore parallel architecture technology scans and analyzes incoming and outgoing traffic to identify multiple threats, applications and protocols, at cable speed and without file size or limitations.
* Input use of millions of common touchpoints in the network Global Response Intelligent Defense (GRID).
* Threat Center provides continuous communication, feedback, and analysis on the nature and changing behavior of threats.
* Research Labs that continuously processes this information, proactively delivering countermeasures and dynamic updates to stop the latest threats.
* The Gateway Anti-Virus, Anti-Spyware, intrusion prevention and application intelligence and intelligent delivery service control, real-time protection of network security against the latest combined threats, including viruses, spyware, worms, Trojans, software vulnerabilities and other malicious code.
* Intrusion Prevention Service (IPS) prevent attackers from exploiting known vulnerabilities (Step 2 of the attack cycle)
* Application intelligence and control prevents attackers from using common applications to transmit data to or from the compromised system
* Integrated wireless access control with firewalls
* Secure Remote Access (SRA) creates a VPN virtual private network that decrypts and scans all SSL authorized traffic for malware before it enters the network, and adds forced authentication, data encryption, and granular access policy.
* Email Security provides comprehensive email threat protection for organizations of all sizes, stopping transmitted by email spam, viruses, phishing and attacks, while contributing to internal policy and regulatory compliance.
Traffic flow analysis allows real-time threat analysis to be determined in addition to historical traffic analysis and provides powerful insight into application traffic, bandwidth utilization, and security threats along with powerful troubleshooting and forensic capabilities.
Within networks with many computers it is necessary to consider perimeter firewalls with permanent firmware updates.
We can say as a summary that the segment of vulnerabilities in a data network is increasingly broad, it is in the hands of the manager or person in charge of the system to maintain agile policies and constant training in order to be able to face future challenges in the best possible way. It can be said that the same will not be enough...
The word cybercrime can be interpreted in various ways, there is the case of criminals, hackers and thieves, but it can also be related in some way to organizations that fight them, such as forensic clinics.
One case of resonance was the one dismantled by the FBI in the operation of cybercriminal networks linked to the Yahos malware and the Butterfly botnet which produced more than 850 million dollars of losses between bank accounts, credit cards and other personal data.
The social network Facebook helped identify the criminals and the affected accounts. Their "security systems were able to detect compromised accounts and provided tools to remove them.
The FBI itself recommends that users update their applications and operating systems on a regular basis to reduce risks as well as regularly perform antivirus scans of the computer system.
For more information on the products analyzed consult the site www.dell.com
The names of the products and companies mentioned herein may be trademarks and/or registered trademarks of their respective owners.
* To contact the author of this article write to [email protected]
Featured phrases
"Hidden malware gives your attacker the keys to your network."
"A stealthy intruder can access all system resources."
