Friday, January 29, 2021

How Hackers hack/attack

  I was asked this question recently.

 Great question, how to provide a great answer?

 A very large number of hack attacks are like land mines. The attack is planted and the attacker awaits some/anyone to trip the exploit.            Drive-bys and watering holes are some examples. An exploit is placed in an web site that is not hardened or maintained, a web visitor views the HTML code at the site and becomes infected. The infection will probably go unnoticed while credentials are harvested and sent to the attacker.

 Clicking on links in eMails and/or opening malicious attachments can cause malware infections.

 Phishing - eMails designed to lure the recipient to a malicious web site or provide credentials - are yet another method of attack. There are now phishing tool kits and the increasing use of artificial intelligence to craft the better and better lure in phishing eMails. The use of SMS to deliver these attacks (Smishing) are on the increase.

 Thus far, some of the many ways anyone might be attacked/hacked. Most of these methods rely on vulnerabilities that can be exploited. Vulnerabilities in the hardware, software, applications, network, firmware, default and enhanced setup, the list goes on. Plus the user. The vulnerability is the user wanting to see celebrity gossip, dancing monkeys, any and all of the lures put out every day.

 The next level are script kidiots. Someone finds an exploit script or application on the Internet and decides to use it to attack. They don't write the exploit code, just copy and run. 

 A similar avenue, malware as a service. Ransomware as a service. The attacker buys or leases the attack and provides payment and the victim list. This is increasing as well. Someone takes offence at a social media post and pays to have the financial life of that person destroyed.

 The more interesting method of attack involves finding a vulnerability in anything cyber and pairing that vulnerability with an exploit. This used to be difficult. Then metasploit. A framework that does this pairing for anyone. Just pick a vulnerability from column A, an exploit from column B, a victim list and click. Vulnerabilities are published everyday. How to find a vulnerable victim list? Use Shodan. Shodan is a list of results of Internet wide scans that occur 24x7. When you place a new device on the Internet, it is found and published in a few minutes.

 New vulnerability finding is difficult and takes time, trial, and effort. Most vendors provide bug bounties for vulnerabilities. Bad guys also buy these vulnerabilities at a much larger pay out.


 So how do hackers hack/attack? The method, means and techniques are available. Just point and click.

No comments:

Post a Comment