At the heart of every exploit, the vulnerability always lies in the target’s trust for attacker supplied input. This is true whether the attack is network-based or a hacker is trying to gain physical access to a specific location.To effectively mitigate risk, companies and individuals need to take the necessary precautions to keep data secure. The saying in the cybersecurity consulting industry is “trust, but verify.”
Mitigation works on the same principle. Companies and individuals need to verify that the link, person on the other end of the phone or information sent to their servers isn’t going to result in some unexpected error before allowing access. Joseph Hesse, director of the Labs division at Coalfire, offers 10 common ways hackers infiltrate secure systems.
At least one of your employees currently has a password that a hacker could easily guess (i.e. 'Fall2016!'). Unfortunately, passwords like this also meet policy guidelines, despite the well documented risks associated with using them. Though cliché, make sure your employees frequently update their passwords and keep them unique enough to avoid being breached.
Many employees use the same administrator passwords within their company’s system, which leaves the company vulnerable to cyber attacks. Unfortunately, many credential-theft techniques used to impersonate users are still alive and well. One common method is known as Pass-the-Hash. Using this technique, attackers can use these credentials to infiltrate and take over entire networks.
Spam filters do not prevent all phishing scams from getting through to your inbox. Additionally, employee mistakes continue to be one of the most common ways a company can be left vulnerable to a breach. Implementing products that help control where data can go can be effective, but not enough businesses are investing in employee education to help prevent breaches. To better protect your company, start employing better employee training and education practices so your employees understand their role in preventing cyber attacks.
Many USBs that are dropped by accident actually get plugged in out of curiosity for what could be found on the device. Unfortunately, some USBs house viruses that can be harmful to your computer. Bottom line: don’t plug in any unfamiliar devices into your computer or other hardware that contains sensitive or personal information.
This is the art of manipulating people or taking advantage of naivety so a person gives up confidential information. This tactic is used often because it is easier to exploit a person’s inclination to trust a source than it is to discover ways to hack a computer or software. Think about it in practical terms: would you rather ask someone for their password or hack their computer to find it?
Even the best developers are sometimes rushed. When a product is rushed and has not received a proper security review, bad code goes unnoticed. This can be leveraged by hackers for an easy in.
Without proper segmentation, hackers can move from system to system looking for valuable information to steal. Companies need to make sure that they have a secure network design that slows down the rate at which hackers can move through a network.
One of the easiest ways to move around a network is by exploiting the SMB protocol and other broadcast-based protocols. The SMB protocol vulnerability was patched by Microsoft more than a decade ago, but hackers recently found that there is a way to still exploit the hole in the system. This attack affects users using Windows.
Have an outdated system that you think the vendor is responsible for? If it is in your network, it becomes your responsibility. Keep your systems up to date.
This common way hackers get into a system occurs when someone actively chooses not to set a password to something on your network. It seems illogical in this day and age, but it still happens quite frequently. Check with your employees to ensure that they are protecting critical information.