So we spend a lot of time trying to explain to various organisations and individuals about the types of hackers out there and how people are likely to come into contact with them. Below is a quick run down of the types of hackers to be aware of and some insight on how they might try to exploit you or your organisation.
Who are the main hacker groups out there that we should be aware of?
Nation States – So for political reasons we won’t name any names but you can kind of guess the countries who are waging global cyber warfare and trying to hack into just about anywhere they feel they can get an advantage from.
Highly sophisticated industrial style espionage, sabotage, and ransom attack style operations will look to manage a list of target names, countries, industries as per the nation state’s current agenda. Please do be aware though western governments wont be completely innocent here.
Organised Crime – Probably the most common one for most of us, organised crime gangs or individuals whose sole intent is to extract profit from whoever they can hack. Rarely personal or political just straight up “where they can extract cash from”.
Hacktivists – These groups are hard to predict the type of target they go after but effectively these are self-styled cyber warriors that go after political, organisational or individual targets to further their “activist” agenda.
What are the main ways you are likely to be hacked?
Device Exploits – So this is one of the most common ways you will be hacked. Basically all that happens is that you will be sent a link of something to click on that you think is harmless that will try and run some local code to exploit a vulnerability on your machine.
So this is where you are exposed by effectively not having had Windows Updates fully updated (or updates to whatever device you are using), vulnerabilities managed on software you have installed on your devices, or mis-configuration on software you have installed (I.e all macros enabled in your Microsoft Office or something like that).
Once the attacker has “got you” which is usually via a remote access trojan of some description they will then find somewhere else in your network to hide giving their ability to exploit you some longevity. Effectively they will know that how they got you in the first place (via your machine) can be easily patched so they will often find something on your network they can get a remote shell on (i.e a printer or an old switch or something).
IP Address Exploits – Finding the external endpoints of your office, data centres or homes is another common way that you are likely to be hacked. This is done via various methods to first find out your IP addresses, this unfortunately is very easily done via internet lookups, or quite often just by social engineering.
Someone could easily ring up your office and pretend to be from your IP service provider in the hope to get you to give out the IP address of your office. For nation states and larger scale organised crime operations they will just effectively scan constantly through millions and millions of IP addresses based on the countries / territories they are interested in, effectively maintaining databases of known ports and known vulnerable software running on those ports.
Shodan which is effectively a “Hacker Search Engine” has millions and millions of IP addresses, ports and known vulnerabilities listed for everyone to see and lookup at any time. In fact, anyone can easily get access to the Shodan API and effectively perform a lookup across the whole Shodan database accessing millions of records in a split second.
Cloud / SaaS Phishing – So the rise of Multi Factor Authentication is starting to keep this problem at bay but still to this day there are many organisational accounts all over the world without multi-factor authentication enabled.
Effectively your Office 365 / Google G-Suite or even your online accounting platform could be a target for you or one of your team members. This is often just to be sent a link to something which appears to be completely friendly / benign to get you to “re-enter” your credentials for a critical platform (that you wouldn’t want the bad guys having access to).
Once in the platform the bad guys can do a whole host of things to try and exploit you, quite commonly just sending emails impersonating a senior member of staff to transfer some money to an account is an easy trick used.
We even find just secretly forwarding emails for a senior member of staff to another external anonymous account is another way the hackers will continue to keep tabs on you in an effort to find more ways to wreak havoc in your digital world.
Effectively you can be hit by anyone at any time. However depending on your cyber security risk profile (i.e what you may have of interest for adversaries to try and exploit) is how you should be thinking about your protection. To start with its good to keep a track on who you think might want to hack you and why.
Examples of Hackers methods
- If you’re a government contractor working on specialised intellectual property then your more likely to be a hit for a “Nation State”, this doesn’t have to be weapons or pharmaceuticals it can be anything really that a Nation State would want to copy or own for themselves.
- If you’re a head of a business or head of finance you’re a lot more likely to be targeted by organised crime (which granted can also be a Nation State). You probably realise that the heads of the business will be targeted more by hackers in phishing campaigns and things like that where the bad guys are scraping LinkedIn / Google to get peoples job titles and seniorities to work out how to target their attacks further to the most valuable targets.
- If you’re a top executive of a big firm then Nation State hackers will try and target their kids / family devices to try and get access to their homes for espionage or other such activities. Hence why I have a dedicated closed network just for my kids devices in my house.
- At the more bottom end of the scale we all get random attempts from hackers to get us via various phishing emails. We have to be aware though this isn’t just for our credentials (i.e that Multi-Factor authentication can save us from) as mentioned above emails sent asking us to click on links are also used to try and execute remote access trojans to give the bad guys access to your machines. Once a back door has been established this can be used for gangs to manually deploy ransomware.
- If you’re an executive for a company that pollutes rivers and ecosystems in foreign countries then you are likely to be a target for hacktivists.
So in general this Blog isn’t to try and freak people out or to cause paranoia but we find that people having a good base understanding of the types of adversaries out there really helps to frame how people should be thinking about their own security.
Please feel free to contact us if you have any questions on this Blog.
I’m lucky to have worked in technology all over the world for large multi-national organisations, in recent years I have built technology brands and developed products to help make technology that bit easier for people to grasp and manage. By day I run tech businesses, by night (as soon as the kids have gone to bed) I write code and I love building Cyber Security technology.
