Understanding the Attack approach.. basics
Posted Jan 16, 2025 11:05 AM
Understanding the crucial role of staying informed about the latest vulnerabilities and exploits helps maintain a strong security posture. This knowledge is further enhanced through the participation in ethical hacking contests like BlockBash, allowing you to gain valuable insights into attacker tactics and strengthen our organization’s defense strategies.To effectively defend against cyberattacks, it’s essential to understand the attacker’s perspective. Let’s explore the common steps attackers take to gain access to a system.
The attack process typically unfolds in several stages, each with specific goals and techniques used by attackers.
1. Gathering Intelligence:
The first step involves gathering information about the target system or network.
Attackers gather information through passive methods (e.g., searching public records) or active engagement (e.g., sending emails).
2. Mapping the Environment:
After initial information gathering, a deeper dive is conducted to identify active devices, services, and vulnerabilities.
3. Gaining Access:
Exploiting discovered vulnerabilities allows attackers unauthorized access through various techniques like social engineering (like phishing emails), software exploitation, or physical access attacks.
4. Maintaining Access:
Once in, attackers may use tools like backdoors or rootkits to solidify their presence for further exploration.
5. Covering Tracks:
Attackers may attempt to conceal their presence by clearing logs or deleting activity records.
Below is a simple scenario for gaining access to your online data.
An attacker would target your company and search for any info about you, they would find where your emails are hosted and what your email account is.
The attacker would setup a information capturing server, then send you a phishing email stating that you might have to sign into your email platform again (something like a file has been shared with you and to access it you would have to sign in).
That email not looking real suspicious, you would then click on the file and go ahead to sign into email portal. (nothing at this point seems out of the ordinary at this point)
You would be redirected to a sign-in page, once you enter your username and password you will be redirected again to your official email platform (if you have MFA enabled you would get your Text request as you normally would). Now the only thing that would seem out strange here is the fact that it doesn’t open anything except your normal email portal.
During that sign in process the attackers web service grabs your username, password and the MFA text session token. With all that info they can now log into your cloud platform and will have access to anything you have access to.
After they have their required info, they could laterally move and gain access to your local computer and internal work network.
This process can be done over a few days for in one day depending on how motivated an attacker might be.
