Free tools, tutorials, easy-to-run software, and, if that wasn’t enough, there is also Shodan; an engine to find devices connected to the internet in real time.
All these tools are a big pot cybercriminals use to stir up a tank of trouble. They are winding up the internet giving even the most talented of white hats a run for their money. Five countries – Australia, Canada, New Zealand, UK, and the U.S. – have already warned that everyone from individual hackers to organized rings have the means to launch sophisticated and persistent attacks with free tools. In their arsenal they have, among others, Remote Access Trojans, Web Shells and obfuscation tools.
These tools become especially useful when combined with Shodan. Shodan is a tool to find devices connected to the internet that can be compromised. Yes, you read that right. For example, if cybercriminals want to create a botnet to subvert IoT devices, they take a look at Shodan and develop attacks to take over the exposed devices, such as routers, and then direct their traffic to a specific IP address to launch a Denial-of-Service attack. Others can create a botnet to organize attacks from constantly-changing IPs, and so on.
The amount of stolen credentials has rocketed up more than 141% in North America quarter-over-quarter, according to a report from Blueliv. As long as companies rely on credentials to authenticate their customers, they will continue to be exposed to sophisticated attacks.
Dangerous Drivers Behind the Wheel
Remote Access Trojans are easily installed with drive-by-download attacks, phishing emails, and others. They creep onto desktops and are secretly installed providing a backdoor for the bad actor who gains a comfortable living-room view of all the activity in your machine while they wait for the best moment to attack. Using a command and a control server, hackers can send directions to their malware as if they were playing fun a video game from their couch, to steal your credentials, banking information, and credit card numbers, for example.
Web Shells are able to install remote administrative capabilities that can transport malware to various parts of the network where hackers can then copy, rename, or change files. Them come C2 obfuscation tools which help hackers hide their code and communications.
Another tool known as Mimikatz is used to bundle together some of the most useful tasks that attackers will want to perform. It can retrieve clear text credentials and hashes from the memory.
Preparing for the attack
This is only a spec in the swarm of free or ridiculously-cheap tools bad actors can use to target your network. It’s crucial to keep all the doors to your network protected by continuously updating security patches and monitoring any anomalous behavior in your environment.
Bad actors don’t only target your servers directly, they often use staff or admin accounts to access the company’s sensitive assets.
To prevent those, make sure you have verification systems that don’t rely on credentials or one-time passwords, which are easily hacked – you can just look at the news on any given day.
Yes, we live in a time where preventing breaches ain’t easy. Some will even say that it’s not a matter of if but when will you be breached. The question you should ask yourself is what would your company do if there were a breach? What is the process you have in place to mitigate the damage? To deal with the media? To help the investigation? To help your customers? If this is the first time you ask yourself these questions that’s OK; better late than never.
Today is a great day to start planning how to protect your networks and how to react in the event of a breach. If you leave it for tomorrow it may be too late.
Related to this blog Hacks, Cyberattacks, and Data Breaches, Oh My