Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd and Amazon #1 author on Cybercrime discusses how the cyber criminals attack the users of the digital world
[Start of transcript]
HI, my name is Roger, and today I’d like to do the anatomy of a cyberattack on a business.
Before we go any further, cyber criminals are fast, persistent, always on, and they are always looking to breach anybody’s defenses. But there is a process that they go through that if you understand the process then you can actually help yourself protect yourself against being a statistic on the internet.
One of the first things they do is they do a recon, so number one is they reconnoiter the internet to find out who you are, what you do, and why you do it. So they go to Facebook, they go to Twitter, they follow you on Twitter, they go to LinkedIn and see where you are, what you’ve been doing, how much experience you have. And then the second point is they set up a lure.
Now a lure, just like in fishing can be a fishing attack, which is let’s send a email to someone hoping they will click. Or it could be a spear fishing attack, and a spear fishing attack is ten times more productive because they’ve done ten times more research on what will make you click on the link that they send you. And the moment you click on that link, that’s when they’ve got you. But the link was only a redirect. The redirect will then next go to the next party. The redirect calls home and says, ‘okay, I’m in, now what do I do?’
The next thing that the cyber criminal will do is they will install an exploit kit. Now exploiting kits are what the cyber criminal has been creating, or has automatically been created by the system they’re using. There’s a living space system called Carly, which is a hacker’s dream. Doesn’t cost you any money. You can set it up on a virtual environment on a pc or a laptop and nobody’s the wiser to what you’re doing. And that is the wonder of what happens on the digital world.
So they’ve downloaded their exploit kit. They’re now looking at your computer, your network, your functionality, what you do, how you do it. The next thing they do is they attack. Now they’ve got all these other things in place already. Now the attack is, ‘okay, we know he’s the Chief Financial Officer’, the attack could be, let’s find out what his resources are and how we can access his bank account. Or he might be the Chief Scientist who has now got thousands of papers to his name and they want to know what the papers are, what the information is, so that’s the attack.
The sixth component is the recovery phase. The malware has got all the information, they know exactly where the information is and they can now either move it into one place so they can extract it, or they can document where everything is and so they can do it when they want to do the extract. Sometimes, that component, the recovery and the attack can take years.
So if you’re wondering how long this takes, they’ve done a documented study in the US that says that from ingress to discovery can take two hundred and seventy days minimum. When that happens, that two hundred and seventy days the cyber criminals have been really, really busy. And it’s not until that time when they go, ‘let’s get the information out’ that they start covering their tracks.
And what do I mean by covering their tracks? They’ve got all the data out, they know exactly what data they’ve stolen. They know access to what systems, what money, bank accounts, all of that information is now in one little file that they’ve now sucked out. But what are they going to do? Well, to cover their tracks they’ll crash the system. They’ll literally burn the pc and there’ some nasty malware out there that will actually fry hard drives and fry mother boards.
So, no matter what, unless you’re a forensic person who knows what they’re doing, you’ll never find out what happened. To you it might look like the pc just died. But the good thing about it is that each step of the way you can stop it, if you discover it fast enough and soon enough you can stop the attack.
One of the best ways, as I said, is to educate your people. Educate your people so they are wary about things like spear fishing email. That they will question information that they are receiving from other places. Because it is really important to your business that they question that sort of thing.
We’ve got a client, who, for some reason, one of the people inside kept receiving emails from the CEO saying, ‘I cannot access the database. Can you extract the database to CSV and send it to me?’ Now, because we’ve been educating them, they had the second thought about, ‘why the hell would he be doing that today? Or why would he do that at any time?’ Because he knows how to get into the database system, why would he need to do this? And then it’s really important when you get to that <indiscernible 06:25> of protecting your business.
Thank you very much.
[end of transcript]