Cyberattacks happen staggeringly and cause massive damage, but it can often be unclear why a certain organization was chosen as the target of an attack. A lot goes into targeting so that cybercriminals can maximize the value they get. Understanding this process can help cyber defenders. This protects organizations from attacks, creates a safer internet, and reduces cybercrime.
Finding Initial Access
Initial access for an attacker is any foothold into the target network that can be leveraged to achieve their end goals. Hackers who break into a specific organization will spend a lot of time and effort in this phase trying to maximize their chances of success while minimizing detections. In situations where attackers target a single organization, they will take time to enumerate every possible path and pick the weakest ones to see if they can find some form of access.
In many cases, attackers are not trying to attack a specific organization. The focus is usually to make as much money as fast as possible, and the time spent doing careful reconnaissance of an organization is when the criminals are not making money. It is usually most profitable for attackers to go after the lowest-hanging fruit, meaning the easiest and fastest methods of initial access.
When major exploits are uncovered, criminals quickly leverage these to take advantage of the delay before defenders can patch the vulnerabilities. In this case, hackers will use tools to find any instances of these insecure components and try to attack them going down the list. They may not even know what organization they are targeting, but it is often the fastest way to find access to a company’s internal domain.
Database breaches are another easy way for hackers to get into sensitive networks. Credentials from data breaches can be sprayed against VPN panels, email logins, and corporate login pages to see if the credentials have been reused anywhere. People tend to use a few passwords everywhere, making this attack very effective.
The most common method for achieving initial access is social engineering. It is estimated that around 90% of hacks involve some form of social engineering. These attacks prey on human error and trick employees into giving up sensitive information to the attackers. If users with high-privilege accounts are successfully social-engineered, this can be extremely rewarding for the hackers.
Initial Access Brokers
In the black market business of hacking, initial access broker groups do most of the heavy lifting for these initial steps. They look for vulnerabilities that can be exploited and try to get the first step of the hack done against as many targets as possible. Once they achieve the initial access, they will then maintain it for as long as possible and sell the access to other criminals.
Initial access brokers are often indiscriminate regarding hacking and will look to get as many targets as possible. Other groups may be more selective, hoping to target organizations they believe will pay a lot of money or have valuable information. The initial access brokers make money either way, so they are largely indifferent to what further information there is.
Other criminals, such as ransomware gangs, will then buy the access and escalate the attack to achieve end goals, whether that is encryption of the domain or access to sensitive data. Often, access they buy may not lead to getting anything valuable, or they can’t coerce organizations into paying ransoms. This is why the initial access brokers try to cast such a wide net to sell more access to other hackers.
Defending Against Attackers
Implementing some common best practices with cybersecurity can help to stop attackers from getting initial access. Using strong and unique passwords, phishing exercises, and good patch management practices can slow down hackers. It can be helpful to perform regular external penetration tests to see how they can get in and internal tests to see what damage they can cause from the inside.
Test Your Security With Blue Goat Cyber
Our team at Blue Goat uses the cutting-edge techniques that many cybercriminals use to give you the best understanding of your security. We can help find the vulnerabilities in your networks, internal and external, to keep you safe from the various types of hackers on the open internet. Contact us to schedule a meeting.