SPOT THE HACKERS
Hackers & Cyber Criminals
Not all hackers are cybercriminals. So how do you know if there are any hackers present in your company/organization its network and digital assets or cloud systems?
How do you get a clear idea of what they are doing there, why and to what end? A presence could be either physical or virtual. We are all connected to the internet via our IP numbers and devices…
Not all connections and data pockets are secure or encrypted. In many cases, users or admins never read the access logs or even know this information exists. Most of the time, there is no time or knowledge on how to do this.
There is always a possibility that you are hacked without your knowledge. Different sources of Cyber Threat Intelligence confirm that hackers target as well individuals or whole industries.
Not all your security measures will work. Many hackers launch attacks and are able to bypass firewalls, antivirus systems, and other security protections in place.
ARE YOU BEING HACKED?
Why should you bother about hackers?
The naive or blissful thinking attitude.. that nothing is going on, “don’t be paranoid”, this won’t happen to us, we are too busy, we have nothing to hide, we are ok, we are too small or unimportant to be a target of hackers (etc…) is the main reason that your blindspots will be exploited. The list of excuses not to spend some money and time and intelligence on cybersecurity is endless. Common sense is sometimes totally absent. In some cases, there is blatant denial or ignorance at work.
Who should NOT be in my network and using our data?
- who are the users in my network
- who uses my bandwidth and WiFi access points?
- are access passwords still stored in excel files or cleartext files?
- is the confidentiality, integrity, accessibility of my files guaranteed (CIA principle)
- who can access my data?
- is my backup or cloud storage secure?
- are there credentials stored online or on PCs that should not be there?
- how do I know if hackers are targeting my technical infrastructure?
- are those new IoT devices secure?
- what if a vendor stores my login on their systems in an insecure way?
- how do I manage BYOD (bring your own devices)?
- do I have a counter hacker attack strategy in place?
- how do I monitor my network? who can monitor my network?
- can somebody log in and steal my files?
- can my passwords be captured?
- is my internet traffic encrypted?
Investigate if you are being targeted
Thus an investigation that goes deeper into finding out the significant unknowns, irregular or suspicious activity in and around computer networks and digital assets, digital devices might indicate that an organization/company is being targeted by hackers or already under some form of cyberattack, surveillance, or cyber espionage.
Reasons to verify if you are being hacked
- you need to protect the data in your system, accounting details, etc.
- as a caretaker of your customer’s data, you are obliged by the law to comply with PDPA, GDPR, and other regulatory requirements to safeguard these data and make sure you don’t put people in harm’s way, due to lack of compliance or negligence.
- the well-being of your co-workers and staff might be put at risk if data is hacked
- companies can literally go bankrupt or use millions, if not billions of US dollars as the result of hacking or cyber-attacks
- if you are online, which means connected, the chance that you are already hacked or will be hacked in the near future is quite high. Are you prepared?
Different types/categories of hackers (typology)
- White Hat Hackers – cybersecurity professionals authorized or certified to hack systems – pen-testing. ethical hackers.
- Black Hat Hackers – attack systems to steal data or destroy the system. Criminal Hackers. Malicious intent is clear.
- Gray Hat Hackers – in between black hat and white.
- Script Kiddies – amateur hackers, trying things out, experimenting, juveniles – doing lots of DoS (Denial of Service) or DDoS attacks, IP-flooding, etc…
- Green Hat Hackers – learning from experiences – opportunities – trial and error users.
- Blue Hat Hackers – hacking as a cyber weapon, gain popularity, revenge action, sometimes dangerous.
- Red Hat Hackers – they counterattack the black hats.
- State or Nation-state sponsored hackers – cyber espionage – spy on adversaries & other countries – government-funded groups.
- Professional Hackers for hire – basically mercenaries – will do anything for money if profitable – dark ops / covert ops.
- Cyber Terrorist type of hackers – attacking or destroying national security facilities, critical infrastructure, etc.
- Criminal hackers – into cybercrime –
- Political hackers – Hacktivists – affiliated with certain political ideologies – hacking government websites – personal, political, or social motivation.
- Malicious insider or whistleblowers – expose confidential data or illegal activities inside organizations.
- APT groups – advanced persistent threats – long-term threats – very persistent.
- Cyber Warfare hackers – conduct cyberwar, use cyber weapons, sometimes linked to military operations.
Different Purposes and motivations of hacking
- Ethical Hackers help companies and organizations in fixing their network security, IT security, and cyber security. Battle against cyber threats, and cybercrimes, set up cyber defenses, and detect vulnerabilities. do pen-testing.
- Black Hat Hackers: steal data, steal cryptocurrency and other information for self-profit, extortion, ransom, sell the data on the black market, dark web. Cause further nuisance to the target company (e.g.: Ransomware Attacks)
Red flags that your digital assets or systems might have been hacked
Many levels need to be looked at (OSI model & network infrastructure, software, hardware in use, cloud platforms, etc.)
- slow or unresponsive websites
- suspiciously high outgoing network traffic
- hacked devices run slow because other processes occupy the processor
- increased disk activity or suspicious looking files in the root directories of any drive
- illegal data exfiltration uses the network bandwidth – the network is slower – unauthorized data transfers
- a large number of packets that come from a single IP address
- slow browsing speed due to for example DNS Hijacking – dirty plugins/extensions, hacked browsers
- crashing systems – screen of death – freezing applications – lagging systems
- pop-up ads, unwanted adware
- reports that backdoors or trojans have been detected on your system
- spy apps logging your actions (check for log files)
- online unauthorized activity on your accounts
- unscheduled sudden reboots of devices
- unauthorized changes in system settings
- suspicious services added
- other abnormalities…
How to detect hackers?
- enumerate all the devices on your network. block mac addresses that you don’t want to have access
- check the IP addresses that are connected to you. An IP address can be used to find their approximate geographic location
- run a proper anti-virus, the firewall on your device
- check for spyware and PUPs
- check if remote users are connected to your computer
- check for unknown or suspicious processes running
- follow a network intrusion course
- check for illegal or suspicious software, many times these are used for remotely accessing a network
We are not just looking for a person wearing a hoodie…
Hackers come in many different forms and shapes… Looks and appearances are deceiving or even set up as deception or obfuscation. Only deeper profiling will lead to tangible facts and proof of what is going on.
Start your investigation and assessment today.