Introduction
Crime, especially organized crime, is a business. Return on investment, risk vs. reward, balance sheets, cost of inventory and personnel, software and hardware costs – these and many more factors (including attitude factors such as loyalty and customer service) create an ironic connection between criminal activities and business ventures.
The bigger the potential payout, the better chance that the crime will be attempted. While no one is immune to cybercrime, a big payout is attacking big corporations.
Nothing in this writing is intended to shame or blame any companies that were attacked. Many attacks – including the ones noted here – are comprised of multiple exploits. Maybe it’s a combination of an accidental download of fileless malware, and a months-long intrusion (pointing to a lack of internal monitoring). Or it’s a disgruntled employee who is bribed to give a username and password to the thief to install spyware on a laptop so they can discover admin credentials to SSH into an externally-facing server. Perhaps it’s infiltrating a third-party, staying under the radar for months to map the network of the customers, then distribute malware.Â
Chained attacks like these make it difficult, if not impossible, to find the exact point at which the network is compromised. And this complication makes it that much harder for companies to defend against them. Layered defense is the security principle, but the more layers, the more costly in terms of personnel, talent, and financial resources.
Let’s cover several of the techniques used....
Read the rest of this story with a free account.
Already have an account? Sign in
Author
BlogFebruary 9, 2022Using AutoPWN to get a backdoor | Metasploit Tutorial [FREE COURSE CONTENT
BlogAugust 10, 2021Password spraying attacks [FREE COURSE CONTENT]
OpenJune 25, 2021Fuzzing with Metasploit [FREE COURSE CONTENT]
BlogJune 16, 2021Linux Passwords [FREE COURSE CONTENT]
