Organizations operate in a dynamic environment where they face a multitude of threats and uncertainties. While not all organizations are equally susceptible to each threat, understanding these potential challenges and developing strategies to address them is crucial for maintaining resilience and competitiveness.
Key Threats and Uncertainties:
In most cases, when you run an organization, you run into many different threat groups that might cause harm to your organization. Knowing these threat actors’ capabilities and analyzing what kind of security measures need to be put in place to stop these kinds of attackers is a clever idea. These threat groups can be moved into four categories. I will name them and describe and explain each of the distinct categories.
These are usually teenagers that have been playing around with easy-to-get hacker tools that could be considered a threat to your organization. It is, therefore, highly recommended you keep your systems well patched, so most default tools will not be able to exploit the critical infrastructure from the organization. Script Kiddies usually do not have the skills or know-how to program their tools, although, with the latest release of easy pwn scripts kiddies will be able to build tools. Besides exploiting development and research, they will usually not be able to excel that much in causing real damage if you have the right defenses in place.
The lazy hacker scripts
Source:
As opposed to Script Kiddies, cybercriminals or cyber-gangs are usually more experienced and possess a thorough understanding of the tools they use to extort you and your organization with a ransomware attack such as triple extortion. Triple extortion refers to a DDOS attack, Ransomware attack, and sensitive information disclosure. When you’re getting attacked by cyber criminals it is important for an organization to be restored as quickly as possible, it is usually a good idea to have backup and restore procedures in place. It is best to have periodic assessments conducted by ethical hackers or a professional red team, depending on the size of the organization, as well as adequate incident response procedures and detection systems in place to deal with this emerging threat.
Source:
An attack demonstration from TrendMicro how attackers break into your network and extort the victims
Nation states are usually the group you do not want to deal with; they use highly advanced malware to breach the organization and can stay undetected for extended periods. The nation state sponsored hackers are backed nation states, so they have experienced malware developers and cyber-warfare engineers to assist their intelligence and cyber operations. The only real solution to deal with nation-states is to have your backups well battle tested and regularly check your disaster recovery plans to meet the operational business needs and requirements.
Brief explanation how Stuxnet was able to break into the organizations and the powerplant and damage the centrifuges leveraging unknown vulnerabilities and exploits.
Sometimes, those closest to you are a great danger to the organization. It is recommended to have the right procedures in place to deal with Insider Threats that might be working with the enemy. The best way to deal with these kinds of threats is to have a mandatory vacation time to check if they have not been exfiltrating information that belongs to the company while also having the right detection and computer systems to track the transfer of the digitally stored information outside the corporate network.
Source:
There are not only software threats we have to worry about; there are also computer hardware and physical tools that could be exploited to compromise the integrity of the organization. For example, a hacker could use a hardware device such as a keylogger or a USB device to gain access to the system. Alternatively, they could use physical tools such as screwdrivers or pliers to gain access to the system.
This is a simple USB that can insert malicious commands into the host computer that has been plugged into. It also allows attacks as a keyboard device, making it hard to detect in your environment. A good policy to prevent these attacks is not to allow USBs or only allow the exact device ID number of the equipment being used. Next to that is recommended to have user awareness on not to plug ransom USB devices in corporate or personal devices.
Sometimes attackers use an Evil twin attack to spoof an existing SSID from a Wi-Fi network. It allows the attacker to capture all the traffic and modify it before sending it to its intended target. For an Evil Twin attack to be performed, you just need a device that can create a simple Wi-Fi network. The device is usually set up with the identical SSID as the legitimate Wi-Fi network, making it look like an identical, but malicious, version of the legitimate network. The attacker will then intercept the data sent to the legitimate wifi network and modify it before sending it to its intended destination, allowing the attacker to gain access to sensitive data. For example, an attacker can use an Evil Twin attack to gain access to a user’s credit card information if they attempt to make a purchase on a malicious website connected to the Evil Twin network.
These are special devices that can be plugged into the network. Usually, they have multiple means of connecting to the attacker that does not rely on the defender’s network. Usually, a wireless or a mobile connection is used to get initial access to the compromised network. This allows the attacker to establish a foothold in the target’s network without relying on the integrity or security of the defender’s network. The attacker can then use this foothold to launch further attacks and gain access to more data or resources. For instance, an attacker may connect to the target network using a wireless connection and then establish a remote connection to their own system, allowing them to access the target network from an external location.
Raspberry Pi is remarkably like the Lan Turtle but has more capabilities to run special tools to increase the arsenal of tools the attacker can use. The Raspberry Pi has a more powerful processor and more RAM, which enables it to run more complex programs. Additionally, the Raspberry Pi has more ports and connections, allowing for more peripheral devices to be connected. This allows for the running of specialized tools that the Lan Turtle may not be able to run. For instance, the Raspberry Pi can run specialized tools such as Nmap and Wireshark for network reconnaissance and packet analysis.
Sometimes, to force access to buildings, they use badge clones to clone an employee’s badge to gain access to restricted sections of a building. To prevent these attacks, make sure you have badges with verification or use an extra control factor for authenticating your employees. Badge cloners are a type of security threat that involves the unauthorized duplication of an employee’s badge to gain access to restricted areas of a building or facility.
When an attacking team does its engagements, sometimes all it takes is a lockpicking toolset to get into the server room. That is why it is vital to make sure your locks are difficult to pick, or you have digital locks. Just keep in mind that every new solution comes with a new problem. Therefore, make sure you have done the proper risk assessment of the level of security the organization needs. This is the case because even if the door is physically secure, a skilled locksmith can still pick the lock. This is why it is imperative to use digital locks, which are much more difficult to pick, to ensure the highest level of security for your server room
Sometimes, for safety reasons, you can open the door from the other side. This allows a shuffle tool to go under the door and open the door from the inside. To prevent this attack, make sure the shuffle tools do not fit under or next to the locking mechanism.
Source:
Evil twin (wireless networks) – Wikipedia
Practical explanation Videos:
Physical Security’s 15 Greatest Hits
Raspberry Spy – Building a Custom Red Team Tool
So, you want to clone your work badge, apartment fob, gym pass, etc. to a chip implant?
Snagging Creds from Locked Machines with a LAN turtle – Hak5 2104
Rubber Ducky Windows 11 Payload
Build a Pumpkin Pi — A Rogue AP & MitM Framework That Fits in Your Pocket [Tutorial]