Hacking Scenarios: How Hackers Choose Their Victims

Enforcing the “double-extortion” technique aka
pay-now-or-get-breached emerged as a head-turner last year.

May 6th, 2022 is a recent example.

The State Department said the Conti strain of ransomware was
the most costly in terms of payments made by victims as of
January.

Conti, a ransomware-as-a-service (RaaS) program, is one of the
most notorious ransomware groups and has been responsible for
infecting hundreds of servers with malware to gain corporate data
or digital damage systems, essentially spreading misery to
individuals and hospitals, businesses, government agencies and more
all over the world.

So, how different is a ransomware
attack^[1]
like Conti from the infamous “WannaCry” or “NotPetya”?

While other Ransomware variants can spread fast and encrypt
files within short time frames, Conti ransomware has demonstrated
unmatched speed by which it can access victims’ systems.

Given the recent spate of data breaches, it is extremely
challenging for organizations to be able to protect every
organization from every hack.

Whether running a port scan or cracking default passwords,
application vulnerability, phishing emails, or ransomware
campaigns, every hacker has different reasons for infiltrating our
systems. It is evident why certain individuals and companies are
targeted because of their software or hardware weaknesses, while
others affected do not have this common Achilles’ heel due to
planning and barriers put in place.

We can bring in support of security experts like Indusface^[2] to defend ourselves and
pursue an attack-reduction strategy to reduce both the likelihood
and impact of becoming the victim of a cyberattack.

But what characteristics do companies possess that tend to
attract cyberattacks, and why do hackers target them?

And if you knew your company was a likely target, would it make
sense for you to be wary of the many ways your information could be
compromised?

What Motivates a Hacker?

When hackers hack, they do so for several reasons. We’ve listed
the 4 most common motivations behind the hacking.

1 — It’s About Money:

One of the most common motivations for breaking into a system is
monetary gain. Many hackers may try to steal your passwords or bank
accounts to make money by taking off with your hard-earned cash.
Your customer information wouldn’t be safe if hackers made off with
it as they could use this data in several ways, perhaps by
blackmailing you or even selling it on the black market or deep
web.

The average cost of a data breach was $3.86 million in 2004,
according to IBM, and that number has since risen to $4.24 million
as of 2021. It’s even expected to rise even more in forthcoming
years.

2 — Hack + Activism aka
Hacktivism

Some people look at hacking to start political and social
revolutions, although the majority are interested in expressing
their opinions and human rights or creating awareness over certain
issues. However, they can target anyone they like – including
terrorist organizations, white supremacist groups, or local
government representatives.

Hacktivists, also known as ‘Anonymous,’ normally target terror
groups like ISIS or white supremacist organizations, but they have
also targeted local government groups. In January 2016, an attack^[3]
on the Hurley Medical Center in Flint, Michigan, led to the leak of
thousands of documents and records. The organization claimed
responsibility with a video promising “justice” for the city’s
ongoing water crisis that resulted in 12 deaths over time.

Whether it’s a single hacker or a simple online gang, the
primary weapons of hacktivists include Distributed Denial of
Service (DDoS) tools and vulnerability scanners- proven to cause
financial losses for well-known corporations. Remember when
donations to WikiLeaks were halted, and Anonymous rode high on a
series of DDoS attacks^[4]?

3 — Insider Threats

Insider threats can come from anywhere, but they are viewed as
one of the organizations’ greatest cyber security threats. Many
threats can come from your employees, vendors, contractors, or a
partner, making you feel like you’re walking on eggshells.

Someone within your organization is helping a threat become a
reality. Now that we think about it, almost all of your employees,
vendors, contractors, and partners are technically internal to the
organization. One major weakness enterprises have their core
systems of protection; the firewalls and anti-virus programs are
easily bypassed by whoever has access to these programs at any one
time.

So when the next wave of cyberattacks comes, who better than
someone you’ve always trusted with key security access, damage
control measures need to be implemented to prevent a repeat of a
situation as catastrophic as Sony’s hack in 2014 (possibly
perpetuated by its own employee).

4 — Revenge Game

If you have an unruly employee looking for a way to get revenge
on your company, they will more than likely take the time to think
of a good attack, leaving you thinking twice about dismissing
them.

If they have access to your system, you can be sure that they
will try to find any way possible to use their privileged status to
get back at you even after leaving the company. One way of doing
this is by accessing databases and accounts that require logins and
passwords. In other cases, disgruntled workers might even sell
vital information in exchange for money and more favorable job
opportunities only to mess with your organization’s
infrastructure.

5 — Attack Vectors

Cybercriminals are utilizing a wide range of attack vectors so
that they can infiltrate your system or take custody of it by using
ransomware attacks like IP address spoofing, phishing, email
attachments, and hard drive encryption.

a) Phishing

The most common way to spread ransomware is through phishing
emails. Hackers send carefully crafted phoney emails to trick a
victim into opening an attachment or clicking on a link containing
malicious software.

There are lots of different file formats malware can come in.
For example, it could be in a

PDF, BMP, MOV, or DOC.

Once hackers take control over your company’s network,
ransomware malware has a good chance of getting into your system,
encrypting information, and taking hostage all the data stored on
your devices.

b) Remote Desktop Protocol (RDP)

Running over port 3389, RDP is short for Remote Desktop
Protocol, allowing IT administrators to remotely access machines
and configure them or merely use their resources for various
reasons – such as running maintenance.

The hacker begins by running a port scan on machines over the
internet that have port 3389 open. 3389 is for SMB, or Server
Message Block, which allows for basic file sharing between Windows
computers and is often turned on in the early days of internet
usage.

Once a hacker has gained access to open machines on port 3389,
they often brute-force the password so they can log into them as an
administrator. And then, it is a matter of time. Hackers can get
into your machine and initiate the encryption operation to lock
down your data by purposefully slowing or stopping critical
processes.

c) Attacks on Unpatched Software

A weakness in the software is one of the most promising methods
of attack deployment in today’s environment. In some cases, when
software is not fully up to date or patched, attackers can enter
networks without having to harvest credentials.

The Closure

Cyber hackers can now do just as much analyzing and evaluating
as security teams for their products. They have the same or even
more tools to scan any given system, so it’s practical to be able
to foresee their motivation and profiles.

With hackers becoming more sophisticated, it is on top priority
to have proactive cybersecurity mechanisms to maintain the health
of your business.