To catch a hacker: The subtle mistakes of an attack

Credit to Author: Trend Micro| Date: Thu, 09 Mar 2017 17:37:10 +0000

Hackers can make a number of easily identifiable mistakes.

For all the benefits that it brings, new technology tends to open up a wealth of opportunities for malicious parties to compromise sensitive data. Even as businesses strive to protect themselves by employing advanced cyber security tools, hackers are keeping pace with developments of their own.

Many organizations focus on alerts of an attack, such as blaring notifications that something just isn't right. However, a threat could easily be sleeping in their systems right now or attacks could be perpetrated right under their noses in the guise of normal transactions.

In fact, the quieter variety of cyber attacks is particularly dangerous and underprepared for. Methods are becoming more sophisticated and harder to detect, but there are ways that these threats can be caught.

Look at the evidence

Hackers in movies and television shows have helped perpetuate the myth that cyber attacks can only be detected when they are caught in the act. Data breach systems can detect when someone breaches and is inside your systems. This tool can help identify and mitigate attacks quickly, reducing potential risk and costs. 

But sometimes hackers remain undetected, and that calls for some cyber forensics. While malicious parties can certainly cover their tracks, there is typically a breadcrumb trail left behind. In fact, Hexadite co-founder Barak Klinghofer told USA Today that cyber criminals always leave evidence behind. Organizations can analyze this information to identify how the attack was perpetrated and who did it.

InfoSec analysts take a deep look into attack vectors, the timing of the breach, what information was stolen and to whom the data might be useful. Evidence can create a substantial picture leading to the culprit and mitigating similar attacks in the future. No matter how subtle an attack may be when it happens, organizations still have an opportunity to rectify it afterward by utilizing advanced cyber forensic tools and plugging the gaps.

Cyber forensics can analyze evidence hackers leave behind.Cyber forensics can analyze evidence hackers leave behind.

Determine the number of actors

EyePyramid, an information-stealing malware, was active earlier this year, and attacks that utilized this malicious software resulted in the theft of 87GB of sensitive data. It also targeted more than 100 email domains and 18,000 email accounts in Italy, the U.S., Europe and Japan. Despite the extent of this attack, it was eventually attributed to a brother-sister team who were using the malware to profit from the stolen data. A Trend Micro report by Martin Roesler found that their identification was a result of operator error. Their habits, quirks and techniques were their ultimate downfall. Cyber security tools must be able to recognize trends within behavior, allowing breached organizations to track down an attack to the source.

"Hackers can make simple mistakes by revealing too much about themselves."

Track social interactions

Hackers are no stranger to using forums and other means to sell their tools. However, even these individuals can make mistakes by simply posting too much online. In July 2014, when Limitless Logger was at its peak, cybercrinimals used it to disable security controls, record keystrokes and exfiltrate account passwords.

Trend Micro research started to dig into information about the original author by looking into them on Hackforums. From information within the posts, it was found that the culprit just completed the first semester in a university as well as contact details for Skype and PayPal accounts. Following the rabbit hole of these clues, public social network profiles were eventually found and Hackforum chat logs confirmed his true name. Hackers can make simple mistakes by revealing too much about themselves. A profile can be made from this data to narrow down the suspect pool and develop other leads to ultimately identify the culprit.

Watch for spelling errors

Hackers are human, and that means they make mistakes, especially when trying to phish for credentials. It's common for employees to easily glance over spelling errors in URLs and messages automatically clicking links without second thought. But that's not the way that spelling errors signal an attack.

For example, in early 2016, Bangladesh Bank experienced this firsthand. Hackers breached the institution's systems and stole payment transfer credentials. These authorizations were used to make nearly three dozen requests to move money from the bank to entities in the Philippines and Sri Lanka, Reuters reported. After the fifth request, a misspelling caught the eye of a routing bank, causing them to look into the transactions. While the error prevented a $1 billion heist, the hackers still managed to get away with $80 million for their efforts.

Organizations can be overwhelmed by the thought of cybercrime. However, there are a number of ways to spot a potential threat and stop it in its tracks. With capable cyber security tools, businesses can have peace of mind that their systems and data are secure.

http://feeds.trendmicro.com/TrendMicroSimplySecurity