What a Hack: Your Glimpse into the Mind of the Common Cybercriminal

Sophisticated network-level hacks, like parameter tampering, session hijacking, and cross-script forgery, are real and potentially disastrous threats, but pulling them off involves significant time and effort; it’s hard work. For the most part, cybercriminals do not launch those attacks, unless they anticipate especially great rewards.  

You’re much more likely to encounter these three relatively simple, common hacking techniques: 

1. Phishing Expeditions 

The easiest way for a cybercriminal to succeed is to go phishing for information they can exploit. 

Some phishing/vishing attacks are only designed to confirm what the cybercriminal already knows about your organization, for later use in a larger crime scheme. These attempts capture your information, install something bad on your network/computer, and begin the full data breach exercise they were designed to accomplish.  

Vishing (or calling) and text-message phishing, target cell phone users to obtain data by requesting sensitive information over the phone or by sending links, attachments, or – even worse – an image that automatically downloads to your phone. In well-crafted vishing attempts, the cybercriminal usually has some information about a user or their organization. These attacks typically seek a payout via ransomware or by selling information gained from a data breach on the black market. Cybercriminals may also use steganography to embed malicious code in an image and execute it remotely  

2. Imitation Games 

Fake websites sometimes simulate a legitimate login portal, which is an easy method to steal credentials. Freeware and Opensource software are the most vulnerable. Software downloads from a disreputable or invalid source are also risky. 

Drive-By Malware may also be installed without your knowledge while you visit a website, or you may be targeted by “malvertising,” in which a malicious pop-up message disguises itself as an advertisement/notification that, for example, a virus was found on your PC, or you’ve won free money toward purchases at a popular online retailer. These pop-ups usually include embedded malware or spyware, which continues to execute and collect data on your network or computer after you’ve closed the initial messages. 

3. Revealing Your Source 

Hacking your Source IP is also relatively simple. Your IP address is easy to glean from email headers, social media or other websites that contain data about you, and resources where you work.  

From there, if the GNOME GUI for the network interface is not secured properly, anyone can figure out what network devices you are using. With that knowledge, cybercriminals can also learn the email server’s IP address, gain insights into its structure, and attempt to sniff the network to capture configuration details, such as running services, version numbers, and other network characteristics, such as IP addresses and hostnames. If sent over unsecured/unencrypted protocols, user credentials will also be vulnerable.  

Cybercriminals might also leverage the Source IP to initiate DDoS attacks, in which multiple systems flood the bandwidth or resources of a targeted environment, rendering its services unavailable.   

Too Long; Didn’t Read? 

There are many ways to breach a network. Nobody’s perfect, and no device is fully secure.  

As technology continues to evolve, so will cybercriminals. It is of utmost importance to educate users, maintain a properly configured security framework, and follow a clearly defined process to mitigate any successful attacks.

Looking to improve your organization’s cybersecurity posture? CONTACT SDI to drive vigilance and resilience across your enterprise.