by Scott M. Lewis
When we talk about hacking computer systems, actual statistics can be challenging to determine for several reasons. The primary reason is that companies don’t want customers, vendors, to know what happened due to the embarrassment that they were hacked and the fear of public backlash. Another reason is that we have an elevated sense of security that Firewalls and Anti-Virus alone will protect our businesses, which we are finding out, yes they are great tools. Still, they can’t provide us as much protection as we sometimes lull ourselves into thinking they do, but they are the front lines on the cyber warfare front. Then there is the ongoing battle of convenience verse security, with budget squished in the middle. The bottom line is that the more convenient it is, the less secure it is. I know it is not the answer that we as business owners want because we care about employee productivity. We also don’t want to listen to what we interpret is the noise coming from the end-users, about how sometimes security is too limiting, which results in leadership allowing for more convenience and less security. Balance is the key.
System hacking can take time; hacking is typically not something that happens overnight, not that a hacker couldn’t be opportunistic; typically, hacking is not a crime of convenience but more a crime of patience. The best hacker doesn’t want you to know they have gained access to the system, primarily due to the overriding goal of stealing as much data as they can and selling that data or holding your business for ransom and trying to force payment. When a computer hack does occur, the first objective is to load software that allows them to search and exploit other weaknesses or pivot from one system to another to give them access to as much of the system as possible. To achieve their goals, these incursions onto your system can take weeks or months before anything revealing occurs that would indicate that your system has been compromised. The ability of hackers to hide in your system undetected increases the need to improve your detection, containment, and remediation processes critical to your overall security program.
These are some reasons why compiling a factual statistical matrix is difficult to produce, which skew the risks and risk mitigation evaluation processes and can contribute to the false sense of security some companies fail to realize. However, the industry recognizes that a hacking attempt happens every twenty seconds, and the industry acknowledges that unsuccessful attempts are more common than those compromised. However, you would think that we would see a decline in successful hacking attempts but based on the reported data, successful attempts are actually on the rise.
One of the first questions I am asked when I speak about security at conventions and seminars is; who is to blame for the system hack? People must first understand that there is no such thing as 100% secure unless you are willing to unplug your business; being one hundred percent secure is an unreasonable expectation. We all have a responsibility to have reasonable cybersecurity measures at home and the workplace that protect the work environment and the data that drives our businesses. In the commercial world, one of the most critical factors in building a culture of security within your workforce would include ongoing security awareness training and testing for all employees, including ownership. Failing to understand that the human factor is one of the biggest threats to your system and adopting proper security measures to address both internal and external security risks will put your organization at risk.
Where does the responsibility for security reside? The truth is we all have a role; we all have a part in ensuring that we don’t put our business at risk, from the ownership to the employees, to the technologist. The reality is that you can do it all right, have all the protections in place, and you can still be a victim of a ransomware attack, crypto attack, virus, unauthorized access, and many other risks that need to be mitigated. The growth in system attacks is increasing at an expediential rate; based on the political environment that we all live in; cyberwarfare has simply become the norm; now, don’t be a victim. Emerging technologies and strategies that bad actors are undertaking to gain unauthorized access resulting in data loss are increasing. These emerging threats can outpace the ability to detect, develop countermeasures, and modify risk mitigation plans. Hackers use several methods to go undetected in your environment and hide from the typical detection methods. We have to keep in mind that it is to the hacker’s advantage to go undetected, and they spend a lot of time and money to learn and perfect their hide-n-seek countermeasures to detection. According to WebProfessionals.org, here are some of the ways that hackers go undetected:
- Adding Layers of Virtual Machines – Hackers typically utilize Linux and are careful to make sure that they add layers of infrastructure between them and their targets. Before launching ransomware, crypto, or other cyberattacks, a hacker will likely connect to your system through a maze of virtual machines that could, in all likelihood, be hosted in different regions of the world. These virtual connections are sometimes called ghost machines and are removed and rebuilt regularly to cover their tracks.
- Spoofing IP and MAC addresses – when you connect to the Internet or when any device connects to the Internet, it must have an IP address that typically is assigned by the Internet Service Provider (ISP). The IP address identifies that device on the Internet and can connect to resources through your web browser. IP addresses and MAC addresses are the most common way people and devices are tracked online. Hackers use various tools to spoof addresses to disguise their location and devices to get around this.
- IRC Communication – From the hacker’s perspective, there is a good reason they don’t communicate on traditional social media as we all have learned they are prone to eavesdropping and don’t offer a high level of secured communication. Most hackers prefer to use Internet relay chat (IRC). IRC communication is typically run on individual servers, and they don’t interface with the public cloud, which would be sites like Facebook, LinkedIn, and Instagram; since there is no interface to the public cloud, they are considered secure and can be difficult to trace.
- VPN – Investing in a VPN when connecting to a corporate network or just browsing the Internet is one of the smartest things companies and individuals can do to protect themselves. However, bad actors can also use VPNs to help facilitate their deeds. Hackers often have accounts with many VPN providers, and they commonly switch between them. Remember, it is about remaining hidden in the shadows, here one moment, gone the next. Hackers want to make it as difficult as they can to identify, track, and determine their location.
- TOR Browser – Hacker’s primary choice of web browsing is through TOR, similar to Google, Mozilla, or the multitude of other common web browsers. TOR offers more built-in privacy advantages that work with the unindexed part of the Internet, more commonly known as the Dark Web. When using a TOR browser, the traffic is passed through several relays spread across the globe. The traffic is encrypted and then passed to another relay at each relay, making it almost impossible to track a user session or their activity.
These are just ways that hackers hide their movements and activities on the Internet and within your network, making it almost impossible to track, capture, and prosecute bad actors if you have become a victim. However, you have to be aware of them to develop a security matrix that accounts for them and implements security countermeasures. Look for part two in next month’s issue of Small Business Monthly.
Scott Lewis is the President and CEO of Winning Technologies Group of Companies, which includes Liberty One Software. Scott has more than 36 years of experience in the technology industry and is a nationally recognized speaker and author on technology subjects. Scott has worked with hundreds of large and small business to empower them to use technology to improve work processes, increase productivity, and reduce costs. Scott has designed thousands of systems for large, medium, and small companies and Winning Technologies goal is to work with companies on the selection, implementation, management, and support of technology resources. Learn more about Winning Technologies at www.winningtech.com or call 877-379-8279.