Almost every day, the headlines report new hacker attacks on entire IT systems or the people who use them. The number of systems and users affected is growing every year, as is the damage caused by data theft, industrial espionage and digital sabotage. According to a study by Bitkom, Germany’s association for the digital industry, the damage to the German economy alone will amount to more than 200 billion euros by 2023. From a business perspective, cyber risks are constantly increasing, not least due to more targeted attacks from Russia and China. Cyber-attacks will be the biggest business risk in 2024 and beyond.
But what is hacking, how does a hacker do it, what types of hacks are there, and how can you protect yourself against them? In the following article, we try to explain the answers to these questions.
What is hacking?
Hacking is an attempt to circumvent the security mechanisms of a system. It either exploits known vulnerabilities in computer programs, operating systems, or networks. Alternatively, attackers consider the human factor and speculate on the gullibility, naivety, and ignorance of many users in the rapidly changing and increasingly complex digital age by using social engineering.
Hacking not always happens with bad intentions!
Originally, hacking had a positive connotation. It began as a way to hack into "high-tech" railroad equipment to adapt the electronic and mechanical devices to one's own purposes. And when the members of a railroad club started working with a computer, the term "hacker" was transferred to the computer. Nowadays, however, the terms "hacker" and "hacking" have a rather bad and damaging reputation. And yet, there are still many "good" hackers who put their knowledge at the service of companies, governments, and the general public, trying to protect their IT infrastructures.
The increase in the level of protection is mainly achieved by good hackers looking for vulnerabilities from the outside. It is important that this search for vulnerabilities is carried out regularly and in coordination with the attacked party, and that potential results are only communicated to the attacked party for elimination and are not maliciously exploited to the detriment of the attacked party.
A hack can be carried out by a single hacker. Unfortunately, as digitalization has progressed, there has been a shift to more organized hacking by groups of people and even state-sponsored companies. The goal of these increasingly professional "organizations" is often to attack specific companies or critical infrastructure on foreign soil in order to cause damage. There are three known types of hackers.
What types of hackers exist?
Hackers fall into three categories: Black Hat, White Hat, and Gray Hat hackers, based on old American Western movies where the bad guys wore black hats and the good guys wore white or light-colored hats.
-
Black Hat-Hackers are those who infiltrate computer networks with malicious intent to steal data, spread malware or hijack entire computers and networks. The reason is often pure self-interest, the pursuit of fame and financial gain, or simply to spread chaos.
-
White Hat-Hackers on the other hand, use their knowledge for good and track down black hat hackers or help companies find vulnerabilities to increase digital security. The hacking is done with the permission of the company and some of these hackers or computer security experts are permanent employees and thus part of the cyber security strategy of some companies or work as external consultants/contractors.
-
Grey Hat-Hackers are something like a mixture of the two types of hackers mentioned before. They look for vulnerabilities and hack into companies' systems and networks without permission. They then report any vulnerabilities they find to the company and fix them, provided they are willing to pay a certain fee. Some grey hat hackers call themselves "the good guys" because they do not engage in criminal activities like black hat hackers. However, many companies that have been hacked by them naturally see things differently and are rarely pleased.
The targets of cyber-attacks and the damage they cause
Attackers can have different objectives when attacking a network. The most common causes are:
- Disabling user databases to harm the attacked party.
- Theft of sensitive (company) data in order to use this data for industrial espionage.
- Stealing of confidential customer and user data (personal data) to blackmail the attacked party or their customers or users.
- Testing one's own security architecture and identifying vulnerabilities so that they can be addressed to increase the level of security.
What damage could be caused?
Depending on the size of the attacked IT system and the value of the stored confidential data, the damage to the attacked company can quickly run into millions of dollars.
It can start on a small scale when hackers go on a shopping spree or empty bank accounts in the name of the victim. Far greater damage can occur when public institutions such as hospitals or public utilities are affected, with hackers knowingly accepting civilian victims. The damage caused by economic and industrial espionage can also be enormous. For example, production stops and millions are lost when data and information from years of research and new, as yet unpublished products are stolen, or entire systems are crippled.
How does a hacker proceed or the 5 stages of a hack?
A hacker's approach varies depending on the type of hack and the goal to be achieved. A general step-by-step plan is described below:
-
Reconnaissance: The first step is reconnaissance, where the hacker gathers information about the target to identify potential vulnerabilities. What software applications and operating systems are in use, or is there publicly available information about the company's employees?
-
Scanning: When sufficient information is available, the hacker begins scanning the network and/or systems to further validate potential vulnerabilities.
-
Access: Once a potential vulnerability has been identified, the hacker attempts to gain access to the network or system. This can be done by exploiting bugs in the software code used, or by guessing passwords and credentials.
-
Maintaining access: If access is successful, the hacker next tries to maintain access in order to stay in the system as long as possible and collect data. This can be done by setting up backdoors or creating user accounts. This also includes hiding activities from security monitoring.
-
Covering tracks: To avoid detection, the hacker tries to cover his tracks. This includes deleting log files, manipulating security logs, or using other techniques to hide their activities.
What types of hack are there?
In addition to the approach, the techniques that hackers use to ensure that a hack is ultimately successful also vary. The following are some of the most common methods used by hackers. Of course, the following methods are often combined and used together as part of a larger attack strategy.
Social Engineering
Social engineering is a manipulation technique that exploits human weaknesses to obtain desired information. In this method, the hacker uses fake identities and various psychological tricks to get the victim to reveal personal or financial information. This is often done using tools such as phishing, spam emails, instant messages or fake websites. The amount of criminal energy used by attackers can be measured by the fact that approximately 150 billion spam emails are delivered to inboxes every day.
Passwort Hack
Hackers attempt to gain unauthorized access using lists purchased on the darknet that contain a collection of known usernames and passwords. Another variation is the dictionary attack. Common terms and words from a predefined dictionary are used, sometimes with additional characters, to gain access. Other methods commonly used by attackers include brute force attacks, password spraying attacks, and credential stuffing.
Malware
Malware is malicious software that hackers install on users' devices to infiltrate them undetected. It is spread through malicious email attachments, physical media (often used for industrial espionage), infected downloads, or vulnerabilities. It can be ransomware, which blocks access to the infected device or encrypts individual files and releases them only after a ransom is paid. Another alternative is spyware, which monitors infected devices and records all user actions. Other known malware methods use viruses, trojans or worm
Insecure WLAN networks
Wardriving links Wi-Fi data with location information. There is nothing wrong with this and it is allowed. However, hackers use wardriving to search for open or poorly secured Wi-Fi networks, which is often the case with public networks. When such a network is found, the attackers infiltrate the network, steal data, or use the Wi-Fi network for further attacks because the risk of being detected is very low.
How to protect against hacker attacks?
Unfortunately, there is no such thing as 100% protection. With a few simple measures, it is possible to effectively protect data, devices and networks and significantly increase the level of security. In addition, such measures will make you a less attractive target for many hackers, who will focus on the "easy prey".
To increase your own level of security, you should adhere to the standards of good software development. In addition, keep your software, operating systems, and devices up to date so that security holes can be patched quickly. Good antivirus software and a firewall can also help. Regular backups stored on external hard drives or in the cloud to prevent data loss and minimize downtime are also common practice today.
However, it is also becoming increasingly important to regularly train and educate employees about the dangers of suspicious emails or dubious websites. In particular, IT administrators should be made aware of potential security risks and the consequences of careless use of administrative accounts on the Internet.
Regular stress testing of your own systems and IT staff is also important to identify and address potential vulnerabilities.
Another important point is the use of state-of-the-art authentication methods. With the blog article: "Is my Enterprise Login System Respecting Latest Security Standards?", a number of simple security standards can also be tested by non-IT experts.
Strong, complex and uncompromised passwords provide additional security. This can be supported by appropriate features in the authentication solution such as password strength measurement and prohibiting the use of compromised passwords. Another important security feature can be the use of a multi-factor authentication solution - especially for sensitive data/areas.
As a good and reliable IAM provider, Engity will of course advise you on the above and other measures to increase your security level, because a secure login is still the first line of defense on the Internet.