Exploring the Hacker’s Playbook

By Dave Moorman, DynaSis

Just as we were posting last month’s article about security, I came across an interesting document developed from actual “playbook” notes from a hacker. As a follow-up to my July security article, I wanted to arm you with more information and insight regarding how cybercriminals think and work.

Today’s Hackers Don’t Believe in the “Big Bang” Theory. Unlike the hackers of yesteryear, whose aim might have been to show off their skills or make a public statement with a highly visible breach, today’s cybercriminals thrive on anonymity. Their goal is to gain entry into your network and insinuate themselves into your systems and, hopefully, those of the vendors and customers that trust your company as a data exchange partner.

One method noted in the “playbook” is to hide malware in system folders and camouflage it to look and behave like system processes. Hackers want your systems to become comfortable with their presence. It’s easier to do more damage, undetected, that way.

76% of breached organizations need someone else―a regulatory body; a customer; their IT vendor―to tell them they have been compromised.

 Hackers Don’t Grab, They Leak: Successful hackers know that copying big chunks of your data from one network to another may set off red flags. Emailing it could also be problematic and may be prohibited due to internal security settings.

In his playbook, the hacker notes that most companies do not set their firewalls to block outbound Internet traffic, and that public web traffic can be one of the most effective conduits to achieve what cybercriminals call “exfiltration.” They do this very slowly, essentially leaking data out of the network in small packets that firewall monitoring systems will perceive as normal outbound activity. Increasingly, they disguise these leaks as “secure” transmissions.

More than 25% of all data exfiltrated by attackers is encrypted by the cybercriminals using the company’s own encryption processes.

 The playbook is filled with other hair-raising tidbits that I don’t have room to share here. All of them underscore the importance of encouraging recognition within your organization that these attacks can happen very surreptitiously. Executive leadership is often resistant to accept this fact, which is one reason so many companies are penetrated and remain that way for so long.

Network assessments are a great first step to determining if your company could be―or has already been―compromised. The majority of companies we assess―even those with a security solution in place (other than ours, of course) have undetected malware on their systems. To learn more about the playbook and how we can help you defend against it, give me a call.