What happens once a hacker gets into your Network?
In our last blog, we left off on the subject of how long hackers actually take up residence in your systems once they gain access. The average estimate is about 200 days according to this article in Infosecurity Group.
You may ask, why would they do that instead of just getting in and out quickly? Because they are patient, and they are in it for the biggest payday they can get. It’s literally their full-time job!
Typically, the bad actors will start by spending time looking for holes in configurations in your system to gain access to your network. Once they’ve secured access from an endpoint, whether it’s a laptop, a phone or a tablet, they can log in anytime they want! Actors embed themselves with “digital footholds” and removing them is often difficult.
Their next objective, to patiently survey and monitor your devices and infrastructures. Bad actors ultimately set their sites on gaining administrative or elevated access. Targeting organizational owners, executives, or administrative assistants yields optimum control data visibility. After hacking a prominent business individual or figure head, many actors create new administrative users. Why? The answer is simple, to avoid being caught or detected. Using a new admin user decreases the likelihood of getting caught while moving around in the network. A common technique used by nefarious actors, is triggering and tricking your technology helpdesk personnel. By deleting application files and forcing system administrative users into contacting the helpdesk, the hacker observes, records, and monitors users keystrokes etc.
Once they are confident that they won’t be detected, the real plan comes into play.
Over the next several weeks, they’ll spend time misconfiguring detection systems and whitelisting email hosts to ignore certain traffic. So, what’s the end game? A great pay day by exfiltrating and/or encrypting your data. Or worse, breaking into your customer’s systems.
The exfiltrated data typically goes up for sale on the dark web while the encrypted data makes the data unusable and inaccessible to the victims thus halting all business activity until a ransom is paid. This can be particularly dangerous to hospitals and nursing facilities who can no longer access patient information such as lab & imaging results or allergies to medications. Also, the hacker has spent enough time in your network to locate your cyber insurance policies to know just how much ransom to ask for so, we recommend storing that policy information outside of your network.
The amount of damage can be devastating. Even if you have a great recovery system where you can get your data back and get up and running quickly, there still needs to be remediation, which takes time, and your customer’s information is now for sale on the dark web and you are obligated to notify them of the breach and theft.
Your client’s and employee’s personal data may not be the big payday they are after. Often times, hackers are simply using your systems to gain access to much bigger fish, like your customer’s networks. Small companies are mostly used to target larger ones. Let’s face it, they will use you to gain access to your vendors and clients. And it’s easy because your customers trust you! They trust that you are protecting your data.
So if you aren’t investing in detection and cyber defenses, be prepared for liabilities. Do your customers mandate that you meet certain regulatory requirements. What kind of fines or penalties will you incur?
Keep your data safe by having a real security system in place. Firewalls, anti-virus, and competent tech associates alone are no longer enough. Train your employees to slow down and read emails carefully and to take notice when things just don’t add up, because human error is the number one way to become a victim of hacking.
To learn more about keeping your network secure contact us for a Free Hack Analysis!