Uncategorized

We Dig Into the Hacker’s Playbook for Some Solid Security Lessons

mr-robotWhat crosses your mind when you think about hacking attacks and data breaches? Do you picture a hacker in a ski mask typing furiously, or do you imagine scenes made memorable like those in television and film in works like Mr. Robot or Live Free or Die Hard? In the latter, hacking attacks are perpetrated by masterminds or those with grand ambition. Yet, this trend may portray an inaccurate representation of the typical hacker.

Keep in mind what these hacking tales are created to do: entertain. While life is often stranger than fiction, in the case of hackers, this certainly isn’t so. Security company SafeBreach issued the second edition of their Hacker’s Playbook, which guides the reader through the company’s experiences as they simulated particular methods of data breaches. The methods which succeeded were picked apart to understand how the hacker made their way into the network, how they moved around without getting caught, and how they made off with the data.

The results of such an experiment might shock you. Most successful attacks were operated by those who have been around for quite some time. Including executable files in email attachments was a favorite (and effective) tactic in a quarter of all attempts, while malware distribution, rootkits, and .zip files were also highly efficient. The results concluded that it’s not huge vulnerabilities that bring about catastrophe, as you might see on the big screen.

Rather, it’s simple issues that are often discreet and rely on user error.

Your security measures may not be up to snuff to protect your systems from this type of threat. In fact, the solutions that you rely on to keep your infrastructure safe from malware may be configured incorrectly, leaving you wide open to attacks.

What this means for businesses is that it’s practically guaranteed that, at some point, you can expect to be hacked. When this time comes, you want to make sure that you have both preventative measures to limit the damage done, and reactive solutions that can quickly detect and eliminate threats. Furthermore, it’s of the utmost importance that you educate your employees on cybersecurity best practices, and that you keep your systems as up-to-date and functional as possible.

Malicious links are hidden:

  • on common websites
  • in common-looking advertisements
  • inside text links
  • in website pop-up windows
  • especially in emails

Bogus UPS, Amazon, Best Buy and the Prince of Nigeria emails and notifications all want you to “click here for details” or to “verify” your account. These emails may look genuine but the simplest test is to simply consider if you have done business with any of these companies recently. These emails may have links or attachments that contain hidden adware, spam or ransomware that immediately infect your computer.

We urge you to err on the side of caution and use common sense as most of these infection are preventable; sometimes the best action is inaction. Don’t click.

With ActiveCo Technology Management’s comprehensive security solutions, you’ll find yourself losing less sleep over your network’s security. To learn more, reach out to us at (604) 425-3433.

Jeff Penner

Jeff Penner

Jeff has been in the managed services industry since 2015, understanding what business owners are looking for from technology, and helping them find it. The most important element for a business owner taking on a new technology partner is peace of mind and thus Jeff directs his efforts on finding practical information that any leader can apply to their business. Jeff lives in Vancouver, BC, sharing his love for learning and “the great indoors” with his 2 daughters.