ChannelLife Australia logo
Industry insider news for Australia's technology resellers
Story image

Inside modern hacking: The seven stages of a breach

By Patrick Martlew
Tue 19 Dec 2017
FYI, this story is more than a year old

There’s absolutely no doubt that implementing the right approach to cybersecurity in contemporary business practices is an issue of massive importance.

However, it’s no longer true that having strong internal security architecture is sufficient to keep your organisation - and people themselves - safe.

There has been a bit of an ideological shift in how hackers are thinking about gaining access to critical information and internal systems, and it revolves around gaining a critical understanding through fine-tuned targeting of an organisation's most precious resource - its employees.

Hackers are most evidently tracing what they describe as the ‘keys to the castle’, which are privileged accounts that provide the deepest access to confidential and sensitive data on computer systems and networks.

Once a privileged account is breached, it can have absolutely catastrophic effects on an organisation, as extremely sensitive data and systems are compromised before an organisation is even aware of the breach.

Industry analysts estimate that from 60 to 80% of all security breaches now involve the compromise of user and privileged account passwords.

This presents a significant opportunity for resellers, as privileged access management solutions are becoming the new standard for cybersecurity.

To understand this, let’s have a look at six stages that might typically make up what a contemporary hack looks like.

Stage one: reconnaissance

The methods that hackers are using to be able to source the required information that facilitates breaches is truly astonishing.

Hackers utilise the wealth of personal information provided to them by the internet to develop a profile of the person in which they’re targeting.

This comes in the form of things like full name, home address, telephone numbers, IP address, biometric details, locations details, date of birth, birthplace, and even family members.

Cybercriminals and hackers can spend up to 90% of their time performing reconnaissance of their targets before acting, using both public and deep web searches to collect information on a company and its employees.

All of this information can be easily obtained without touching a company’s security perimeter.

Stage two: spear phishing

Once vital personal information is sourced, attempts to target employees become far easier.

In many cases, an unsuspecting employee receives an authentic looking email from a third-party supplier or via a social media message.

Known as spear phishing, the urgent message “requires” the employee to click once on a hyperlink and type in their credentials.

Once submitted, the employee has handed over their secret password and digital identity to the cybercriminal, who can then bypass security controls and pose as a trusted employee.

It’s not just limited to this technique though when reconnaissance and enumeration are conducted carefully and extensively, it literally takes 24-48 hours to gain access to a network, often via a secondary unsuspecting victim.

This could be in the form of a family member or spouse that uses a company laptop, who attacker can then specifically target for critical information.

They use their comprehensive profiling to target unsuspecting victims, and ultimately gain access to networks more easily.

Stage three: exploration

Once the attacker has gone through the time and effort to learn about the victim and gain initial access to the company network, they typically don't act immediately.

Attackers perform more reconnaissance, including observing regular schedules, security measures, and network traffic flow.

In most cases, cybercriminals begin by looking for well-known system vulnerabilities, such as unpatched servers.

With compromised credentials, the cybercriminal can work his way across the network further and deeper into the victim’s IT infrastructure, creating additional backdoors for future access.

Stage four: escalation

This is where hackers often look at leveraging regular hacked accounts to gain access to the ‘keys to the castle’ - privileged accounts.

There are many ways to elevate privileges on systems. Whether it is exploiting services, file/folder permissions, task scheduler, cached credentials, DLL hijacking, or simply using tools like Mimikatz or John the Ripper to hijack sessions or pass the hash exploits.

Most of the problems come from organisations using the same local admin password on all systems, meaning once a single system local admin is compromised, moving around using the same account is quite easy.

Stage five: maintain access

Hackers must ensure that they maintain access to systems, once they’ve breached them, which typically quite easy to accomplish.

Hackers can download compressed, encrypted tools and utilities from the internet that allow them to avoid existing security controls.

Hackers can also create new privileged accounts - called backdoor accounts - which provide access should the original account be terminated.

They can also accomplish this by changing existing passwords on services accounts, or install remote access tools that are hidden behind normal applications used every day by employees.

Stage six: conduct malicious activity

Financial gain is most commonly the motivation for hackers, and recent incidents featuring ransomware such as WannaCry and NotPetya illustrate how damaging these kinds of attacks can be.

To implement their full attack plan, hackers rely on typical methods for accessing the now compromised privileged accounts and sensitive data.

They will do this by using troubleshooting or helpdesk tools for operating systems that provide remote access, remote shells, or even malware that calls home to a command and control server on a predefined schedule, waiting for instructions from hackers.

Stage seven: covering tracks

Removing any sign or indication that a network has been hacked is the final step in a successful breach, which can be beneficial in case they want to revisit the network.

This can be accomplished by deleting log files or any other traceable activity.

This process is actually easily conducted by hackers, as the privileged accounts that they hold give them all the tools they need.

Where do we go from here?

People are the new perimeter, and organisations must look at tools to mitigate these people-centric modern hacking approaches from ever occurring in the first place.

Privileged access management offers a next-generation solution for mitigating these issues, as these solutions control privileged accounts and validate identity and permitted access to critical systems and data.

Resellers can take advantage of this phenomenon, as we’ll start to see the cybersecurity market shift towards adopting and implementing these solutions.

While having a strong firewall is important, people within an organisation must be given an extra layer of stability, as this is what hackers will find most challenging to deal with.

Related stories
Top stories
Story image
Tech job moves - Forcepoint, Malwarebytes, SolarWinds & VMware
We round up all job appointments from May 13-20, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Vectra AI
Understanding the weight on security leader’s shoulders, and how to shift it
Millions of dollars of government funding and internal budgets are being funnelled into cybersecurity to build resilience against sophisticated threats, indicating how serious this issue has become.
Story image
Telstra enters into new RSP agreement with Opticomm
Telstra has entered into an RSP agreement with Opticomm (A Uniti Group Limited subsidiary) to provide network fibre services to customers.
Story image
Alarming surge in Conti Ransomware Group activity - report
A new report has identified a 7.6 per cent increase in the number of vulnerabilities tied to ransomware in Q1 2022.
Story image
Legrand unveils Nexpand, a data center cabinet platform
Legrand has unveiled a new data center cabinet platform, Nexpand, to offer the necessary scalability and future-proof architecture for digital transformation.
Story image
Data solutions
South Australia state satellite makes significant progress
South Australia’s first state satellite has successfully completed the Critical Design Review (CDR), moving it closer to providing tangible data solutions.
Story image
Artificial Intelligence
AI-based email security platform Abnormal Security valued at $4B
"A new breed of cybersecurity solutions that leverage AI is required to change the game and stop the rising threat of sophisticated and targeted email attacks."
Story image
PNY launches XLR8 Gaming EPIX memory products in A/NZ
PNY has launched its XLR8 Gaming EPIC-X RGB™ DDR4 Silver 3200MHz and 3600MHz memory products in Australia and New Zealand.
Story image
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
Story image
9/10 Aussies to stop spending if personal data compromised
"Based on the patterns we are seeing among Australian consumers, it is evident that trust in a brand is exceptionally important."
Story image
Noname Security partners with Netpoleon to target API issues
Specialist API security firm Noname Security has appointed Netpoleon as its distributor in Australia and New Zealand.
Story image
Telstra, Google and Accenture launch 5G AR experience for AFL
Telstra, Google and Accenture are developing a new 5G powered augmented reality (AR) experience at Melbourne's Marvel Stadium for the footy season.
Story image
BlackBerry offers Kaspersky replacement cybersecurity for the channel
BlackBerry advises that users of Kaspersky software in Australia and New Zealand undertake a rigorous risk analysis of their current security posture.
Story image
Fortinet's Security Fabric hits new record for integrations
The Fortinet Security Fabric has surpassed 500 technology integrations with more than 300 Fabric-Ready Technology Alliance Partners.
Story image
Artificial Intelligence
SAS announces new products amid cloud portfolio success
Analytics and AI company SAS is deepening its broad industry portfolio with offerings that support life sciences, energy, and martech.
Story image
Artificial Intelligence
SAS launches human-focused responsible innovation initiative
SAS has launched a responsible innovation initiative, furthering its commitment to equity and putting people first.
Story image
WolfVision announces new range of visualisers
WolfVision has announced a new range of visualisers to help meet multiple industry demands for remote learning and educational solutions.
Story image
KnowBe4 celebrates reaching 50,000 customers worldwide
KnowBe4 has reached the milestone of 50,000 customers, adding nearly 2,500 in the first quarter of 2022 alone.
Story image
Data Protection
Barracuda launches new capabilities for API Protection
"Every business needs this type of critical protection against API vulnerabilities and automated bot attacks," Barracuda says.
Story image
The 'A-B-C' of effective application security
Software applications have been a key tool for businesses for decades, but the way they are designed and operated has changed during the past few years.
Story image
Hard numbers: Why ambiguity in cybersecurity no longer adds up
As cybersecurity costs and risks continue to escalate, CEOs continue to struggle with what their investment in cyber protection buys. Getting rid of ambiguity becomes necessary.
Story image
Managed service providers: effective scoping to avoid costly vendor pitfalls
Managed security services are outsourced services focusing on the security and resilience of business networks.
Story image
Google and CSIRO use AI to help protect the Great Barrier Reef
Google has partnered with CSIRO in Australia to implement AI solutions that help protect the Great Barrier Reef.
Story image
Cybersecurity starts with education
In 2021, 80% of Australian organisations responding to the Sophos State of Ransomware study reported being hit by ransomware. 
Story image
Remote Working
Australia’s remote workers face connectivity and security issues
SOTI's new report finds better video conferencing technology and improved security measures are top concerns for remote workers in Australia.
Story image
Nozomi Networks
Nozomi Networks, Siemens reveal software integration
Nozomi Networks and Siemens have extended their partnership by embedding Nozomi Networks’ software into the Siemens Scalance LPE local processing engine.
Story image
Application Security
What are the DDoS attack trend predictions for 2022?
Mitigation and recovery are vital to ensuring brand reputation remains solid in the face of a Distributed Denial of Service (DDoS) attack and that business growth and innovation can continue.
Story image
Motorola Solutions acquires Videotec S.p.A for security portfolio
Motorola Solutions has acquired Italian ruggedised video security company Videotec S.p.A, along with its portfolio of highly versatile cameras.
Story image
Hands-on review: WD_Black SN770 NVMe SSD Game Drive
Western Digital expands its WD_Black range of NVMe solid-state drives with the WD_Black SN770 Game Drive.
Story image
Artificial Intelligence
SAS unveils AI experience to improve kids' batting abilities
SAS has created The Batting Lab, an interactive experience using AI, computer vision and IoT analytics to help kids improve their baseball and softball swings.
Story image
A third of companies paying ransom don’t recover data - report
Veeam's report finds 76% of businesses who are victims of cyberattacks paid the ransom to recover data, but a third were still unable to get their information back.
Story image
Digital Transformation
Pluralsight and Ingram Micro Cloud team up on cloud initiative
Pluralsight has teamed with Ingram Micro Cloud to build upon cloud competence and maturity internally, and externally support partners’ capabilities.
Story image
Cradlepoint expands its Cellular Intelligence capabilities
Cradlepoint has announced additional Cellular Intelligence capabilities with its NetCloud service.
Story image
Remote Working
How zero trust and SD-WANs can support productive remote working
The way people connect with applications and data has changed, users are remotely accessing resources that could be stored anywhere from a corporate data center to the cloud.
Story image
Apple previews new features for users with disabilities
Apple says new software features that offer users with disabilities new tools for navigation, health and communication, are set to come out later this year.
Story image
HINDSITE wins Aerospace Xelerated Pitch Challenge with solution to support Boeing
Brisbane-based startup HINDSITE was the winner of the first ever Pitch Challenge organised by Aerospace Xelerated in partnership with Queensland XR Hub. 
Story image
New Relic enters multi-year partnership with Microsoft Azure
New Relic has announced a strategic partnership with Microsoft to help enterprises accelerate cloud migration and multi-cloud initiatives. 
Story image
ChildFund launches new campaign to protect children online
ChildFund says WEB Safe & Wise aims to protect children from sexual exploitation and abuse online while also empowering them to become digitally savvy. 
Story image
Digital Transformation
How to modernise legacy apps without compromising security
At a time when digital transformation has become central to business, even the most important applications come with a ‘use-by’ date.
Story image
Application Performance Monitoring / APM
Why SolarWinds Partners will have big wins in 2022
We summarise the key recent changes that the monitoring software vendor has made to accelerate its channel business.
Story image
Decision Inc. Australia enters partnership with Alteryx
Independent data and analytics consultancy Decision Inc. Australia has partnered with automated analytics company Alteryx, expanding its offering to clients.
Story image
Amazon Web Services / AWS
RedShield leverages AWS to scale cybersecurity services
"Working with AWS gives RedShield the ability to mitigate significant application layer DDoS attacks, helping leaders adopt best practices and security architectures."
Story image
Hands-on review: Technics EAH-A800 Noise Cancelling Wireless Headphones
Designed in Osaka, Japan, these headphones just exude quality. They aren’t heavy, but they feel well built and solid.
Story image
Infoblox's State of Security Report spotlights Australian remote work hazards
Attackers exploit weak WiFi, remote endpoints, and the cloud, costing 50% of organisations over $1.3 million in breach damages.