Welcome to the security blog sponsored by Cisco. Security is now a boardroom conversation. The attack landscape is becoming more complex. And we’re beginning to realize the value of the Internet of Everything. Gain market insights and actionable steps for threat-centric security, reduce complexity and operationalizing security.
The Industrialization of Hacking: Part 3 – The Attack Chain
Hackers offer guarantees that their malware works.
BrandPosts are written and edited by members of our sponsor community. BrandPosts create an opportunity for an individual sponsor to provide insight and commentary from their point-of-view directly to our audience. The editorial team does not participate in the writing or editing of BrandPosts.
By Martin Roesch
This is the third installment of our four part series on The Industrialization of Hacking. Previously, I discussed the risks and opportunities the Internet of Everything introduces for business and hackers alike. I also discussed how attackers and defenders are in a cybersecurity arms race.
With the Industrialization of Hacking, attackers’ techniques are highly sophisticated and often go to extraordinary lengths to mount an attack, following a series of steps known as the “attack chain,” a version of the “cyber kill chain.” It’s not uncommon for hacker groups to follow software development processes, like QA (quality assurance) testing or bench testing their products against security technologies before releasing them into the wild, to ensure they’ll evade the defenders.
Long before they actually execute an attack, hackers enter into the target organization’s IT infrastructure, conducting recon using surveillance malware. Only when they know what they’re up against do they write target-specific malware targeting specific departments, applications, users, partners, and security processes. To ensure the malware works, malware writers recreate an environment to test it against security tools. Some even offer guarantees that their malware will go undetected for weeks or months.
Only then do the hackers execute their attack. In a growing number of cases, they even set up custom command-and-control servers inside the network in order to control the malware without being monitored. Sometimes, the goal is to gather data; in other cases, it is simply to destroy it. Once the mission is complete, the attackers remove evidence but maintain a beachhead for future attacks.
In the last installment I will discuss A Threat-Centric and Operational Security Model. View past installments of The Industrialization of Hacking series: