Hacking Simulation: Learn How The Bad Guys Get In

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

You’ve heard the scary cybersecurity statistics – so I won’t bore you with them. Plus, you’re not interested in FUD (fear, uncertainty, and doubt) tactics. However, you are interested to understand HOW a cyber attack may occur.

Recently, NetGain’s security analyst Stephen Garrison provided a hacking simulation webinar. Garrison is a certified ethical hacker and is globally ranked for his understanding of hacking behind-the-scenes. Learn about the demonstration, how a cyber attack may occur, and how you could stop a hack like this in its tracks with the proper security measures.

hacking simulation
Here’s how the “hacker” got in during the hacking simulation.

The Scenario

1. Employee John Doe (jdoe@blackfield.HTB) accidentally clicked on a phishing link in a malicious email.

2. Because the attacker (in this case, Garrison) knew John would be on PTO this week (thanks to his out of office message), the attacker has decided to use John’s access to the domain controller (active directory) during this opportune time while John is away.

3. The attacker is connected to the internal “BLACKFIELD.local” domain through John’s computer as a proxy.

Want to see the hack live? Watch the webinar here.

From the simple access to John’s account, Garrison (aka “the attacker”) demonstrated how he could access the company active directory, and therefore an administrator account. From there, he used a password list many hackers have to log in as the administrator, which then gave him access to the entire network. Through just a simple click on a phishing link, this hacking demonstration showed how easily a hacker could get into your IT network, and then take advantage through avenues like ransomware to prevent you from having access to your data or leak private information.

hacking demonstration

Top 3 Ways to Prevent What Happened in this Hacking Simulation

1. Employee social awareness training

If John was continually educated and tested, he would be more likely to identify the phishing link sent to him and would not have clicked on it. Garrison stressed the importance of not only training, but continual training so that cybersecurity awareness is top-of-mind for employees. Typical training platforms update with new tactics hackers are using so your employees can recognize even the latest types of phishing attempts.

2. Strict password requirements

Your organization should not allow re-use of passwords and should require complex passwords or passphrases (a string of words/a sentence as a password) to avoid using common passwords. Garrison explained that many hackers have lists of leaked passwords from previous attacks that they can then use to breach your environment, which is why having complex password requirements is important. It should be noted – frequent resets used to be recommended, but per NIST standards, this is no longer the case, as employees tend to follow predictable patterns that make it easier for hackers when changing their passwords frequently.

A subset of password requirements – Multi-factor Authentication (MFA)

MFA is another way to prevent phishing attacks or other types of hacks that is highly recommended. Using apps on your mobile phone like Google Authenticator or Microsoft Authenticator, once you input your password, you have a secondary authentication piece using the applications before you can access your account. Since it is specifically linked to your mobile device, even if a hacker got access to your password, if you use MFA, they would likely not be able to bypass the second authentication, preventing the breach in the first place.

3. SOC-as-a-Service

Having a security operations center (SOC) team means you have security experts constantly observing your environment, across the entire network. Your SOC team would have noticed the unusual activity of the hacker getting into the active directory and, depending on how your SOC is set up, shut the attacker down, or inform your internal or external security team to remediate the threat immediately.

 

While hackers are trying every day to find new ways to compromise your business, and can easily get in with just a few simple steps, there are also many security measures available to help prevent these attacks. Talk to your cybersecurity team about the above measures if you have not implemented them (keep in mind this is not a comprehensive list) – they could be the difference between your business staying safe or losing valuable information, time and money.

 

Want to see the full demonstration? Watch the Webinar >>

Related Posts

Search