You’ve heard the scary cybersecurity statistics – so I won’t bore you with them. Plus, you’re not interested in FUD (fear, uncertainty, and doubt) tactics. However, you are interested to understand HOW a cyber-attack may occur.
Recently, NetGain’s security analyst Stephen Garrison provided a hacking simulation webinar. Garrison is a certified ethical hacker and is globally ranked for his understanding of hacking behind the scenes. Learn about the demonstration, how a cyber-attack may occur, and how you could stop a hack like this in its tracks with the proper security measures.
1. Employee John Doe (jdoe@blackfield.HTB) accidentally clicked on a phishing link in a malicious email.
2. Because the attacker (in this case, Garrison) knew John would be on PTO this week (thanks to his out of office message), the attacker has decided to use John’s access to the domain controller (active directory) during this opportune time while John is away.
3. The attacker is connected to the internal “BLACKFIELD.local” domain through John’s computer as a proxy.
From the simple access to John’s account, Garrison (aka “the attacker”) demonstrated how he could access the company’s active directory, and therefore an administrator account. From there, he used a password list many hackers have to log in as the administrator, which then gave him access to the entire network. Through just a simple click on a phishing link, this hacking demonstration showed how easily a hacker could get into your IT network, and then take advantage through avenues like ransomware to prevent you from having access to your data or leak private information.
Top 3 Ways to Prevent What Happened in this Hacking Simulation
If John was continually educated and tested, he would be more likely to identify the phishing link sent to him and would not have clicked on it. Garrison stressed the importance of not only training but continual training so that cybersecurity awareness is top-of-mind for employees. Typical training platforms update with new tactics hackers are using so your employees can recognize even the latest types of phishing attempts.
2. Strict password requirements
Your organization should not allow the re-use of passwords and should require complex passwords or passphrases (a string of words/a sentence as a password) to avoid using common passwords. Garrison explained that many hackers have lists of leaked passwords from previous attacks that they can then use to breach your environment, which is why having complex password requirements is important. It should be noted – frequent resets used to be recommended, but per NIST standards, this is no longer the case, as employees tend to follow predictable patterns that make it easier for hackers when changing their passwords frequently.
A subset of password requirements – Multi-factor Authentication (MFA)
MFA is another way to prevent phishing attacks or other types of hacks that is highly recommended. Using apps on your mobile phone like Google Authenticator or Microsoft Authenticator, once you input your password, you have a secondary authentication piece using the applications before you can access your account. Since it is specifically linked to your mobile device, even if a hacker got access to your password, if you use MFA, they would likely not be able to bypass the second authentication, preventing the breach in the first place.
Having a security operations center (SOC) team means you have security experts constantly observing your environment, across the entire network. Your SOC team would have noticed the unusual activity of the hacker getting into the active directory and, depending on how your SOC is set up, shut the attacker down, or inform your internal or external security team to remediate the threat immediately.
While hackers are trying every day to find new ways to compromise your business, and can easily get in with just a few simple steps, there are also many security measures available to help prevent these attacks. Talk to your cybersecurity team about the above measures if you have not implemented them (keep in mind this is not a comprehensive list) – they could be the difference between your business staying safe or losing valuable information, time and money.