Attack methodologies in practice

by Milica D. Djekic

Many would believe that the attack methodologies got so complicated in practice. The case is that the skillful hacker would certainly know how to take advantage of offensive tools and do some planning in terms of making a breach. The point is any cyber incident would seek a lot of planning and in reality, the hackers would get driven with the quite well-developed tactical and strategic skills. The attack methodology is about the good tactic as well as strategy and those cyber criminals doing such a job and staying unwatchable to many law enforcement agencies would be the seriously smart guys.

Even the hacking beginners can get how to use some e-mail checkers in order to verify someone’s e-mail address. These sorts of online applications are usually available free of charge. Also, there are a lot of hacker’s forums on the web that would serve for information sharing among the cyber crime underground. In practice, so many cyber crime groups would rely on the Dark net capacities believing that’s the way to remain undiscovered. Indeed, that sort of technologies would offer them a certain level of anonymity, but even then they would not get capable to trick the law enforcement agencies for a long period of time.

The fact is the hackers would so frequently change their locations and they would commonly use the rented accommodation in order to obtain some degree of mobility and physical flexibility. Also, they would undoubtedly deal with the well-planned phishing tactics and they would accurately know how to target someone’s IT infrastructure. In order to conduct some phishing attack, you need to cope with a lot of skills and those folks would definitely get an idea of how to do so. In addition, there are freely available tools on the web that could offer us a chance to discover someone’s password, for instance, in case of his e-mail address and in such a sense the advice to change our e-mail password periodically would not work at all.

Also, so many professional tools would leak out on the black market due to the insider’s threats and that challenge still needs a lot of effort to get tackled.

Through our experience, we would come to some claims from the other experts that it’s not possible to break into an organization IT system if you do not count on someone being inside of that community. In other words, many would believe that the insider’s threats would get responsible for cyber-attacks coming from the outside. This is only partially accurate because there would be so many e-mail checking tools which would offer us an opportunity to obtain a someone e-mail address. Once getting in possession of someone’s e-mail address would mean that you would get able to organize so skillfully prepared phishing attack that would get so helpful in sense of making a breach to such an asset. Our recommendation here would be to try to search the internet using some of the well-known search engines such as Google dealing with the keywords such as “e-mail checker” and you would get a plenty of online resources with that purpose, so if you are good in guessing – you could get the e-mail address you look for. Apparently, there would be some web tools being fully free of charge that would cope with capacities to get someone’s e-mail password. That means you could make a breach into someone’s e-mail account or apply the capabilities of e-mail tracking technologies, so in such a case it’s quite useful to know that you should always use some kind of verification protection and also apply some sort of encryption to your e-mail account. This would not mean that you would be 100% safe doing so, but you would manage your risk at a reasonable level.

One more thing we should know about the attack methodologies is that so many cyber crime groups would use the social engineering techniques in order to obtain as much as possible information about their targets. It could sound as frustrating, but today – at the beginning of the 4th technological revolution, we are per-occupied with the safety and mainly security more than ever in our history. The technology got so cheap and, for example, by 2020 approximately 50 billion devices would be connected to the IoT network. Many people from the developing or poor parts of the planet would see the hacking as the quite convenient way of making incomes especially for a reason the technology is getting more and more suitable in a financial fashion and the security community is getting crazy for more and more workforce as well as knowledge, skills, and expertise in the field. As we have already mentioned, the insider threats could get the cyber security challenge number 1. The reason for that is so many careless as well as malicious staffs within some organization could release the confidential information and put their employers at the risk. The good method to trick even the most loyal employees is to deal with social engineering. For such a purpose, you can use so many communication lines and even attend some offices in the person getting the visitor’s access. As it’s quite obvious – the greatest risk in this topic is the access itself. If you give access to good guys – you can expect something quite well to happen. On the other hand, if you do the same thing with the bad guys, the impacts could get quite concerning. We are aware that some security agencies would work hard on the concepts of the good access management and we should figure out that there are no attack methodologies if the access to such an infrastructure is banned.

In the end, we should notice that the cyber-attacks are so common and data breaches are something that must get accepted as our reality. As we know, there is no silver bullet to any problem, so if we want to tackle some concern – we should see that as a quite long-term task. Through this effort, we would only make some sort of the quite helpful brainstorming discussions and we hope that our insights would get at least a good piece of information to everyone dealing with this area of interest.

About the Author

Attack methodologies in practiceMilica D. Djekic is an Independent Researcher from  Subotica, Republic of Serbia. She received her engineering background from the Faculty of Mechanical Engineering, University of Belgrade. She writes for some domestic and overseas presses and she is also the author of the book “The Internet of Things: Concept, Applications, and Security” is published in 2017 with the Lambert Academic Publishing. Milica is also a speaker with the Bri ghtTALK expert’s channel and Cyber Security Summit Europe being held in 2016 as well as Cyber Central Summit 2019 being one of the most exclusive cyber defense events in Europe. She is the member of an ASIS International since 2017 and contributor to the Australian Cyber Security Magazine since 2018. Her fields of interests are cyber defense, technology, and business.

March 14, 2019

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...