Understanding How Hackers Recon

Cyber-attacks keep increasing and evolving but, regardless of the degree of complexity used by hackers to gain access, get a foothold, cloak their malware, execute their payload or exfiltrate data, their attack will begin with reconnaissance. They will do their utmost to uncover exposed assets and probe their target’s attack surface for gaps that can be used as entry points.

So, the first line of defense is to limit the potentially useful information available to a potential attacker as much as possible. As always, the tug of war between operational necessity and security concerns needs to be taken into account, which requires a better understanding of the type of information typically leveraged.

What information are hackers looking for during recon?

When running recon on an organization, hackers – whether white or black hats – are “casing a joint.” To plan their attack, they will try and uncover as much information as possible about:

Your infrastructure

  • The types of technologies you use – As there is no flawless technology, learning about those used to build and manage your infrastructure is hackers’ first step. They aim to find vulnerabilities to penetrate your infrastructure and shield themselves from detection. Hackers can gain information about your technologies and how they are used through listening to conversations in tech forums. DevOps participating in such discussions should refrain from divulging their real identity or information that might identify the organization.
  • Your internet-facing servers – servers hold your organization’s vital information. Hackers will attempt to find vulnerabilities ranging from unused or unpatched services to open ports.
  • Any system used as a server on a public network is a target, so system administrators must be extra vigilant in:
    • Keeping all services current
    • Opting for secure protocols whenever possible
    • Limiting the type of network per machine to a strict minimum, preferably one per machine
    • Monitoring all servers for suspicious activity
  • Your Operating System (OS) – Each OS has its own vulnerabilities. Windows, Linux, Apple, and other OS regularly publish newly uncovered vulnerabilities and patches. This publicly available information is exploited by cyber-attackers once they know what OS you use.
  • For example, a forum conversation where Joe Blog, your accountant, explains how to use a function on a Windows 8 Excel Spreadsheet tells the hacker that Joe Blog uses Windows and has not updated his OS for ages.
  • This tidbit encourages the cyber-attacker to dig further as, if an employee with access to your organization’s financial information is allowed to work on an endpoint that is rarely, if ever, updated, employees’ endpoint security is lax.
  • Your security maturity – Hackers are humans and, as such, tend to be lazy. A hacker on a recon mission who finds out that you are using an XSPM (Extended Security Posture Management) platform knows that, even if there is an exploitable entry point, escalation will be hampered at every step, and achieving the malicious action will require a superior level of planning. This discourages Read more:https://bit.ly/3sMSD3z

Leave a Reply

Your email address will not be published. Required fields are marked *