How Hackers Hack and the Tools They Use

There’s no silver bullet for stopping hackers. Users are typically the weakest link, and social engineering is the most successful venue for fringe actors scamming victims. Stu Sjouwerman, founder and CEO of KnowBe4, explains how hackers think and plan the reconnaissance tools they use to gain access and their systemic exploration and execution.

One of the biggest questions security professionals get asked is, “I’m just a small company so why would hackers hack me?”

Most hackers are financially motivated, and the reason for cyber-attacks and data breaches is either because you were a random victim of opportunity or you were targeted. Either way, a human adversary was involved from the start. 

See More: What Is Packet Sniffing? Meaning, Methods, Examples, and Prevention Best Practices for 2022 

How Hackers Hack

Most hackers are opportunistic, sending out phishing emails to literally thousands of people waiting for a response or simply browsing in search of known vulnerabilities to exploit. If you happened to become a victim of an opportunity, this is because you happened to click the wrong link, visited the wrong website or forgot to patch a known vulnerability. 

The second class of attackers are human adversaries. These cybercriminals attack for financial gain, intellectual property, geopolitics, competitive advantage, or partnership with a larger entity. When it comes to targeted attacks, hackers typically follow five key steps:

1. Reconnaissance

Reconnaissance is where hackers collect intel about their target. What type of software and hardware does the target use, their email addresses, employee names, etc. Basically, anything that can give them a leg up. Adversaries use tools like the Harvester to discover devices on the network, software and information like employee names. The Nmap tool discovers open ports, operating systems and their version numbers since versions reveal whether a system is fully patched. A tool called Shodan tracks global servers and workstations that are publicly contactable online. 

2. Plan Attack

Once the attacker has a reasonable idea about the target’s infrastructure, the next step is learning how to attack, what to attack, and what tools to use to gain initial access. Attackers will conduct exploratory movements, looking for ways to gain further access. ResearchOpens a new window by the Recorded Future, Insikt Group, shows the primary method through which hackers propagate in target systems is through spam and phishing campaigns. There are also dozens of websites (like exploit-db.com) that offer known exploits attackers can use to break into computers.

3. Gain initial access

Initial access, in simple terms, is the attacker sticking their foot in the door. Attackers gain initial access using methods such as: 

• • Exploiting public-facing applications (50%Opens a new window of web applications are vulnerable and attackers use SQL injectionOpens a new window to insert malicious code to compromise them).
  • Hacking remote services (RDP tools are one of the most favored targets for breaching enterprises).
  • Phishing users (email phishing is the most popular; some advanced attacks include phone calls, which are three timesOpens a new window more effective).
  • Leveraging trusted relationships (supply chains are a window into a larger entity).
  • Compromising valid accounts (through the use of brute-force attacks as well as purchasing credentials from the dark web). 

Some hackers don’t bother wasting time hacking companies; instead, they buy off-the-shelf packages from other cybercriminals and initial access brokers.

4. Explore, expand and exploit

Once hackers enter, they move laterally, exploring the victim’s environment, looking for valuable intellectual property, inserting backdoors, and infecting systems as they move further. Sometimes adversaries will install infostealers and lay idle in the victim’s network, monitoring network activity, watching emails, gaining knowledge of the environment and charting the next course of action. The average dwell time of attackers is currently 15 days. 

5. Execute goals

Once attackers have identified the crown jewels or are confidently planted in the system, they will move towards the execution of their ulterior goal, which can include things like installing ransomware, stealing data, disrupting systems or deploying a wiper malware that deletes files. 

How Organizations Can Protect Themselves From Hackers

Regardless of how or why one gets hacked, implementing these defenses will reduce the risk of all types of hacking attempts:

1. Mitigate social engineering: Lay down clear policies and procedures so that employees understand their responsibility, accountability, and liability towards cybersecurity. Implement technical defenses that mitigate social engineering attacks.
2. Train on security awareness to identify and report suspicious activity: Employees must be taught to identify phishing scams with real-world examples to help develop a habit of healthy skepticism. Organizations must focus on bolstering a culture of cybersecurity via adopting safe online behaviors and best practices. 
3. Patch internet-facing hardware and software: Regular patching prevents hackers from exploiting known vulnerabilities.
4. Lockdown passwords: Hackers can phish users to bypass traditional multi-factor authentication (MFA). Using phishing-resistant MFA can serve as an additional defense layer in case passwords are stolen or leaked. Encourage the use of a password manager (not associated with a browser) to generate long, unguessable passwords for each website or service; change them regularly. 
5. Think like a hacker: Apply OSINT and monitor underground marketplaces for any data leaks or mentions of your organization.

To stop hackers from breaking into your house, study the most likely ways and methods they would use. Mitigate those initial access points or root causes. An effective defense is always proactive, not reactive.

How are you tackling new-age hackers with their smart technology? Tell us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window . We’d love to know!

MORE ON HACKING

• An Ethical Hacker’s Guide to External Attack Surface Management
• Ready, Set, Hack: 6 Skills To Become an Ethical Hacker in 2021
• How To Stop Network Switches From Becoming a Gateway for Hackers
• How to Stop the Advancement of Ransomware Attacks
• Ransomware as a Service: Unravelling this Ecosystem