Are hackers changing up their techniques as cybersecurity advances?
Hackers often don't need to hack, they go right through the front door by exploiting the basics of access. As cybersecurity evolves, so do hackers.
Here’s the reality. Malicious actors don’t need to “hack” you or find backdoors in software code to get to your sensitive data. They’re much more likely to just log in through the front door with your stolen or weak password. And given how many recent data breaches there have been (virtually every American has been affected), almost everyone is at risk of these attacks. Hackers can pretty much get anyone’s information on the dark web for pennies.
Generally, hackers look to exploit these basics of access. That includes weak passwords, lack of multi-factor authentication, brute force attacks, etc. After that, they look to other techniques.
Social engineering (often to enable phishing) is definitely on the rise. It’s easy these days to get deeply personal data from people’s online social media profile – who they’re connected to, their work history, or even their mothers’ maiden names. It’s possible to understand a person’s routine and build a detailed profile of their daily lives. That makes sending a very targeted phishing (spear phishing) email even easier and more realistic.
For businesses, “lateral movement” is an emerging threat to protect against. It involves hackers pinpointing vulnerable servers and endpoints, and then moving “laterally” into other endpoints and servers in an organization that may house data that is more sensitive. To prevent lateral movement, enabling an enterprise-wide identity and access management services is key, making sure that access is limited, and anomalies can be easily detected.
There’s no easy answer to preventing this. The best recommendations are often the most common sense. Be vigilant about checking incoming emails and messages, especially ones that may have unknown links in them or have an unusual attachment. Enable multi-factor authentication wherever you can.
This post originally appeared in a Quora Q&A session hosted in January 2020. Our CPO Archit Lohokare was asked to discuss the state of cybersecurity, Zero Trust, artificial technology and machine learning and working in the security field, among other things. Stay tuned as we share more of his answers in our blog!