<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us

From practice to preventing: How criminals adapt their attack methods

by Sebastiaan Bosman Blog 23 Jun 2020

Similar to traditional ‘brick-and-mortar criminals’, not all cyber-criminals employ the same method to reach their goal. A burglar wouldn’t enter a house with an alarm or when there are people inside, but go for an easier opportunity. The same goes for internet-thieves. Their risk/reward balance depends on the required investment beforehand to successfully carry out their attack. What are the aspects they take into consideration?

This blog is based on excerpts from one of our recent webinars with Brian Kime (Senior Analyst at Forrester) and Eward Driehuis (SVP Strategy at Cybersprint). For all insights of the conversation, you can watch the entire webinar here.

Time and effort

Let’s get an obvious one out of the way first. Preparing any task, both criminal and legit, takes time. If a cyber-criminal attempts to imitate an executive or a supplier in a phishing attack, they would have a higher success rate if the messages are as realistic as possible. Next, they’d have to create a customised message using the proper tone of voice, fonts, logos and colours of the organisation, and find a way to make the email pass the spam filters.Gathering the necessary OSINT (Open Source INTelligence) data on the target demands research time into many different sources. 

Even though this process of phishing (or spear phishing in this case) can be an exhaustive one, Eward pointed out the tactic is still lucrative enough to be the number one digital threat, according to the FBI. Luckily, knowing (and limiting) your accessible information online and having proper email security systems in place will go a long way to protect your organisation from such threats.

Picking procedures

Threat actors attempting to install malware in your digital infrastructure is a whole different matter. Instead of relying on an employee to accidentally click on a link, threat actors would have to write and develop the malware – a very timely process taking months or even years to create. Of course, premade malware is also for sale, but advanced malware would set you back a few tons.

That’s not always the favourable approach, as Brian and Eward illustrate with the example of the Russian attack on the OPCW in 2018. Though state-sponsored, the attack appears to be have been deemed most effective by buying four plane tickets and Wi-Fi hacking equipment, renting a car, and trying to gain access to the organisation’s systems from the building’s car park. It may seem silly to be caught like that, but instead of spending five or six-figure sums on malware, this ‘only’ cost a few thousand.

Know your entry points

After discussing how threat actors employ a wide variety of methods, Brian and Eward shared their views on suitable solutions. Ideally, you can use a combination of two tactics: looking at the outside world to predict the next attack, and taking preventive action by mapping your digital footprint. This will help you understand and repair your exploitable vulnerabilities before it's too late. Digital Risk Protection is an approach used to first get a detailed picture of your own organisation’s online assets, and using it to strengthen your cyber-resilience.

Gaining actionable insights and mitigating the weaknesses in your systems makes you a much harder target to attack. It’s just like leaving your house lights on, installing an alarm, putting up cameras and having three Dobermanns patrolling in the yard.

In cybersecurity, Brian stresses the benefits of improving your security to force threat actors out of their anonymous environment and into the physical world. It’s easier to spot unauthorised personnel in your car park than in your digital systems. If you make their risk/reward scale tip in your favour, you’ll be sure to have a better night’s sleep.

Curious for more hands-on cybersecurity approaches,
based on actual use cases?

Watch the webinar >


 Sebastiaan Bosman is Content Marketeer at Cybersprint. With a   background in Communications and Linguistics, he is responsible for   the creation and editing processes of most internal and external   communication. He writes content such as blogs, whitepapers and   case studies, primarily based on Cybersprint’s own research data.   Previously, Sebastiaan worked as Content & Communications   Advisor at ING Global.

Forwarding your call: How do DNS and CNAME records work?

The web is in a continuous state of dynamic development, with websites being created, updated, and deleted every day. These websites are the digital equivalent of a rented property. Similar to physical properties, visitors will need a precise address to visit you.

read more

Digital Footprint explained: What is it & where does it come from?

It's the term we use the most: Digital Footprint. It is the foundation of your organisation’s digital infrastructure. It’s the starting point of your IT security policies, configuration database management, vulnerability mitigation, and much more. In this blog, we’ll shortly describe what drives the need for a Digital Footprint solution, share our definition of the term, and explain how it minimises the risks to your brand.

read more

Swagger API: Discovery of API data and security flaws

APIs (Application Programming Interface) are used by applications to communicate and interact between systems, access data, and much more. It makes sure you get the correct response on a request. However, if someone were to intercept this request-response, they could potentially misuse the data or alter the process. Cyber-criminals scan the internet for unsecured APIs on a daily basis. If not properly secured, this can lead to unauthorised access to internal data or customer information. What’s more, in some cases it allows tampering with data directly from an exposed API. This technical article focuses on mapping and discovering Swagger APIs throughout the EU. We will present how we discovered those APIs and checked for misconfigured examples. We will illustrate each step using screenshots, present the results, and provide defensive recommendations. Research conducted by Soufian El Yadmani, Security Analyst at Cybersprint The interactive map below shows how many Swagger APIs we found, and in which region. You can click, drag and zoom to see how many Swagger APIs were found in your area.    

read more

Do you have a question?

Our experts have the answers

Contact us