<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us

From practice to preventing: How criminals adapt their attack methods

by Sebastiaan Bosman Blog 23 Jun 2020

Similar to traditional ‘brick-and-mortar criminals’, not all cyber-criminals employ the same method to reach their goal. A burglar wouldn’t enter a house with an alarm or when there are people inside, but go for an easier opportunity. The same goes for internet-thieves. Their risk/reward balance depends on the required investment beforehand to successfully carry out their attack. What are the aspects they take into consideration?

This blog is based on excerpts from one of our recent webinars with Brian Kime (Senior Analyst at Forrester) and Eward Driehuis (SVP Strategy at Cybersprint). For all insights of the conversation, you can watch the entire webinar here.

Time and effort

Let’s get an obvious one out of the way first. Preparing any task, both criminal and legit, takes time. If a cyber-criminal attempts to imitate an executive or a supplier in a phishing attack, they would have a higher success rate if the messages are as realistic as possible. Next, they’d have to create a customised message using the proper tone of voice, fonts, logos and colours of the organisation, and find a way to make the email pass the spam filters.Gathering the necessary OSINT (Open Source INTelligence) data on the target demands research time into many different sources. 

Even though this process of phishing (or spear phishing in this case) can be an exhaustive one, Eward pointed out the tactic is still lucrative enough to be the number one digital threat, according to the FBI. Luckily, knowing (and limiting) your accessible information online and having proper email security systems in place will go a long way to protect your organisation from such threats.

Picking procedures

Threat actors attempting to install malware in your digital infrastructure is a whole different matter. Instead of relying on an employee to accidentally click on a link, threat actors would have to write and develop the malware – a very timely process taking months or even years to create. Of course, premade malware is also for sale, but advanced malware would set you back a few tons.

That’s not always the favourable approach, as Brian and Eward illustrate with the example of the Russian attack on the OPCW in 2018. Though state-sponsored, the attack appears to be have been deemed most effective by buying four plane tickets and Wi-Fi hacking equipment, renting a car, and trying to gain access to the organisation’s systems from the building’s car park. It may seem silly to be caught like that, but instead of spending five or six-figure sums on malware, this ‘only’ cost a few thousand.

Know your entry points

After discussing how threat actors employ a wide variety of methods, Brian and Eward shared their views on suitable solutions. Ideally, you can use a combination of two tactics: looking at the outside world to predict the next attack, and taking preventive action by mapping your digital footprint. This will help you understand and repair your exploitable vulnerabilities before it's too late. Digital Risk Protection is an approach used to first get a detailed picture of your own organisation’s online assets, and using it to strengthen your cyber-resilience.

Gaining actionable insights and mitigating the weaknesses in your systems makes you a much harder target to attack. It’s just like leaving your house lights on, installing an alarm, putting up cameras and having three Dobermanns patrolling in the yard.

In cybersecurity, Brian stresses the benefits of improving your security to force threat actors out of their anonymous environment and into the physical world. It’s easier to spot unauthorised personnel in your car park than in your digital systems. If you make their risk/reward scale tip in your favour, you’ll be sure to have a better night’s sleep.

Curious for more hands-on cybersecurity approaches,
based on actual use cases?

Watch the webinar >


 Sebastiaan Bosman is Content Marketeer at Cybersprint. With a   background in Communications and Linguistics, he is responsible for   the creation and editing processes of most internal and external   communication. He writes content such as blogs, whitepapers and   case studies, primarily based on Cybersprint’s own research data.   Previously, Sebastiaan worked as Content & Communications   Advisor at ING Global.

RaaS: How Ransomware as a 'Service' Increases Your Attack Risk

We know of Software as a Service, where organisations outsource parts of their digital infrastructure to third parties for the sake of improved user experience or increased security, for instance. As a successful business model, it is actually not that shocking something similar is happening in the world of cyber-crime. The people who know how to build ransomware sell their software on the dark web and offer it as Ransomware as a Service (RaaS), turning even rookie cyber-criminals into money-making hackers. How does it work, exactly? And what can you do to protect your systems?

read more

The 3 pillars of successful IT governance

IT governance framework helps to ease everyday processes, increases productivity levels, and scripts what to do in case of an incident. However, creating and implementing an organisation-wide IT governance framework is no easy feat, yet so crucial.

read more

Cybersprint 5-year anniversary

2020 marks our five-year anniversary! To celebrate, we have published five video interviews about our journey so far. 

read more

Do you have a question?

Our experts have the answers

Contact us