Welcome to YLOAN.COM
HOME MARKETS TRADE SOLUTIONS TECH CONTACT
yloan.com » Web misc » Black Hats, White Collars: Revealing The Secrets Of Cybercriminals
Online Business Site Promotion Web misc Affiliate-Revenue Auctions Audio-Streaming Autoresponders Blogging-Rss Email-Marketing Ezine-Publishing Forums Internet-Marketing List-Building PPC-Advertising Podcasting SEO Spam-Blocker Traffic-Building Video-Streaming Web-Design Web-Development Web-Hosting Domain Name soreness web analysis vinyl mlm searching media info spyware access microsoft outlook farmville

Black Hats, White Collars: Revealing The Secrets Of Cybercriminals

Cybercriminals truly adopt the attitude of work smarter

, not harder. They tend to look for the simplest, most direct route to steal information and generally use easily repeatable processes for breaking into networks.

A Hackers Toolbox

As a precursor to a dedicated attack, the first goal is to establish a single target - or group of related targets - and gain as much information as possible about their intended victims.

Financial institutions are ripe with customer data and personal information, so naturally they are usually the primary targets for cyber criminals. Sensitive information about an organization can be compiled using a combination of software and physical data mining of easily accessible information and records. Hackers use a "sniffer" program that looks for security information such as user IDs and passwords in data as it flows over a network. They also search through available resources, like the organizations own website or social networking sites, for any useful information, like staff email and phone lists, service vendor information or even work schedules of mission-critical employees. This invaluable information may be leveraged by an attacker to identify possible security holes help them devise specific methods to stage custom attacks against personnel and information systems.


Once a criminal has gathered enough information about the target, they typically deploy a vulnerability scanner against the organizations network to find the most likely place to launch the attack. During this process, the criminal is attempting to identify any known weaknesses, such as programming errors, unpatched software or other security holes. Hackers often use another handy tool, port scanners, to help identify what services are available on the targeted network, and potentially what vulnerabilities can be exploited. These initial attacks not only give hackers a list of potential entry points for the main attack, but also may be used to create staging points for further attacks into the network.

Depending on how relentless the attack is - and how potentially valuable the target's information is - the cybercriminals may even resort to forms of social engineering to penetrate deeply into the networks infrastructure. If the attacker was able to initially gather certain types of information, like staff email and phone lists, service vendor information or even work schedules, the social engineering techniques may offer a much easier path to breaching security than blunt-force hacking. In this scenario, criminals may embed malicious code, like a Trojan or a botnet, within a series of phishing emails targeted to the staff. If opened on an employee's workstation, the harmful code could create a back door for the hacker to penetrate the network at will or even allow the attacker to seize control of the infected system remotely and automatically run malicious actions across the entire network.

After The Initial Hack

After successfully compromising a system, an attacker's next step is to hide their tracks and avoid detection while exploiting the network. They typically do this by patching the vulnerability that allowed them access and modifying log files to eliminate raising any flags. Then they set out to establish a covert channel of communication by installing a root kit or piece of malicious code which then allows the attacker to remotely control the system in order to attack other devices on the network.

Once they are cloaked and communicating, criminals will head straight for the most valuable information: the customer data. Chances are, they have already found a list of usernames assigned to employees, and now they are betting that at least one of the users has a simple password. Using an automated password guessing tool that references a huge database of common passwords, the hacker often gets critical log-in credentials very quickly and is well on his or her way to infiltrating deep into the network.

Of course, targeted networks with really valuable information usually have much advanced security countermeasures, like pass-phases or forced strong passwords, which makes a hacker's password guessing tool is much less effective. But experienced crooks have lots of devious gadgets in their hacker's toolbox, like a sophisticated keystroke-logging program or "screen scrapers" that can be installed quickly on an individual workstation. These tiny programs can record each stroke of the keyboard or collect visual data from a computer screen, giving the hacker a wealth of information about credentials and important network paths where sensitive information is stored.

Sophisticated criminals do not have to rely on brute-force hacking or botnets to exploit security holes. There are other methods that are equally effective, like stealing a laptop from a high-ranking employee or even tapping into the network through a wireless network with inadequate protection.

And, Voila! Before the target even knows it is being hacked, the criminal is embedded in the system, gathered a wealth of sensitive information, and just about ready to fence the stolen data to a third party.


To make matters worse, criminals understand that advanced forensics technology can lead to their actions being discovered so they are motivated to take drastic measures to cover their tracks. In an attempt to conceal their activity, some hackers will crash the entire hard drive, making it look like a common hardware failure, so that the organization will simply discard the corrupted drive. If successful, any evidence the hacker may have left behind is discarded well before the breach is ultimately discovered.

Using the Knowledge

The global security landscape is a constantly changing environment. The brutal truth is that imaginative criminals are working just as hard to exploit vulnerabilities and develop new hacking techniques as security and IT professionals are working to protect their networks. But understanding that hackers, just like common bank robbers, generally target financial institutions that have less protection than the one down the street, it clearly justifies taking the appropriate steps to secure your organizations perimeter and protect your customer's invaluable information.

by: TraceSecurity
Cyber-Bullying Causes More Depression Cyber-Bullying Harder On Victims than Physical Violence For what tuitionlk cyber space is? Cyberlink Powerdirector Ótima Oportunidade de Negócio - CYBERXSAT Cyberlink Powerdirector Torrent Stop A Cyber Stalker In Their Tracks With A Reverse Email Search Cyberlink Power2go A Peek At The Technical Aspects Of Cybertech Poker Software: Compatible, International, Protected An Force Uninstall Cyberdefender – Top Solution to Uninstall Cyberdefender Easily and Completely Finding Misspelled Scriptures In Cyberspace How To Understand The Anti-Cybersquatting Consumer Protection Act Cyber Warfare On The Net Ii
print

Contact

mail:info@yloan.com

www.yloan.com

About us Infoline Team Join us Cooperation

Products

Yloan information

Our Solutions

Presentation Testimonials Examples Our experts Resources

Press Room

Advertisement Interviews Hot news Photos Marketing

Resources

loan info finance info
www.yloan.com guest:  register | login | search IP(216.73.216.197) California / Anaheim Processed in 0.018875 second(s), 7 queries , Gzip enabled , discuz 5.5 through PHP 8.3.9 , debug code: 30 , 6458, 79,
Black Hats, White Collars: Revealing The Secrets Of Cybercriminals Anaheim