Due to the recent cyber attacks, individuals and corporate structures face various security threats. People and institutions affected by the attacks suffered great losses. So, what are the main cyber attack methods that stand out in the field? Brandefense Co-Founder Hakan Eryavuz shared his views on the subject.
While the activities carried out in the cyber field are increasing day by day, many individuals and institutions suffer from cyber attacks. Victims affected by the attacks of threat actors may experience losses such as loss of reputation, not only financially but also morally. All these developments significantly threaten user security in cyberspace. Threat actors prefer various methods in the attacks that have increased recently. Brandefense Co-Founder Hakan Eryavuz evaluated the methods used in cyber attacks.
Phishing
Phishing stands out as a deception method using social engineering applications. In such methods, threat actors usually aim to imitate any brand’s website and capture sensitive information such as usernames, passwords, and credit cards. Users who do not pay attention to the imitation of the page and address of the original website receive an error that they cannot log in when they enter their user information into the system, and the information is already in the hands of threat actors. While such user accounts are usually put up for sale on the dark web, they find buyers very quickly. Nowadays, we often see stories on Instagram accounts of people making a lot of money themselves. This situation actually stands out as a good scenario in the stolen information does not stay there. By clicking on links in such stories of accounts they trust, people unwittingly download malicious software to their computers or phones. If we give an example of such data that we have observed as Brandefense, there is content that imitates popular applications such as paid music applications, video recording, and editing applications, web streaming applications, and text and visual effects.
When registering to platforms such as e-commerce, entertainment, music, and games with company accounts or logging into such accounts with company e-mails, the information obtained can also harm the company itself. A good example of this is phishing attacks with e-mail content. Accounts compromised by the methods mentioned above can be used by threat actors to make themselves look like company employees. Content with e-mail file attachments through malicious software, which differs according to their purposes, is encouraged for other company employees to download. Thus, it is possible to capture sensitive data in the organization or to manipulate the operating systems through these malicious files infiltrating the organization. Malware differs according to its purpose; It can turn computers into bot machines. Various scenarios are encountered due to software operating to access critical systems and infect different devices within the network. As a different example of e-mail phishing, threat actors can present themselves in critical positions such as management, finance, or accounting and persuade the target person to transfer money to them. In order to prevent such situations, Brandefense constantly scans channels such as the dark web, deep web, and surface web and warns brands about account information. Thus, brands and institutions can warn the relevant people early and save them from the harmful effects of phishing activities.
Exploiting security vulnerabilities
Apart from phishing, threat actors also frequently exploit security vulnerabilities to gain access to systems. To use the internet in our daily life, we have to work with software such as browsers, operating systems, and text editors. From time to time, security vulnerabilities occur in the software we use. Threat actors focus on finding ways to infiltrate systems through these vulnerabilities. Thus, services such as SSH and RDP, which we can give as the most popular examples, are used by threat actors in their own interests. SSH, short for Secure Shell protocol, is known as a network protocol that provides a secure connection with a remote computer, while RDP stands for remote desktop connection. If the vulnerabilities in these technologies used for access and management are not noticed in a timely manner, companies or individuals may not have enough time to intervene. In order to prevent potential threats in this regard, it is of great importance that the software with the most up-to-date versions is preferred and that the software and security services are licensed. Therefore, while software vulnerabilities are one of the most important issues for Brandefense, these situations are reported to the users in a timely manner by professional teams. Scans for exposed vulnerabilities are performed daily to ensure that necessary updates are made. Thus, institutions and brands can be aware of these vulnerabilities and take the necessary measures before it is too late.
Information already disclosed
It is known that users’ information that was leaked in the past is sold on the dark web or stored for free. Threat actors exploit these accounts to gain unauthorized access to the mentioned systems and distribute malware by purchasing information on the dark web with the motivation to make money. Valuable data such as identity and credit card information can be compromised not only by gaining unauthorized access to user accounts but also by gaining access to your company’s database. If these data are to such an extent that the operations of the companies are stopped, the companies suffer material and moral losses. Today, actors gaining unauthorized access to critical systems encrypt files, rendering them unusable, and demand large ransoms to decrypt them. If the data in question is shared in the public domain without paying the ransom, it is likely that rival institutions will know about the data that is sensitive to the company. For this reason, it is of great importance to ensure the security of corporate mail accounts at regular intervals in order not to be damaged due to data leaked in the past.
In addition, some data that cannot be accessed directly through accounts can be obtained from publicly available sources such as social media channels. Actors who capture your digital fingerprint in public environments with OSINT (open source intelligence) techniques can use the data collected in this way for malicious purposes.
Brute force
Brute force stands out as a trial-and-error method used to obtain login information, passwords, or credit card information of applications in order to gain unauthorized access. Threat actors using this method try to log into target accounts by trying random characters. At this point, there are very simple measures that companies and individuals can take. In the first place, users need to be sensitive so that they do not use similar passwords for different accounts. In addition to using different and complex password values for each account, multi-factor authentication features also increase security.
Insider Threats
In some cases, employees can grant threat actors access. Personnel who steal important information about the company can give the information at hand to the said actors. There may be some who wonder why such events happened. People who want to indirectly benefit from the attack or who try to take revenge on the company can resort to this method. Companies need to review the authorization rules within the company to avoid such incidents.