May 2, 2023
Table of Contents After introducing 3 Broken Access Control Attacks in our first OWASP Top 10 post, we now move on to
The term hacking attack refers to the detection of vulnerabilities in a computer system or network in order to exploit the resulting security holes. These targeted attacks are carried out by a so-called "hacker.
In the general public, the hacker has established himself as a self-taught personality or even a rogue programmer who is able to modify application programs, for example. Thus, he obtains functions and behaviors that were not in the sense of the original programming on the part of the developers.
However, this motive is considered a very narrow view that does not begin to encompass the broad spectrum of reasons for which a person turns to hacking. A white-hat hacker pursues ethical intentions in this course and, with the owner's permission, tries to identify a system for security vulnerabilities in order to close them in the next step. If the hacker does not have the permissions and operates anyway, he thus violates the law and makes himself liable to prosecution.
In 1950, members at MIT first used the term "hacking" as an attack to create potential solution processes regarding a technical problem.
Basically, the "hacking" attack is about overcoming original restrictions and the need to find new applications and solution strategies through manipulation.
Phreaking (a subculture of hacking attack), for example, focuses on telephony security mechanisms and manipulating phone connections.
In addition to the technical nature, the hacking attack also takes into account the human factor(social engineering), for example, to trick a user into downloading a malicious attachment or disclosing personal data.
The attacker thus tries to induce a person to perform actions that have a negative effect on the company and a positive effect on the hacking attacker.
We have already covered the categorization of hackers as well as various methods
such as Man in the Middle, Brute Force or Denial of Service attacks.
In this section, we at ProSec want to educate you about the different stages of a hacking attack. It is important to mention that we are not on the level of the script kiddie here, but on the level of the technical attacker or even APT. Attacks in this area usually follow a scheme and require a certain amount of preparation time. This pattern is often referred to as an attack chain.
The phase before a hacking attack is referred to as "information gathering", i.e. the selection of potential victims. Either the target to be used in the attack is already known in advance, or research is conducted in this regard to identify a possible target.
First comes the reconnaissance phase, the exploration of the target determined before the hacking attack. This includes researching which applications and systems are in use, which employees are active, and which information is already visible to the "outside". The hacker thinks in principle about potential ways in which an intrusion into the network could be successful.
Depending on the size of the company and interest in damage, the duration here can vary.
Once all the information necessary for an attack has been gathered, the next step is the "weaponization" phase. This includes the development of suitable malware in order to be able to execute a remote code execution later or to find out how the hacker can spread later in the network during a hacking attack (lateral movement).
Again, the complexity varies depending on the attacker's know-how.
See also the wiki text Threat Modeling.
Delivery phase refers to the delivery to a device to be infected. Basically, an attempt is made to "deliver" the malware developed in advance to the target network. The only thing missing is that the "human factor" helps out and is exploited as a supplier. A classic example is the attachment of a phishing e-mail or the USB stick in the parking lot.
In the exploit phase of the hacking attack, the malware is now executed to exploit the information about vulnerabilities gathered in advance. These can be, for example, outdated machines that pose an increased security risk.
The installation phase, as the name suggests, installs the malware on the target computer, for example to create a "backdoor" and thus load further payloads or to deposit so-called "droppers". This refers to independently executable programs that are used to release malware. An example of such a program that everyone knows is Emotet.
Once the malware is installed and the exploit is successful, the hacker has remote access to the infected computer. This is called the command & control phase and gives the hacker permanent access.
The last phase is the Actions on Objective,
so to speak the target of the hacking attack. This can be:
Encrypting the data on the system for ransom (classic ransomware)
Data exfiltration (for tapping sensitive data such as customer data, etc.)
Destroying the data (simply to cause damage)
Manipulate information
Attack other companies that are present in the supply chain (watering hole)
Constant information outflow
Damage to reputation
Afterwards, the attacker can still plan the further course of the hacking attack in the victim's internal network, with possibilities of concealing traces.
By means of a penetration test, the hacking attack described in advance can be simulated in a practical manner. For this purpose, ProSec GmbH uses various methodologies and guidelines such as "PTES". This is a guideline that establishes a certain standard.
We uncover your vulnerabilities to give you an overview of your security gaps and the potential opportunities for a hacking attack. We recommend performing regular penetration tests to check the organizations, networks and systems for potential vulnerabilities and prevent a hacking attack.
Table of Contents After introducing 3 Broken Access Control Attacks in our first OWASP Top 10 post, we now move on to
The status report of the Federal Office for Information Security (BSI) 2022 shows: IT security in the public sector is increasingly
Interview with Christian Rosenzweig (Johner Institute) - Part 2 In the first part of our interview, we asked basic questions about