When creating a defensive plan against cyber-attacks, knowing your adversary is paramount. Often after the shock has worn off from a breach, the affected company will ask themselves, “Why us?”. It’s a valid question that organizations should ask before an incident occurs to better prepare themselves. There are many reasons why an attacker may choose your organization, and below I’ve captured some of the more common causes.
Opportunity Attacks
These attacks are typically based on a unique opportunity that makes your organization an easier target than others. Usually, these items are in an organization’s circle of influence, and your organization can take steps to reduce those types of attacks.
- Technology stack – Attackers use tools such as search engines (Google, Shodan.io) and job boards to map specific technology use that has experienced recent vulnerability disclosures. Attackers often count on misconfigured technology stacks that provide attackers an opportunity to try weak or default credentials to gain additional access.
- Public information disclosures – Credential disclosures are commonly shared on the internet and within hacker communities. Employees often reuse their work passwords on outside services that experience a breach, making for easy credential stuffing attacks. Services such as haveibeenpwned.com allow organizations to effortlessly discover when credentials containing their domain have leaked due to a cyber attack.
- Phishing – Many phishing campaigns permutate domains from lists or crawl websites from the internet in some fashion. If an employee falls victim to a phishing attack, they take advantage of this newly gained access. If not, then they continue to the next potential target.
Targeted Attacks
These attacks are directed at the organization itself and often include detailed research and recognizance. Traditionally attackers will utilize opportunistic attacks for quick access but depending on the situation, they may need to develop more sophisticated attacks.
- Industry Type – Often, the type of industry that the organization is a part of will draw specific attention, such as financial institutions, government entities, and industrial companies. The attacker is looking for a particular asset that the entity possesses, or perhaps there’s a controversial issue that spawns hacktivism.
- Target by Proxy – Some organizations that experienced a breach learn that they were simply a stepping stone to leverage a relationship to attack their partner, supplier, or customer.
- Insider Threat – While not historically thought of as a way of targeting an organization, insider threats such as disgruntled employees or fraud are commonplace and need to be accounted for.
Each organization should be discussing the different ways attackers may try targeting them in the future. In many cases, a quick and easy change could have prevented a drastic and costly security incident.
Prevention
Penetration testing and consulting services like TCM Security have the ability to test your organization’s security. From your physical security to your internal and external network security, we will access your organization’s security infrastructure to find the vulnerabilities before the threat actors do.
About TCM Security
TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers.
Pentest Services: https://tcmdev.tcmsecurity.com/our-services/
Follow Us: Blog | LinkedIn | YouTube | Twitter | Facebook | Instagram
Contact Us: sales@tcm-sec.com