Hackers don’t care who you are. They just care how rich you can make them.
Threat actors almost always perform crimes of opportunity. This means that, unless you’re a high-profile or hacktivist case, they will look for a general lack of security across many businesses rather than targeting a specific business.
Unfortunately, because cybersecurity is often an overlooked component of running a business, hackers have plenty of opportunities.
Read this blog to discover the different types of threat actors and how to defend your business from their attacks.
See also: A Hacking Scenario: How Hackers Choose Their Victims
Different Hacker Archetypes
Not all threat actors are the same. To defend against attacks, it is important to understand that hackers have different motivations and capabilities, so you can defend your network against all types of attacks. Here are some hacker archetypes to consider:
The Opportunist Hacker
These hackers stay up to date on security news. Once a vulnerability is made public, it’s fairly easy to conduct a large-scale network scan for systems that exhibit symptoms of that vulnerability.
After the opportunistic threat actor obtains the list of vulnerable machines, they will conduct additional research on the vulnerability and attempt to access the system. Once inside, it is often easy to pivot and reach other, less hardened machines.
A great example of opportunist hackers in action arose when news of the Heartbleed vulnerability was released. The vulnerability was publicly exposed in many news publications. Very shortly thereafter, hackers scanned the Internet for vulnerable machines using OpenSSL and then attempted to exploit that vulnerability to gain access to the system.
But hackers don’t necessarily require major, newsworthy vulnerabilities to hack.
There are thousands of other publicly known vulnerabilities they could exploit. For example, website forms often have validation flaws. An attacker may submit potentially malicious data via a form, which might then be echoed back to the user's browser and rendered on the screen. The screen displays a mix of server content and the attacker's malicious data.
This could result in unsuspecting users being redirected to another site where credentials or session information might be captured.
See also: SecurityMetrics PCI Guide
How do I defend against this attack?
The obvious defense against a public vulnerability attack is to scan your systems to discover vulnerabilities beforehand. Keep up-to-date on security news. Partner with a company that informs you and of publicly disclosed vulnerabilities. Regularly maintain and update your systems.
If a vulnerability similar to Heartbleed is disclosed, do everything in your power to close it ASAP.
Do your best to keep all other operating systems, browsers, and servers up to date to avoid becoming a victim of a zero-day attack.
The Brute Force Hacker
While less common, brute attacks are still occurring. In these attacks, attackers control an army of computers infected with malware (known as botnets or zombie computers). The attacker can control this network of computers, which go out and find vulnerabilities.
The attacker uses botnets to access systems by trying millions of username-password combinations until the right one is found.
It’s not very effective. But, every once in a while they get the right combination and get into your network.
Hackers use botnets so each hack attempt is nearly impossible to trace back to the actual hacker.
How do I defend against this attack?
The two best ways to avoid this attack are by monitoring your logs and regularly creating new passwords.
If a botnet attempts to access your system through a brute-force attack, your logs should record these actions. If your logs record 1,000’s of failed login attempts on your system, you’re probably being attacked.
The reason brute force attacks work so well is that millions of user credentials (usernames and passwords) have been dumped online in publicly available lists. Any easy way to see if you’ve been a part of a leak is to go to haveibeenpwned.com and type in your email to see if you’ve been involved in a breach.
Passphrases are more effective than passwords in complexity and ease of remembering. Check out this blog on creating strong passwords and passphrases.
To avoid this type of attack, change your personal and business passwords every 90 days, and never reuse passwords.
The Insider Threat
A disgruntled employee is the biggest vulnerability a business can have. This is why most companies limit an employee’s access before they are ever fired or laid off, to protect them from vindictively exploiting sensitive information.
The insider threat hacker can also just be negligent, leaving passwords, badges, and sensitive information out in the open for anyone to steal. Remember, an insider threat is already inside your strongest perimeter of security.
How do I defend against this attack?
One of the best things you can do is implement zero trus architecture which essentially means your systems never trus, they always verify. Just because an employee is on your internal network doesn’t mean their device should have free reign to sensitive information.
Another vital part of protecting your business is restricting user access rights to the bare minimum needed for them to perform their job functions. For example, should an employee in HR have access to customer support logs that include credit card numbers? No, they don’t need it for their job and it’s just a disaster waiting to happen.
What do hackers do after they get into a system?
Once a hacker gets into your system they begin prospecting. This will look like scanning for credit cards, health information, passwords (including social media accounts they can exploit), and more. They might run keyword searches on your file systems and the memory of the system.
Their ultimate goal is to gain access to both the sensitive data that exists in your system and to expand the range of their attack by gaining access to additional accounts outside your network.
They may also install malware on your shopping carts, known as an ecommerce threat. This can give them access to customer information during the point of sale, without them even knowing they’ve been hacked.
Threat actors will also target specific employees at your company, which is easier than ever to do with platforms like LinkedIn that list the specific roles. This is further complicated by technological advancements in artificial intelligence that let hackers mimic CEO’s voices on a call to get employees to send money and gift cards.
A hacker’s final step is to leave no trace. Both so they can avoid being caught and so they can continue to skim credit card information and payments using the malware they installed on your network. Remember, the longer you take to discover the breach, the more valuable data they will be able to collect.
Leaving no trace might look like encrypting card data before transferring it out of your system, erasing or modifying security logs, and running malware from RAM instead of the hard drive so they can go undetected by antivirus software.
What can you do to protect your business from hackers?
The most important thing you can do to protect your business from threat actors is to become PCI compliant. Depending on your SAQ type, this may look like getting a PCI audit or additional security tools to protect your business.
For example, if you have an online shopping cart, you must protect it from magecart attacks using a security tool like SecurityMetrics Shopping Cart Monitor.
The better you adhere to PCI requirements, the less likely you are to be breached. To get started on PCI compliance, speak with a PCI expert or check out the award winning SecurityMetrics PCI guide here.




