6 ways hackers are trying to steal your data

MT EXPERT: You're not paranoid - they really are out to get you, says Simon Smith of IBM Security Systems.

by Simon Smith
Last Updated: 12 Aug 2015

Your rising sense of panic is justified. Targeted attacks on valuable data – yours, your employees’, and your company’s - are only becoming more sophisticated and diverse. Yesteryear’s defences will not save you in 2014 and beyond.

With every advance in a hacker’s arsenal, the language being used to describe threats evolves too – and if you can’t name the problem, you can’t help find the solution. Here’s how to sound like you know what you’re talking about when you discuss your business’ security concerns.

1. Advanced threats

Advanced threats - also known as Advanced Persistent Threats (APTs) refers to targeted attacks on organisations. These attacks use commercially available and/or custom-made advanced malware to steal information or perpetrate fraud.

Data is at the heart of modern businesses and is now the primary target for cyber-criminals using these new methods, but reputation damage is the most costly consequence of APT attacks.

Targeted attacks are multi-faceted and specifically designed to evade many technologies attempting to detect and block them. Once they are inside, the only way to detect this type of threat is by understanding the behaviour of all of the individual attack components.

Legacy security systems such as anti-virus software and firewalls are unable to stop advanced threats.

2. Spear phishing

Spear phishing attempts are typically initiated by determined perpetrators out for financial gain, trade secrets or military information. The attacker uses a specially crafted email message that lures users to perform an action that will result in malware infection, credential theft, or both. This is often the first step that enables highly targeted attacks on your business.

Unlike mass phishing emails, which are easily identified as false, this labour intensive and highly targeted technique can easily trick your employees into opening weaponised documents or visiting infected and dangerous websites.

3. ‘Zero-day attack’

The majority of malware infections are a direct result of exploitation of ‘zero day’ vulnerabilities (basically, undetected bugs: known as ‘zero day’ because once an attack is launched, the company has zero days to fix it). Cybercriminals continuously develop new tricks taking advantage of application vulnerabilities to introduce malware and compromise computers.

Exploitation of zero-day vulnerabilities takes place from the first day the cybercriminal become aware of the vulnerability, until a software update (also called a patch) becomes available. This window can last days, weeks or even months. Protecting against exploitation of zero-day vulnerabilities is particularly difficult, as you don’t know what they are until they’ve been exploited.

The most targeted applications were Java, Adobe Reader and popular browsers, according to a survey of more than one million banking and enterprise customers commissioned by IBM X-Force threat in December 2013. Due to the recent rash of Java zero-day vulnerabilities, many security experts recommend reviewing the use of Java and implementing controls to restrict risk.

4. Drive-by download

Drive-by downloads are silent malware that takes place in the background, without the user's knowledge. The download is executed by exploiting a vulnerability in the browser or browser plug-in.

The attacker plants hidden malicious content, called ‘exploit', on a webpage. It could be a malicious website created and hosted by the attacker, or a legitimate website that the attacker has compromised.
Drive-by downloads are stealthy in nature and very difficult to prevent. Most browsers are not properly patched, or have unknown zero-day vulnerabilities for which a patch doesn't exist, so are vulnerable to these attacks.

5. Watering hole attack

Watering holes attacks are insidious threats from patient attackers who infect trusted sites users regularly visit. These may be specific discussion forums or sites where users download applications or updates.

This type of attack, described as ‘poisoning the watering hole’, has been used to deliver malware to even the most technically savvy organisations. Banks, activist groups, government foreign policy resource sites, manufacturers, the defence industrial base and even Facebook, Twitter and Apple have been snared using this technique. Rather than sending out targeted links and hoping someone will click on one, this is like poisoning a town’s water supply. It’s only a matter of time.

6. Malvertising

Similar to watering hole attacks, malvertising is gaining traction. It occurs when attackers target advertising networks by injecting ads with malicious exploits that lead to drive-by downloads. These malicious ads can then expose vulnerable users across the many websites displaying the content arriving from the advertising networks.

- Simon Smith is a QRadar Technical Professional at IBM Security Systems

Find this article useful?

Get more great articles like this in your inbox every lunchtime

When spying on your staff backfires

As Barclays' recently-scrapped tracking software shows, snooping on your colleagues is never a good idea....

A CEO’s guide to smart decision-making

You spend enough time doing it, but have you ever thought about how you do...

What Tinder can teach you about recruitment

How to make sure top talent swipes right on your business.

An Orwellian nightmare for mice: Pest control in the digital age

Case study: Rentokil’s smart mouse traps use real-time surveillance, transforming the company’s service offer.

Public failure can be the best thing that happens to you

But too often businesses stigmatise it.

Andrew Strauss: Leadership lessons from an international cricket captain

"It's more important to make the decision right than make the right decision."