Inside a cyberattack: How hackers steal data
The truth about cybersecurity is that it’s almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry becomes increasingly sophisticated and their technology more advanced.
Once a hacker has broken through an organization’s defenses, it is relatively easy to move within the network and access information without being detected for days, and even months. This is a significant concern for Banking and Financial Services organizations, which house valuable sensitive and Personally Identifiable Information (PII). The goal of cybersecurity is to minimize the risk and the impact of a breach. Understanding the adversary’s mindset and activity is central to this.
A Hacker’s Motivation
Recently breached Black Basta chat logs provide a realistic insight into hackers’ structure and day-to-day life. Cybercrime is a business, with targets, quotas, and call templates. While the motivations for hacking can range from purely financial to nation-state and hacktivism, for many, hacking is simply a day job. The valuable intelligence here is that hackers seek the path of least resistance, the same as with any day job. This means hackers seek opportunities to minimize effort and maximize output, which can include recceing a site and jumping onto the guest Wi-Fi or simply walking into an organization and plugging straight into an Ethernet cable. There is also an opportunistic element to their strategy, such as randomly checking for easily exploitable weaknesses or seeking low-hanging fruit -- which is often employees.
A new troubling development that achieves efficiency and simplicity is Ransomware-as-a-Service (RaaS), which is like a marketplace to buy access to compromised systems, or to buy custom ransomware, which you can simply deploy onto systems. This development is democratizing hacking and expanding the cybercrime industry: meaning that for many organizations that process valuable data and essential services, a breach is a case of when, and not if.
Inside a Hack
It is often a simple, mundane scenario that grants hackers access to an organization’s system. For example, a hacker could search an employee on LinkedIn, generate their email, and contact HR with a message they’ve been overpaid with a fake statement attached. If HR clicks the attachment, the hacker can access the system or deploy malware. Another example is parking outside an organization and finding weak spots such as a server an intern previously set up for a test or a software vulnerability. Cybersecurity measures such as Zero Trust Network Access (ZTNA) and firewalls do delay a hacker’s ability to breach the network, however, when they get inside, the organization is relatively vulnerable.
Once a hacker breaches the perimeter the standard practice is to beachhead (dig down), and then move laterally to find the organization’s crown jewels: their most valuable data. Within a financial or banking organization it is likely there is a database on their server that contains sensitive customer information. A database is essentially a complicated spreadsheet, wherein a hacker can simply click SELECT and copy everything. In this instance data security is essential, however, many organizations confuse data security with cybersecurity.
Organizations often rely on encryption to protect sensitive data, but encryption alone isn't enough if the decryption keys are poorly managed. If an attacker gains access to the decryption key, they can instantly decrypt the data, rendering the encryption useless. Many organizations also mistakenly believe that encryption protects against all forms of data exposure, but weak key management, improper implementation, or side-channel attacks can still lead to compromise. To truly safeguard data, businesses must combine strong encryption with secure key management, access controls, and techniques like tokenization or format-preserving encryption to minimize the impact of a breach. A database protected by Privacy Enhancing Technologies (PETs), such as tokenization, becomes unreadable to hackers if the decryption key is stored offsite. Without breaching the organization’s data protection vendor to access the key, an attacker cannot decrypt the data -- making the process significantly more complicated. This can be a major deterrent to hackers.
How to Outsmart a Hacker
Another reality for organizations is that it’s relatively easy for a hacker to evade detection. According to IBM, it takes organizations an average of 258 days to identify and contain a breach. This may not even be through an organization learning of the breach themselves. They may be notified by the hacker or by a competitor who the hacker is trying to sell the stolen data to. IBM’s findings indicate the window of detection is closing as 258 days is a 7-year low, however, this is still a significant amount of time for a hacker to become comfortable within an organization’s system. This can mean the hacker is constantly accessing fresh customer data and learning who’s within the ecosystem to breach the organization’s supply chain.
To effectively deter hackers, organizations should focus on making attacks more difficult and less rewarding. If the effort and risk outweigh the potential gain, attackers are more likely to move on to an easier target. Implementing layered cybersecurity measures and a Zero-Trust framework strengthens defenses. However, banking and financial institutions hold such valuable data that hackers will be more determined. To counter this, investing in robust data protection is a must rather than relying solely on perimeter cybersecurity. Organizations should ensure that even if an attacker breaches their systems, sensitive data remains secure -- effectively rendering it useless to cybercriminals.
Image Credit: Arsenii Palivoda / Dreamstime.com
Dave Gray is VP EMEA at Protegrity and Glenn Wilkinson is Professional Hacker and Speaker. Protegrity will be hosting a breakfast briefing with Glenn on the 6 March at an in-person event in London. He will run through the evolution of hacking, from its early days to today’s sophisticated cyber threats, and a live hacking demonstration. Click here to register your interest in attending the event: Hacking a Billion Dollar Bank