Malware, Hacking Remain Preferred Methods of Cyber-Criminals
Hacking: Exploiting Default of Guessable Credentials
Attackers exploited default or easily guessable credentials for about 29 percent of the breaches analyzed by the Verizon RISK team. Many vendors often ship devices, appliances and software with a default password assigned. While it is possible to change them, that is not always the case. Industrial control systems are an example of devices with default passwords that can't be changed. Even if the password can be changed, many administrators don't bother. With a little bit of searching, attackers can find the passwords online, and the gates are wide open.
The user is either tricked into downloading and installing malware on the system, or a malicious Website exploits a vulnerability in the software or operating system to download and install itself. Once the computer is infected, it acts as a backdoor, allowing the remote attacker access to the network or executing code. Even if the original vulnerability is patched, if the malware can still communicate with the remote server, the attackers can continue to operate. Backdoors were found in about 26 percent of the cases.
Hacking: Using Stolen Log-In Credentials
Found in about 24 percent of the cases, stealing log-in credentials remains popular with cyber-crooks. This method may have been used in tandem with malware, such as a keylogger. Once the criminal has access to the log-in information for email accounts or online banking, they have free rein to steal and loot. The number of dumped password lists after data breaches and the high incidence of password reuse by end users makes it is easier than ever to succeed with stolen credentials.
Hacking: Exploiting the Backdoor or Command and Control Channel
Slightly different from using malware to open a backdoor, this threat vector relies on the attacker somehow intercepting communications, using an unsecured port or other means to open up a backdoor themselves to transfer data or receive instructions. This method is the fourth most popular technique and is found in 23 percent of the cases.
Malware: Keylogger, Form-Grabber Spyware
Used in about 18 percent of the incidents analyzed by Verizon, attackers rely on data-capture malware, such as keyloggers, form-grabbers and other forms of spyware, to capture data directly from the user. The user is generally unaware that there is a tool monitoring everything they type on their system. Once that information has been captured, it is sent back to a remote server for future use.
Malware: Send Data to External Site
Several data-stealing Trojans fall in this category, as their sole purpose is to find specific types of data, such as configuration files, documents, spreadsheets and source code, and just send it back to the remote control server. Verizon's RISK team found that cyber-crooks used this method in about 17 percent of all the incidents last year.
Hacking: Use System or Network Utilities
System tools, such as Pstools and netcat, are popular with IT professionals because they simplify the task of managing several systems on a network. Cyber-criminals like them, too, and they were used in about 14 percent of Verizon's caseload. Pstools is a utilities suite that allows a user on the network to send commands to other connected Windows machines. This is similar to how attackers use legitimate penetration tools, such as Metasploit, to find holes in applications and Websites.
Hacking: SQL Injection
It was a bit surprising that Verizon found only 13 percent of its cases involve SQL injection. The SANS Institute has identified SQL injection errors as one of the most common errors in software. Developers don't properly handle inputs in the application and allow malicious perpetrators to submit SQL commands that are executed on the database.
Malware: Capture Data Resident on System
Specific types of malware look for cookies and data stored in memory and cache that can be transferred to the remote attacker. There have been several cases of malware that are able to extract user names and passwords from memory. This occurred in 9 percent of the cases Verizon examined.
Malware: Download Install Additional Malware or Updates
Sometimes, the malware that is downloaded to the user's computer after clicking on a malicious link or opening up a suspicious attachment is just a dropper file. Once installed, its sole purpose is to download additional malware or update itself with new instructions. This appeared in 9 percent of Verizon's caseload.