Malware, Hacking Remain Preferred Methods of Cyber-Criminals

 
 
By Fahmida Y. Rashid  |  Posted 2012-03-07
 
 
 

Hacking: Exploiting Default of Guessable Credentials

Attackers exploited default or easily guessable credentials for about 29 percent of the breaches analyzed by the Verizon RISK team. Many vendors often ship devices, appliances and software with a default password assigned. While it is possible to change them, that is not always the case. Industrial control systems are an example of devices with default passwords that can't be changed. Even if the password can be changed, many administrators don't bother. With a little bit of searching, attackers can find the passwords online, and the gates are wide open.

Hacking: Exploiting Default of Guessable Credentials

Malware: Backdoor

The user is either tricked into downloading and installing malware on the system, or a malicious Website exploits a vulnerability in the software or operating system to download and install itself. Once the computer is infected, it acts as a backdoor, allowing the remote attacker access to the network or executing code. Even if the original vulnerability is patched, if the malware can still communicate with the remote server, the attackers can continue to operate. Backdoors were found in about 26 percent of the cases.

Malware: Backdoor

Hacking: Using Stolen Log-In Credentials

Found in about 24 percent of the cases, stealing log-in credentials remains popular with cyber-crooks. This method may have been used in tandem with malware, such as a keylogger. Once the criminal has access to the log-in information for email accounts or online banking, they have free rein to steal and loot. The number of dumped password lists after data breaches and the high incidence of password reuse by end users makes it is easier than ever to succeed with stolen credentials.

Hacking: Using Stolen Log-In Credentials

Hacking: Exploiting the Backdoor or Command and Control Channel

Slightly different from using malware to open a backdoor, this threat vector relies on the attacker somehow intercepting communications, using an unsecured port or other means to open up a backdoor themselves to transfer data or receive instructions. This method is the fourth most popular technique and is found in 23 percent of the cases.

Hacking: Exploiting the Backdoor or Command and Control Channel

Malware: Keylogger, Form-Grabber Spyware

Used in about 18 percent of the incidents analyzed by Verizon, attackers rely on data-capture malware, such as keyloggers, form-grabbers and other forms of spyware, to capture data directly from the user. The user is generally unaware that there is a tool monitoring everything they type on their system. Once that information has been captured, it is sent back to a remote server for future use.

Malware: Keylogger, Form-Grabber Spyware

Malware: Send Data to External Site

Several data-stealing Trojans fall in this category, as their sole purpose is to find specific types of data, such as configuration files, documents, spreadsheets and source code, and just send it back to the remote control server. Verizon's RISK team found that cyber-crooks used this method in about 17 percent of all the incidents last year.

Malware: Send Data to External Site

Hacking: Use System or Network Utilities

System tools, such as Pstools and netcat, are popular with IT professionals because they simplify the task of managing several systems on a network. Cyber-criminals like them, too, and they were used in about 14 percent of Verizon's caseload. Pstools is a utilities suite that allows a user on the network to send commands to other connected Windows machines. This is similar to how attackers use legitimate penetration tools, such as Metasploit, to find holes in applications and Websites.

Hacking: Use System or Network Utilities

Hacking: SQL Injection

It was a bit surprising that Verizon found only 13 percent of its cases involve SQL injection. The SANS Institute has identified SQL injection errors as one of the most common errors in software. Developers don't properly handle inputs in the application and allow malicious perpetrators to submit SQL commands that are executed on the database.

Hacking: SQL Injection

Malware: Capture Data Resident on System

Specific types of malware look for cookies and data stored in memory and cache that can be transferred to the remote attacker. There have been several cases of malware that are able to extract user names and passwords from memory. This occurred in 9 percent of the cases Verizon examined.

Malware: Capture Data Resident on System

Malware: Download Install Additional Malware or Updates

Sometimes, the malware that is downloaded to the user's computer after clicking on a malicious link or opening up a suspicious attachment is just a dropper file. Once installed, its sole purpose is to download additional malware or update itself with new instructions. This appeared in 9 percent of Verizon's caseload.

Malware: Download Install Additional Malware or Updates

Rocket Fuel