By Julio Velela

Lately, you probably have heard buzzwords like cyberattacks, ransomware, and hackers all over news media platforms. That is not surprising since many companies have fallen victim to significant cyberattacks, most noticeably the attack at The Colonial Pipeline and the world's largest meat processor, JBS. Of course, these threats are not new, but they are becoming more sophisticated in their methods.

We have had attempted cyberattacks at CDI, and we are constantly training our staff and adopting new methods to prevent damaging breaches of our data. It is a company effort to make sure that hackers are blocked and identified. One step towards data security is to recognize the common methods hackers use to attack organizations.

Phishing Emails

Across all industries, the most common method hackers use to breach an organization’s cybersecurity is through phishing emails. These emails are carefully crafted to trick the recipient into opening an attachment or clicking a link that contains a virus. Unfortunately, this method depends on the lack of knowledge or training of an employee towards identifying suspicious emails. As a result, due to their deceitful appearance, many employees can accidently download malicious files.

Phishing emails can have attached PDF, ZIP files, Word Documents, and many other formats routinely shared within an organization’s network. Hackers use these attachments to trick recipients into “Enabling Macros” upon opening the document. The hacker can then run a script that downloads and executes a malicious executable file (EXE) from an external web server. The EXE would include the functions necessary to encrypt the data on the victim’s machine.

At that point, one device is compromised with malware or ransomware in the organization. This situation alone can cause significant risk to sensitive data. However, depending on how advanced the ransomware or malware is, it can spread across all devices if not caught in time.

Remote Desktop Protocol

Many companies utilize remote desktop protocols (RDP) for various reasons, most commonly for IT support. With RDP, administrators can securely access a user’s machine remotely to assist with any issues. RDP typically runs over port 3389.

Why is port 3389 important? In 2017, it was determined that over 10 million machines had port 3389 open and advertising this on the public internet. Hackers can search for those machines to find devices that are vulnerable to viruses. Once a target is identified, hackers can access open-source password-cracking tools to log in as an administrator remotely.

Once they’re in as an administrator, hackers fully control the machine and initiate a ransomware encryption operation. With this level of control, a hacker can also delete or steal data and disable backup protocols from anywhere in the world. This gives an organization more reasons to pay ransom.

Drive-By Downloads from a Compromised Website

Another well-known method for hackers to attack organizations is through drive-by downloads. This is a tricky method since it uses compromised websites to deliver malicious downloads without the user’s knowledge. Hackers use kits allowing the ability to scan the visiting device for its specific weaknesses silently. Once a flaw is found, the attacker can input code in the background without clicking anything. By that point, the visiting device is compromised.

You might think that this only occurs in sketchy sites, but that is not the case. Hackers often initiate drive-by downloads by taking advantage of known vulnerabilities in the software of legitimate websites. Then, they will either embed malicious code on a site or redirect the user to another site that the hacker controls. For example, popular sites such as New York Times, the BBC, and the NFL have been targeted in a ransomware campaign through hijacked advertisements.

USB and Removable Media

Sometimes a cyberattack isn’t implemented by a distant shady character; it can be done in person using a USB device. It is straightforward; all the hacker needs to do is download all the malicious files they need in the USB drive, insert them into a company device, and transfer the files over. No tricks or disguises are required, but it does require direct access to a company device.

If an in-person infiltration is not possible, you can still execute an attack through this method. For example, hackers can send out USB drives containing hidden viruses to companies as promotional give-aways. The victim thinks it’s an innocent branded USB drive, but it is a trojan horse for ransomware.

An organization must have up-to-date virus protection, protocols, and company training to recognize cyber-attack threats. Cyber-attacks will continue to become more sophisticated with their methods as time goes on. Identifying how a hacker can implement an attack is an excellent start to prevent ransomware, malware, or a data breach.

If you have any questions regarding Laserfiche or wish to speak with a CDI professional team member, contact us at support@cdi.support.