Page 68 - Cyber Defense eMagazine September 2023
P. 68

against these tactics, including best practices on security awareness training, impersonation protection
            policies, and keeping applications as secure as possible.



            What’s in an attacker’s toolkit?

            Different tools are used at each stage of the cyber kill chain. Ultimately, if an attack can be detected and
            prevented at delivery (a phishing email), it will be killed earlier within the kill chain to help keep employees
            safe.

            And by understanding the intricacies of these stages, you too can start to think like a hacker, prepare for
            the tactics they use, and implement stronger defenses.



            Reconnaissance: Locate the target

            This is the first stage of the kill chain, where a bad actor sets out their objectives, finds a target and
            researches them. There are a variety of tools that make it easier for bad actors to search for targets within
            your organization and assess their likelihood of falling for an attack. These range from Google, marketing
            contact  databases,  and social  media  sites,  to  email  trackers  that  can  show  whether  a  recipient  has
            interacted with an email.

            Our 2021 Insider Data Breach survey revealed that 94% of organizations experienced a data breach in
            the last 12 months. Furthermore, these breaches can leave a company’s data exposed, increasing the
            risk of phishing threats. In short, it’s time to batten down the hatches.

            A bad actor can use a variety of free and paid-for tools to assess a company’s email security system and
            its defenses. This enables them to understand any existing vulnerabilities that can be exploited and try
            to craft their attacks to evade detection. This is aided by the phenomenon aptly titled phishing-as-a-
            service,  a  growing  trend  of  cybercriminals  diversifying  and  selling  their  software  and/or  expertise  to
            lesser-skilled prospective hackers.



            Weaponization: Crafting the phish

            After  reconnaissance,  the  next  step  is  crafting  the  phishing  email  –  which  can  contain  a  malicious
            payload, or it can rely on social engineering without any payload.

            Phishing kits can be used to create spoofed websites to steal a target’s credentials, steal multi-factor
            authentication (MFA) tokens, and evade detection from security technology.

            The more expensive kits will include tactics to evade detection by cybersecurity technologies, including:

               •  HTML obfuscation techniques using encryption, encoding, and whitespace
               •  IP address blocklists to identify and block connections from security vendors attempting to scan
                   the webpage for signs of a threat




            Cyber Defense eMagazine – September 2023 Edition                                                                                                                                                                                                          68
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   63   64   65   66   67   68   69   70   71   72   73