igor - Fotolia
More than 70% of almost 500 IT security experts polled by European security technology firm Balabit said they considered insider threats more risky.
The key finding of the survey is that outsiders want to become insiders with the least possible effort, and insiders help them do so, often accidentally.
Social engineering was identified as a key element in the latest breach at the US Department of Justice in which hackers claimed to have exposed the contact details of more than 9,000 Department of Homeland Security employees and more than 22,000 FBI staff.
“The highest risk to corporations is when outside attackers gain insider access, as they can stay undetected within the network for months,” said Zoltán Györkő, chief executive at Balabit.
“Balabit aims to support organisations to know their enemy by knowing who is behind their user accounts, and determining whether it is a legitimate user or a masked hacker, which should be the fundamental priority in every kind of organisation’s IT security strategy,” he said.
More than half of the survey respondents said organisations are still afraid of hackers breaking into their IT network through their firewall, but at the same time over 40% of them said that first-line defence tools, such as firewalls, are not effective enough to keep hackers away.
Most social engineering attacks, often using phishing emails, are aimed at getting control of a low-level insider user account and escalate its privileges.
This attack method is popular becasue it is easier and faster to trick employees into revealing their passwords than cracking passwords or creating and deploying zero-day malware to steal staff credentials.
“Traditional access control tools and anti-malware solutions are necessary, but these only protect companies’ sensitive assets while hackers are outside of the network,” said Györkő.
“Once they manage to break into the system, even gaining a low-level access, they can easily escalate their rights and gain privileged or root access in the corporate network, which poses a very high risk because they look like a trusted insider.”
Read more about social engineering
- Implement simple checks to reduce the risk of the main types of social engineering attacks.
- Social engineering scams are abundant, proper preparation and training are key to avoiding the danger.
- Expert warns attackers are starting to use increasingly sophisticated ways to get people in organisations to help them circumvent security controls.
According to Györkő, account hijacking using legitimate credentials can be detected only by examining user behaviour and comparing it with normal behaviour for that user in terms of things like login time and location, speed of typing, and used commands.
“User behaviour analytics tools that provide baseline profiling about real employees, that are unique like fingerprints, can easily detect the abnormal behaviour of your user accounts and alert the security team or block user activities until further notice,” he said.
Compromising user accounts is the second most popular method used by attackers when they want to get sensitive data in the shortest time, according to IT security professionals.
Compromised accounts are dangerous because the same password is ofen used for corporate and private accounts. This means that if a password is stolen from a relatively insecure social media system, it can be used by attackers to access corporate networks.
Security issues of web-based applications such as SQL injections still rank highly as the third most popular hacking method because applications are the top interface for company assets for many insider and outsider users, providing a huge attack surface.
“Unfortunately, the quality of application codes is still questionable from a security point of view, and there are many automated scanners to detect vulnerable applications easily by attackers,” said Györkő.
“By hightlighting the 10 most popular hacking methods, we aim to help organisations to understand which methods or vulnerabilities attackers are using the most, so they can act accordingly.”
Read more about continuous monitoring
- A continuous monitoring program can improve everything from configuration and patch management to event monitoring and incident response.
- Dave Shackleford brings you up to speed on what you need to know about continuous monitoring for network security.
- How to implement a continuous monitoring strategy with existing tools and help from suppliers who are focused on this area.
Regardless of the source of the attack, Balabit said the top 10 most popular hacking methods clearly highlights the need for organisations to know what is happening in their IT network in real time.
According to the security firm, this can be achieved only by complementing the existing control type of security tools, such as access control tools and password management solutions, with continuous real-time monitoring.
Monitoring can highlight anomalies in users’ behaviour that are worth investigating, said Balabit, alerting organisations to suspicious activities, and enabling then to respond to harmful events immediately and block further activities.
Top ten hacking methods
1. Social engineering
2. Account compromise
3. Web-based attacks
4. Client-side attacks against, for example, document readers and web browsers
5. Exploits against popular server updates, such as Heartbleed
6. Compromising unmanaged personal devices
7. Physical intrusion
8. Compromsinng shadow IT, especially personal cloud-based services for business purposes
9. Compromising third-party service providers, such as outsourced infrastructure
10. Taking advantage of getting data put to the cloud