Home>Articles>Cyber Security>Cyber Attack Anatomy 101
Cyber Attack Anatomy 101

Cyber Attack Anatomy 101

Cybercrime is the new “mafia” and if you haven’t taken it seriously in the past, you need to pay attention before you or your company become the latest victim. Cyberattacks are a lot more sophisticated, with many of the organisers setting themselves up in the same way that one would create a real technology company. They have all of the professional elements and they assume that companies are focused on their own business instead of protecting themselves.

Consider this to be a War:

Here are some “heads up” stats from havacscope.com:

  • You can get someone’s complete health insurance data by paying $1,250.
  • For just $7/hour, you can unleash a Distributed Denial of Service attack on your competition.
  • You can purchase US Fulz records (someone’s identity, passport, SSN, and others). You can get all that for around $40.
  • You can also get 10,000 fake Twitter followers for $15.
  • And if you want access to a government server, that can be had for $6.
  • You’re dealing with professional organizations that:
  • Provide 24/7 customer service;
  • Offer free trial attacks to demonstrate their prowess;
  • Payment after the successful attack once you are satisfied with the results.

The key element to recognise is that no one is immune. Cybercriminals go after small, medium and large organisations. In 2016, small companies were the victims of 36% of cyberattacks and ransomware increased over 500%.

Vectors of Attacks:

The criminals involved in the cybercrime understand the market on an intimate level. They know that the largest success rate (43%) is on the social engineering attacks (hacking, malware, phishing) and the most common attack vector still remains in the exploitation of a bug in firmware or software that hasn’t been patched. They design their programs to seek out those that have been lazy about software updates and have left themselves vulnerable.

Malware is becoming a lot more sophisticated. What was once just an irritant factor, following a website trail and collecting the data (while slowing an operating system down) has been elevated to the ability to steal credentials, many of them logins or passwords so that they can gain higher privilege access to systems. Their goal is to bypass the average user and tap into the full network admin abilities and many of them are being quite successful at it.

There are also DDos (Distributed Denial of Service) or DoS (Denial of Service) in which a particular cybercrime organisation sells their services so that they flood a website or service with artificially generated traffic to the point that it takes the targeted servers down. The criminals have even become a bit more ingenious in that they have created Dyn DDos software robots hat infest a device and then awaits orders. This particularly nasty method allows 10’s of millions of smart devices that are Wi-Fi-based to become infected and when activated, they are the tools that wreak havoc.

“In the state of cybercrime “war” all individuals must be prepared for and defend against attacks. DaVinci Forensics are the specialists that remain diligent in maintaining the latest information and updates so that our clients are not only aware of but empowered to fend off breaches. The “cybercriminal enemy” is continually changing, updating and seeking out new methods to take advantage of company and individual vulnerability and our services are your first line of defense.”

Da Vinci Forensics