4. The Need for Cybersecurity: Cyber Attacks 69 4.1.1 Reconnaissance “To rely on rustics and not prepare is the greatest of crimes; to be prepared beforehand for any contingency is the greatest of virtues.” - The Art of War by Sun Tzu Reconnaissance (recon) is the first step of a carefully planned cyber attack. Bank robbers are known to “case the joint.” Like scoping out a bank in preparation for a robbery, the recon step of a cyber attack is about gaining as much information about the target as possible. This helps the attacker define the attack surface, including the cyberspace perimeter. The cyberspace perimeter includes the domain names and IP addresses that belong to the target and all the software and hardware accessible via those domain names and IP addresses. Other types of information may also be helpful to the attackers, such as the names and contact information of employees, recent job postings, and social media posts. In general, the more information that is gleaned, the better for the attacker. Information provides clues to potential vulnerabilities, and it also helps the attacker to adapt and improvise as needed—this is what Sun Tzu means in the quote above about being prepared for any contingency. Recon does not usually involve any illegal activities, although it could be incriminating evidence if a crime is later committed. In this phase, attackers conduct both low- and high-tech recon to gain as much information about the target as possible. Some low-tech recon tactics would be snooping around the physical premises of the target, and perhaps even dumpster diving. Dumpster diving was popular among phone phreakers. They were notorious for literally crawling into the trash dumpsters belonging to big phone companies looking for unpublished documentation and other discarded information that might help them hack the phone network. Dumpster diving can reveal useful insider information. An example of high-tech recon is open source intelligence (OSINT). Open source intelligence is identifying and collecting information that is available to the public (i.e., information that is open source). Google is a valuable tool for conducting OSINT. Advanced uses of Google to search for vulnerabilities and sensitive information about the target is called Google hacking. Complex query strings can be crafted to identify sensitive information that may have been inadvertently posted online including spreadsheets and other files and even passwords. Ready-made query strings are available in online databases for hackers to use. Cyber defenders also may use these queries to find and take sensitive information offline before the hackers find it first! 4.1.2 Gaining Unauthorized Access Most cyber attacks involve gaining unauthorized access to the victim’s network. The information gathered in the recon phase is used to find potential vulnerabilities and other ways into the target network. This section outlines five main ways that hackers obtain their initial unauthorized access: deceiving authorized users, exploiting technical vulnerabilities, credential stealing, supply chain attacks, and obtaining physical access.
RkJQdWJsaXNoZXIy MTM4ODY=