A cyber attack takes place every 39 seconds. This is one of the biggest risks of running a business today; every second of each day, hackers work relentlessly to breach networks, deliver malware, and steal valuable data.
Bad actors employ various methods to strike and constantly refine their methods as they identify new vulnerabilities. Fending off cyber attacks is a never-ending mission, and businesses must remain alert night and day to avoid becoming the next victim.
Managed security service providers (MSSPs) can help businesses large and small build their cyber defenses. Cybersecurity is a complex, multilayered affair – and requires an understanding of how threat actors work.
The MITRE ATT&CK framework models cyber attacker behavior and provides information on attack lifecycles and platforms that hackers are known to target. Attackers typically employ one or a combination of nine specific initial access techniques to gain a foothold in the network and move from there to other parts of the environment. Too often, they operate freely for months before the intrusion is detected. It’s important to know the nine initial techniques to effectively protect against them.
What Are The 9 Most Common Initial Access Techniques?
Phishing – or some form of phishing – is used in over 80% of successful cyber attacks. Phishing uses social engineering to trick users into giving hackers access to systems and networks, usually through fake emails containing compromised links or attachments. Many phishing attacks are not targeted and involve sending out mass emails to large groups of users. More targeted attacks, known as spearphishing, zero in on specific individuals, organizations, or industries. There are three sub techniques of phishing – spearphishing attachments, spearphishing links, and spearphishing via a service.
2. Valid Accounts
Threat actors often steal account credentials for persistent access to systems. If an attacker gains access to what they know to be a valid username and password, they will proceed to use this information for a tactic called “password spraying”, where they use these credentials across a slew of platforms and applications to attempt gaining access. And, if robust password policies are not in place and the user has the same credentials for multiple accounts, the attacker may be successful in their pursuit.
There are 4 sub techniques of valid accounts. All this entails is classifying the 4 separate types of accounts that can be compromised, including default accounts, domain accounts, local accounts, and cloud accounts.
3. Supply Chain Compromise
This attack method is becoming increasingly common and involves manipulating hardware, software, and delivery mechanisms to compromise systems and data. Compromise can occur at various supply chain points, including development tools, source code repositories, and software distribution. Additionally, malware can be delivered through a software update, making it difficult to detect and vastly increasing the number of potential victims. The three sub techniques of supply chain compromise include software supply chain, hardware supply chain, and software dependencies and development tools.
4. Hardware Additions
This method involves an attacker introducing computer accessories, computers, or networking hardware into a system or environment to be used as an access vector by gaining physical access to an organization. There are a lot of different commercial and open source products and tactics that can be leveraged with this type of attack that can further compromise your organization, such as passive network tapping, man-in-the-middle encryption breaking, and keystroke injection.
5. Replication Through Removable Media
Removable media, such as USB drives, can download malware into systems through auto-run features when the media is inserted into a system. To use removable media for malware delivery, threat actors manipulate the media, modify the systems they use to format it or modify the media’s firmware itself. Oftentimes, these USBs will be strategically left around the perimeter of an organization and a curious employee will plug it into their device, unknowingly enacting the attack.
6. Drive-By Compromise
This attack method consists of manipulating a user’s browser or a website to download malicious content on user devices. It occurs behind the scenes and is expertly concealed so the user doesn’t realize what is happening. Typically attackers compromise a website by injecting malicious code into it, using malicious ads, or built-in interfaces that redirect the user to a compromised part of the site.
7. External Remote Services
This technique involves exploiting remote services such as VPNs, Citrix, and other access mechanisms that manage connections and user authentication credentials. Access can be obtained through credential pharming or theft of user data after the network is already compromised. Attackers have been known to use remote services as a redundant or persistent access mechanism during an operation. This technique has become more prominent as many employees have left secure corporate networks. Oftentimes, there’s a direct overlap between this attack method and the valid accounts technique.
8. Exploiting Public-Facing Application
This occurs when threat attackers exploit a bug, glitch, or design vulnerability in an internet-facing computer or application to deliver malicious code. The entry points are usually websites but attackers also use other targets such as databases, network management protocols, and web servers. Hackers also often exploit cloud-hosted targets to manipulate user access and management policies. Some helpful resources to aid in your defense against this technique are the OWASP Top 10 and the CWE Top 25, which highlight the most common web-based vulnerabilities.
9. Trusted Relationship
Many organizations grant third parties to internal systems. Such third parties include IT service providers, product suppliers, and HVAC and electrical contractors. With the trusted relationship technique, attackers can exploit vulnerabilities in network connections between organizations and partners to introduce malware, steal data and perform other unauthorized activities.
As the saying goes, “the best offense is a good defense,” which is why having a robust cybersecurity infrastructure is crucial for any business. Adaptive Information Systems offers a full set of managed security services that address all nine initial attack vectors, both from a detection and mitigation perspective. Contact us today to see how we can help protect your business.