How to detect a cyberattack

News about vulnerabilities in the computer systems of one company or another have become so common that they almost go unnoticed. But if we look at the data it is impossible to take the focus away. Cyberattack must be detected!

During the first half of 2021, the QuickView report has added 12,723 disclosed vulnerabilities, assuming a growth of 2.8% compared to the same period in 2020. This report highlights that on average 80 vulnerabilities were revealed daily. The VulnDB team even updated this figure to 200 as new solution information, references, and additional metadata became available.

Important information that was lost during the pandemic is resurging. Even if organizations can feel comfortable going back to their previous processes, the fundamental problem remains: there are too many vulnerabilities for many organizations to handle realistically unless they adopt a truly risk-based patching approach.

Brian Martin, Vulnerability Historian, RBS

I’m sure right now you’re thinking, “Yes, the data is very worrying, but that’s not going to happen to my company. Who might be interested in knowing details of my suppliers, invoices, customers, equipment?” If you were right, it might seem reasonable to consider your business to be no real target for hackers. But the operation of cybercriminals responds to another logic.

In the mind of a computer hacker

It is a common mistake to think that the way a criminal proceeds is to carefully study a company, and its information assets, and then attack it. If this methodology had existed in the past, today, it has been transformed into indiscriminate attacks. The objective is not to obtain specific information, but to obtain massive information of all kinds, and then separate the wheat from the tares.

We have all been the object of some of these mass mailings in which they tried to obtain information regardless of the data that ends up being collected. Once the hacker has these assets he can analyze carefully, now, if he can get something from them, or if they are disposable.

How does the hacker get your information?

Phishing

It consists of deceiving people, taking advantage of carelessness or credulity, with the aim of sharing confidential information. The victim, for example, receives an email from his supposed bank asking for credentials to solve a problem that has arisen with his credit card. The message requires going to a website and proceeding immediately before a terrible consequence occurs. Fear often weakens us and we act without thinking that banks never ask us for our credentials.

Malware

They can be viruses, worms or all kinds of elements that are installed on your computer trying to go unnoticed. In some cases, even from your computer they connect to a specific destination with the intention of sending the information they find on it. There are many pages on the Internet that download this type of executable files, and that we unfortunately run.

Other

There are tools, such as SQL injection in web environments, search for vulnerability of operating systems and others, that allow access to environments and, through certain actions, acquire in one way or another administrative permissions on computers. These types of permissions will lead the hacker to have access and information.

What does a cybercriminal do with your information?

When unfortunately we have been victims of a cyberattack we focus all our attention on solving the problem as soon as possible. But we don’t often stop to think about what criminals are doing with our information.

A hacker may consider that your company’s assets are useful because many customers appear, or because it has more than relevant income. In these cases the cybercriminal could enter digitally, get that data and erase their traces so that their actions are imperceptible to us. With that portfolio of contacts or clients you could supplant the identity of one of them and, in this way, phishing those who seem to be a goal to achieve.

Another case that we could find is that, given the indisputable value of our information, the criminal decides to contact us to ask for a ransom. Or encrypt the data and immobilize our company. Solution? Once we access the payment, it will decrypt it again.

What can stop a hacker?

We currently have tools that contain these attack attempts that we have mentioned. Microsoft 365 makes them available for you to configure those that are most necessary in your organization. You will have a greater knowledge of the state of the data, what to do in case of loss of assets, or even submit to policies that prevent you from sending sensitive information to other domains.

Want to protect against potential threats with Microsoft 365? We help you make it possible!