In the previous blog article, I discussed the seven-step “Attack Kill Chain,” a methodical series of phases that encompass most cyber attacks.
In the “Attack Kill Chain,” cybercriminals go from deciding if your organisation is vulnerable enough to infiltrate, all the way to successfully carrying out their objective on your network or system. In most cases, the attackers are most interested in credentials. Credential harvesting is the act of stealing sensitive information such as usernames and passwords, account information, access codes, etc.
Once obtained, what is the hacker’s end goal? What comes after the stealing of important credentials? In my experience, I see five common outcomes of the “Attack Kill Chain.”
#1 – Impersonation
Pretexting, or the act of impersonating a trusted figure to lower the defences and extract valuable information out of a victim. Armed with your email credentials, cybercriminals can use your information to impersonate you. When this happens, attackers now have access to your email contacts, which to them is a whole new list of potential victims. Under these circumstances, hackers will send out email blasts, impersonating the victim, and luring information out of others.
#2 – Payment Schemes
I’ve previously discussed that plenty of cyber attack tactics involve sending phishing emails without malicious files or links. Sometimes, the point of a phishing attack can simply be to lure victims into payment scams, such as through gift cards, social security, or loan/insurance schemes. These scams can vary in method and monetary value. The end goal, however, is to trick a victim into making payments to the hackers that become impossible to trace.
#3 – Skeleton Key
I recommend using a password management tool, like LastPass to manage passwords. Unfortunately, it is all too common for people to use the same password across email accounts, bank log-ins, and even for innocuous purposes such as reward account log-ins. The problem? If a hacker has access to one of these credentials, it can become a domino effect of exploitation. In these cases, hackers may seek to obtain email log-in information as a gateway to more sensitive credentials.
#4 – Malware
One of the most common and widely-known effects of cyber attacks is to download malware or ransomware on a victim’s device. Malicious files are designed to achieve a variety of destructive outcomes. Some cybercriminals run malware to steal sensitive data for other harvesting purposes. Another method is to freeze or hijack a given network or system, effectively shutting down a company’s operations until they can pay up and meet the demands of the cybercriminal.
#5 – Selling Data
Data changes hands rapidly on places like the dark web. Sometimes, a cybercriminal might steal your sensitive data just to sell it to someone else. Unfortunately, there is no way of knowing the end goal of process.
Stop Data breaches Before they Happen with PhishNet
The best way to protect against phishing attacks is to prevent them in the first place. This is most easily accomplished by cybersecurity awareness training. Staff who receive effective cybersecurity awareness training are better prepared to recognise and take the necessary steps to avoid a phishing attempt.
PhishNet delivers highly effective, engaging, and affordable cybersecurity awareness training to help businesses mitigate the risks of human error data breaches.
Talk to PhishNet today to learn more or check out our free Risk Assessment.