1
2
Volume 2
Top 10 List of Most Popular
Hacking Methods
March 2016 Edition
security experts think that attackers are using the most
when they want to get sensitive data fast:
1. Social engineering (e.g. phishing)
Most of the attackers aim to get a low level insider user
account and escalate its privileges. Using social
engineering attacks to trick users to “ voluntarily” give
their account and password is preferred. “
The recent data breach of more than 10,000 users from
the U.S. Departments of Justice and Homeland Security
staff and more than 20,000 Federal Bureau of Investigation
employees is an example of how becoming an insider
using social engineering tactics is a much easier way for
hackers to breach security than writing zero-day exploits,”
said Györkő.“ Traditional access control tools and antimalware solutions are necessary, but these only protect
sensitive assets against hackers outside of the network.
Once they are inside, even with low level access, they can
easily escalate rights and gain privileged or root access in
the network posing a much higher risk.”
Balabit, a leading provider of contextual security
technologies, today announced its recent CSI Report,
conducted among one of the most technical and relevant
global information security events, the Black Hat USA and
Black Hat Europe 2015 participants. Questions were posed
to 494 IT security practitioners who participated in the
reseach that highlights the Top 10 Most Popular Hacking
Methods helping organizations to clearly see which
methods or vulnerabilities attackers are using the most —
or taking advantage of — when they want to get sensitive
data in the shortest amount of time. The key finding of the
survey is that outsiders want to become insiders with the
least possible efforts, and insiders “ help” them — mostly
by accident. “
“ These hijacked accounts can only be detected based on
the difference of the user’s behavior, such as login time
and location, speed of typing, and used commands. User
Behavior Analytics tools that provide baseline profiling
about real employees, that are unique like fingerprints, can
easily detect the abnormal behavior of your user accounts
and alert the security team or block user activities until
further notice,” Györkő added.
The rest of the most popular hacking methods are
ranked as follows:
2. Compromised accounts (e.g. weak passwords)
3. Web-based attacks (e.g. SQL/command injection)
Hackers who gain insider access pose the highest risk to
corporations as they can stay unnoticable within the
network for months by masking themselves as insiders,”
said Zoltán Györkő CEO at Balabit. “ Balabit aims to
support organizations to know their enemy by knowing who
is behind their user accounts, a legitimate user or a masked
hacker. This should be the fundamental priority in every
organization’s IT security strategy.”
According to the survey, 54 percentof the survey
respondants said that organizations are still afraid of “
hackers”
breaking into their IT network through their
firewall — but at the same time more than 40 percent of
them said that they already clearly see that first-line
defense tools, such as firewalls are just not effective
enough to keep the hackers away. More than 70 percent of
those surveyed said that insider threats are more risky.
TOP 10 List of Most Popular Hacking Methods
Balabit surveyed which methods or vulnerabilities IT
13