AST Digital Magazine March 2016 | Page 13

1 2 Volume 2 Top 10 List of Most Popular Hacking Methods March 2016 Edition security experts think that attackers are using the most when they want to get sensitive data fast: 1. Social engineering (e.g. phishing) Most of the attackers aim to get a low level insider user account and escalate its privileges. Using social engineering attacks to trick users to “ voluntarily” give their account and password is preferred. “ The recent data breach of more than 10,000 users from the U.S. Departments of Justice and Homeland Security staff and more than 20,000 Federal Bureau of Investigation employees is an example of how becoming an insider using social engineering tactics is a much easier way for hackers to breach security than writing zero-day exploits,” said Györkő.“ Traditional access control tools and antimalware solutions are necessary, but these only protect sensitive assets against hackers outside of the network. Once they are inside, even with low level access, they can easily escalate rights and gain privileged or root access in the network posing a much higher risk.” Balabit, a leading provider of contextual security technologies, today announced its recent CSI Report, conducted among one of the most technical and relevant global information security events, the Black Hat USA and Black Hat Europe 2015 participants. Questions were posed to 494 IT security practitioners who participated in the reseach that highlights the Top 10 Most Popular Hacking Methods helping organizations to clearly see which methods or vulnerabilities attackers are using the most — or taking advantage of — when they want to get sensitive data in the shortest amount of time. The key finding of the survey is that outsiders want to become insiders with the least possible efforts, and insiders “ help” them — mostly by accident. “ “ These hijacked accounts can only be detected based on the difference of the user’s behavior, such as login time and location, speed of typing, and used commands. User Behavior Analytics tools that provide baseline profiling about real employees, that are unique like fingerprints, can easily detect the abnormal behavior of your user accounts and alert the security team or block user activities until further notice,” Györkő added. The rest of the most popular hacking methods are ranked as follows: 2. Compromised accounts (e.g. weak passwords) 3. Web-based attacks (e.g. SQL/command injection) Hackers who gain insider access pose the highest risk to corporations as they can stay unnoticable within the network for months by masking themselves as insiders,” said Zoltán Györkő CEO at Balabit. “ Balabit aims to support organizations to know their enemy by knowing who is behind their user accounts, a legitimate user or a masked hacker. This should be the fundamental priority in every organization’s IT security strategy.” According to the survey, 54 percentof the survey respondants said that organizations are still afraid of “ hackers” breaking into their IT network through their firewall — but at the same time more than 40 percent of them said that they already clearly see that first-line defense tools, such as firewalls are just not effective enough to keep the hackers away. More than 70 percent of those surveyed said that insider threats are more risky. TOP 10 List of Most Popular Hacking Methods Balabit surveyed which methods or vulnerabilities IT 13