In today’s rapidly developing digital landscape, organizations must adopt a proactive mindset in cyber security. Thinking like a hacker is crucial to stay ahead of evolving threats.
Redefining the Hacker
Modern hackers are not just technical experts; the landscape has evolved and now the term “hacker” encompasses various malicious actors. Today, attackers can easily access hacker forums, Crime-as-a-Service (CaaS) platforms, and Ransomware-as-a-Service (RaaS) offerings, allowing almost anyone to purchase the necessary tools, services, and attack methodologies.
According to research by FortiGuard Labs, hackers are using a combination of social engineering, hacking, and malware distribution to carry out increasingly destructive attacks. In ransomware attacks, hackers use phishing or other methods to introduce malware into victims’ systems. They steal data, threatening to release it on the dark web, leading to financial losses and reputational damage. Business email compromise attacks are also on the rise.
Monitoring hackers on the dark web and deep web
The dark web and deep web can serve as valuable sources of information about hacker operations. However, for most organizations, monitoring these hidden networks poses significant challenges.
Gaining access to these forums requires invitations and establishing trust, which can take some time. It also takes experience to determine the credibility of individuals within these forums. As they span across international boundaries, you need security experts proficient in different languages. To tackle this issue, Fortinet’s FortiGuard Labs maintains dedicated dark web monitoring teams in multiple countries, enabling them to infiltrate these forums and stay up to date with emerging threats and trends.
Recent trends have also shown a migration of dark web activity to popular social media platforms such as Telegram and access-controlled groups on Facebook. These platforms offer anonymity and easy accessibility for attackers. Monitoring these forums allows security experts to gain insights into ongoing discussions, and identify advertisements for stolen data, hacking tools, or proof-of-concept exploits for unpatched vulnerabilities.
FortiRecon Digital Risk Protection services provide companies with adversary-centric intelligence to help them understand their external attack surface exposure. This solution not only alerts organizations when their data is being sold or discussed on the dark web but also provides comprehensive insights into potential threats and vulnerabilities.
Working together to get the inside track
Collaborative efforts and information sharing among stakeholders play a vital role in proactively preparing for potential cyber threats.
Initiatives like the World Economic Forum’s Centre for Cybersecurity and its Partnership Against Cybercrime (PAC) facilitate the exchange of intelligence on cybercrime, bringing together the digital expertise and data of the private sector with the public sector’s threat intelligence to inform the development of improved security tools and defense tactics. One of its notable projects, the Cybercrime ATLAS, aims to map cybercriminal ecosystems and gain a better understanding of their structures.
Cyber hygiene and the art of deception
Cyber deception can also serve as a powerful tool in an organization’s security arsenal, allowing them to turn the tables on attackers to some extent.
Similar to honeypots, cyber deception involves deploying decoys, lures, and a fake network resource with realistic-looking files and workflows, all hidden from legitimate users. Security teams can divert hackers away from actual systems and into a pseudo network designed to detect malicious activity immediately. This not only triggers detection but also exposes the attacker’s tactics, tools, and procedures (TTPs), enabling vulnerabilities to be addressed and closed.
One challenge with generic honeypots is getting the hacker to interact with them, as they could be just one Windows server among thousands. However, with more advanced cyber deception technology, organizations can strategically “advertise” the fake services by leaving “breadcrumbs,” such as lured credentials, that lead attackers into the decoy environment. Cyber deception technology can monitor and record these interactions, helping organizations understand the motives and objectives of attackers.
For effective implementation, deception technology should be fully integrated with next-generation firewalls, network access control, security information, and event management (SIEM) systems, sandboxes, security orchestration automation and response (SOAR) platforms, and endpoint detection and response (EDR) solutions.
Getting ahead and staying ahead
Thinking like a hacker is just one aspect of a layered approach to defense. Organizations also need to implement traditional network security measures, including endpoint monitoring, network segmentation, intrusion prevention with SSL decryption turned on, and centralized logging. Also, organizations need help in managing alert fatigue that arises when every anomaly is noted. To effectively manage alerts, the deployment of AI and machine learning products can provide additional context and prioritize alerts accordingly.
Besides these measures, organizations need to attend to basic hygiene practices such as regular patching and training. Equally crucial is having a well-defined incident response plan in place. Organizations must handle compromises skillfully, scoping attacks, mitigating impact, securing evidence, and responding discreetly to avoid alerting attackers.
Fortinet’s FortiGuard Incident Response Service can help organizations by providing fast detection, investigation, containment, and remediation during security incidents. Additionally, Fortinet provides tabletop exercises to help companies prepare for ransomware or similar compromise in advance.
By Dale de Kok, Systems Engineer at Fortinet
