Typically a company is attacked in three stages. Kirill Kruglov, senior researcher and developer at Kaspersky Lab, told socialbites.ca that this is data acquisition, infiltration of the environment, reconnaissance and system infection.
Data is purchased from the malware black market. They come from other attackers who attack industrial organizations every day in the hope of selling this data on the black market. After purchasing access to a large number of computers within a company, hackers may have decided to attack the computer at this stage.
“The information obtained is used by attackers in different ways. They may start sending phishing emails. And send a letter not just once, but every day, in the hope that the user who receives such a letter will open the attachment or follow the link inside the letter and thereby download malware that gives remote access to the attacker. said Kruglov.
By gaining remote access to any computer in the organization, the attacker can begin reconnaissance, gather information, find out where the systems that interest him most are located, and systematically move towards these systems.
“After discovery, the target computer is infected. An implant is attached to it. This is what used to be called a backdoor, but it has evolved as backdoors combine with another layer of malware (spyware, keyloggers). In terms of functionality, this is a “Swiss knife”. The word “implant” itself refers to how this malware is inserted into the system. “He is trying to hide, he is trying to integrate into the environment so as not to stand out,” concluded the expert.
Read more about how much it costs to break into large companies’ systems, why three training classes are enough for hacking, and what a malware designer is – here report Kruglova “socialbites.ca”.
Hackers before came with A new way to steal money online.