Methods of penetration into corporate networks

Internet connection — it boundless opportunities, however, after connection we appear in a huge general ecosystem. It is important to understand that the trouble which happened to one company will surely be reflected in other organizations. Incident can affect not only direct business partners of the affected company, but also the organizations operating in absolutely other areas. For example, in case of penetration into corporate network often there is a leak of personal data (PII). It is possible not only to sell or use these data in the fraudulent purposes, but also to develop phishing attacks on their basis. What more detailed data on you the malefactor locates, especially the e-mail message which arrived from him which you for certain will open will be realistic to look.

Many of technologies of the attacks now in use are similar to those which were applied a few years ago: for example, a bypass not enough reliable passwords, phishing attacks and loading of the malicious software from the infected or advertizing websites. At the same time malefactors developed more effective and imperceptible technicians of penetration into network systems thanks to some widespread vulnerabilities.

Social networks and information services treat their number. Many people to some extent use social networks, for example Facebook, LinkedIn or the websites of Internet acquaintances. It allows malefactors to get on the user devices by means of social engineering, playing on human emotions. The principles of social engineering remained the same, but the directions of the attacks changed. Also it is necessary to consider the fact that malefactors use different methods of deviation. All of them hide more effectively the attacks therefore a traditional anti-virus software is often not enough for reliable protection.

From among new technologies of illegal penetration into corporate networks phishing attacks are most often used. Malicious codes or links which at first sight cause trust are attached to phishing e-mail messages and induce users to pass on them.

One more technology used by malefactors — the hidden loading. Criminals get on the website and set harmful Java script which redirects nothing suspecting the user on other website containing harmful data (program). These data are in the background loaded on the user's device. Before carrying out the target attack malefactors spend many months for a research of the websites which are often visited by the staff of the companies and infection of these websites.

The following technology — harmful advertizing. The principle of this attack is similar to the hidden loading, however in this case the malefactor infects the advertizing websites. One infected advertizing website in turn can infect thousands of others. Impressive result with little effort!

The last on prevalence, but from it not less dangerous are the attacks of mobile devices. In many respects they are similar to the attacks described above. The difference is that the purpose of this type of the attacks are mobile devices. Besides, malware can get on devices in Sms or under the guise of other applications, such as games or pornography.

After successful penetration into network of the user device, for example the notebook, the desktop computer or the mobile device, the malefactor begins to load the malicious software and tools for achievement of the illegal purpose. As a rule, data necessary for malefactors are not at workstations, and on servers, databases and in other arrangements. Below stages of activity of criminals after penetration into network are described:

• Loading of other tools and malware for the purpose of further infection of network.
• Research of network and search of other servers containing the data necessary for malefactors. Search of the Active Directory server containing all user names and passwords. In case of successful cracking of this server criminals will get free access to all resources.
• Having detected data, malefactors will find also the server of additional distribution of information for copying of these data. Ideally it is the server with stable working capacity (not subject to failures) with an Internet access.
• Data will be slowly transferred to servers of malefactors which are located in clouds that does difficult to block data transmission.

Being in network for a long time, malefactors are capable to collect available data of any types. The majority of corporate data are kept in electronic form. What longer malefactors remain undetected, that they learn about business activity of the company and data streams more. It is possible to give Carbanak attack as an example. During this attack criminals managed to detect computers of administrators, to get access to surveillance cameras, to trace work of bank employees and to record all their actions in the smallest details. Imitating these actions, malefactors withdrew money by means of own systems.

As I told earlier, penetration into network often happens upon transition of the user according to the malicious URL. Having snared devices, malefactors look for data necessary for them, moving on network. That is why segmentation of network is so important. First, it reduces negative effects of violation of security due to isolation of the harmful elements which got into network on any section and prevention of their distribution on network. Also thanks to segmentation confidential data can be moved to the area with higher level of protection from where it will be more difficult to malefactors to take them. And, at last, to trace all events in network and to make protective perimeter impenetrable it is physically impossible as network — too big and complex structure. Therefore it is more reasonable to isolate important data and to focus on tracking ways of approach to these data.

Author: Anthony Giandomenico, the chief specialist on security issues