Not all cyber attacks are caused by newly developed tools, nor by advanced hackers using zero-day exploits. Many of the hacks occur due to the use of off-the-shelf hacking tools and exploits, which are available for download on the Internet today. A pattern for use of off-the-shelf hacking tools was detected 5 African states: Ivory Coast, Ghana, Equatorial Guinea, DR Congo, and Cameroon. Tools sold in the Dark web as cheap as $25 were used against vulnerable computers located in the countries mentioned.
One example of tools used is the combination of NanoCore trojan and PsExec, the latter is a common tool used by network administrators but it can also be used to inject code from outside to the target system, such as a RAT (Remote Access Trojan). NanoCore, being a publicly available RAT, the developer is facing jail time of 33 months + 2 years of conditional monitoring. NanoCore was proliferated and greatly increased infection numbers from 2014 to 2016, it is now currently being developed by an unknown entity.
The PowerShell system, introduced with Windows has been a good advantage not only for system administrators doing legitimate tasks of maintaining systems but also for virus authors. PowerShell scripting is very powerful, it can launch codes and commands far beyond the anemic DOS-legacy command line, CMD.exe provides. PowerShell being enabled by default in today’s modern version of Windows enable cybercriminals to use its features, hence their malware doesn’t need to carry the same instructions, hence optimizing the file size of the malware considerably. This happened with Mimikatz, a password thieving tool that takes advantage of the installed PowerShell to propel itself into the guts of the system without user knowledge.
“Since Mimikatz can be used to harvest credentials and RDP allows for remote connections to computers, it’s likely the attackers wanted additional remote access capability and were interested in moving laterally across the victim’s network,” explained Symantec in their official blog.
Factors of the growth of cybercrime:
- The worldwide spread of the Internet, which has increased the vulnerability of companies to cyber attackers, as well as the use of high-speed broadband systems.
- The rise of mobile technologies and cloud computing, which has increased the volume of sensitive information of a business, susceptible to unauthorized access.
- The growing technological sophistication of cyber attackers, whose ability to operate with speed and stealth exceeds the defensive capacity of companies against traditional IT security systems.
Security experts have come to consider cybercrime as normal in global business, something that business leaders must accept because it is inevitable. On the other hand, the construction of security systems and procedures can not anticipate attacks but will allow the organization to resist attacks when they succeed AKA cybernetic resilience.
Costs of cybercrime:
- Theft of financial assets
- Loss of intellectual property
- Violation of confidential information
- The costs of recovering/restoring data violated
- Damage to the reputation of the company
- Diversion of corporate resources
- Creation of activities for the cybersecurity infrastructure;
- Loss of sales of customers affected by security breaches;
- Decrease in capital flows of risk-averse investors.