Think like a hacker: improve your cyber security
Understanding how threat actors work makes it easier to make their lives more difficult
Hackers may have very different motivations and ways of working, but they all have the same aim: to sneak into your IT environment and exploit it for their own gain.
In order to guard against hackers, it helps to understand who they are and how they think.
Who are they?
The popular image of a hacker as a disaffected loner or a disgruntled ex-employee can still apply, but the threat landscape is expanding, and new threat actors are emerging.
The most notable trend is a massive increase in organised cyber crime – particularly groups offering ransomware-as-a-service on a franchise business model. These operators have hundreds of affiliates (smaller groups or individuals) who purchase ransomware from them and pay an agreed percentage of the profits as commission. In return, the operator provides hosting and file-sharing infrastructure to accommodate exfiltrated data, along with brand and reputation management.
Yes, you read it right: brand and reputation management. These days, hacker groups – especially ransomware operators – want you to know who they are and will try to build their brand “value” in the same way as any legitimate business.
What do they want?
The current global situation has prompted a rise in nation state-funded cyber warfare aimed at disrupting or destroying critical national infrastructure, as well as “hacktivists” who want to promote political or social agendas.
Essentially, though, most hackers are in it for the money.
Any data has enormous onward value to a hacker: posted on the dark web, for example, it can be resold and used for other types of attack. Password reuse is a huge issue. Compromised from other sites or via info stealers, hijacked personal passwords give hackers easy access to corporate accounts.
Other lucrative activities include harvesting credentials for fraudulent use, stealing valuable intellectual property and, of course, exfiltrating data and demanding payment to restore it. Ransomware attacks remain the most common threat, not only to education and research but across every sector.
How do they do it?
The first thing any hacker will do is look to see if you’re using any external-facing services that they can use to bypass authentications. These could be remote access solutions, websites and resource portals, or email delivery. It takes just one click on a seemingly urgent email to unload the first stage of a multi-stage attack that sits on the network undetected while the hackers explore your IT environment at their leisure.
They will also scan your external network looking for ports to exploit vulnerabilities. They will see what’s on your subnets, look at your apps and fingerprint them to see what versions you’re running. If they can connect to anything, they'll run a command remotely and connect from there to your internal network. With credentials now authenticated, they have free rein to upload malware direct into the system.
Once access is gained, a hacker can upload tools and start attacking, moving laterally and attempting to log into other services.
But there are basic changes that can help nip these nefarious activities in the bud by making life just that bit more difficult for hackers.
Strengthen your passwords
The easiest entry point for even a novice hacker is a weak password.
Essentially, the longer your password, the more secure it is: a long simple password is better than a short complex one. The minimum recommendation is 14 characters – but 16 is better.
That’s because hackers use password crackers capable of processing more than 200 million password suggestions per second – and if yours is not long or complex enough, it will take around two seconds to crack.
Use your cyber community
Cyber communities provide a valuable support network as well as a forum for peer exchange of knowledge and proactive horizon scanning.
With 1,700 members and growing, the Jisc cyber security community group is a great place to start.
It’s a key part of the UK’s cyber ecosystem, enabling research and education institutions to share threat intelligence with other sectors and experts to improve security for everyone. Reporting anything suspicious, even minor incidents, as early as possible helps everyone in the fight against hackers.
Take advantage of free cyber services
For institutions connected to the Janet Network, tools and services to defend your environment are available at no extra cost.
Signing up to the Janet Network resolver service, for example, is easy. And it delivers an immediate improvement in cyber security by blocking access to known malicious domains, instantly rendering phishing attempts less effective.
If UK education and research institutions all adopted these basic recommendations, it would go a long way towards making the whole sector more secure.
Find out about our other key cyber security services that come free with Jisc membership
Explore the latest ways to improve your cyber security: join us at Networkshop 2024, 18-19 June, Nottingham Trent University, and 20 June online.