How Cyber Attacks Happen in Real Life | ThreatAdvice
A new cyber attack happens every 11 seconds. So what do they look like in real life? Let’s set the scene.
Jessie Cooper is CIO at Acme Corporation. He boasts a solid track record and is given to an occasional spout of overconfidence. Such is the case for his latest post on LinkedIn, which simply reads, “Acme Corporation has never been breached, and under my watch, never will.”
But beyond his colleagues’ likes and comments, the post catches the attention of someone with darker motives: a hacker. His reaction? “Challenge accepted.” Jessie just became a target.
Like a good salesman, hackers do their research, and this one gets straight to it, scouring Jessie’s social media accounts for seemingly benign information to use against him. It doesn’t take long before… Bingo! Looks like Jessie is an avid LSU fan.
The hacker continues his recon operation until he discovers a common asset: a remote desktop protocol server for Acme. But Jessie’s not an idiot; he has it locked down, of course. No one’s getting into this… right? Well, maybe if it weren’t for LSU and brute force login. Using a password generation tool, Jessie’s hacker attempts a break-in with a list of thousands of LSU fan passwords. One of them checks out.
The login triggers a multi-factor authentication prompt on Jessie’s phone, which he denies. But Jessie’s hacker is persistent, flooding his phone with notifications until MFA Fatigue sets in, and Jessie finally clicks “approve” to dismiss the annoyance, figuring it’s probably just a routine IT support request.
And just like that, Jessie’s been compromised.
Once inside, the hacker enters phase 2 of his attack: the recon operation. Why strike immediately when he can lurk around, evade detection, and browse through sensitive data at leisure? So he sifts through files and documents until he finds something that catches his eye. Jackpot: a master password list, there for the taking. With this information, the damage to Acme Corporation just multiplied a hundred-fold.
For our hacker, it’s time to exfiltrate the data. Simple: he zips it all to Dropbox, and voilà! Robbery without all the drama.
Jessie’s hacker could call it quits here - after all, he has enough of Acme’s sensitive data to crush it along with Jessie and his arrogant bravado. But why not compound the damage and turn a profit? With a ready-made ransomware kit, it’s just one extra step to encrypt every file on the server, locking it up and halting all operations until Acme forks over the cash - in bitcoin of course. But how much? A quick search on Crunchbase reveals Acme’s funding, so Jessie’s hacker sets his price at a cool $1.5 million.
He knows when the screens go red, Jessie and company will scramble for their backups. But they’ll soon learn those, too, are corrupted, since they left them connected to the compromised network. In short, they’ll be forced to pay if they ever want to see any of their data again. Now it’s time to sign off and disappear into the far reaches of the web, without a face, without a name, and utterly untraceable.
With a virtual bow, Jessie’s hacker wishes him better luck in his next job.