{"id":47113,"date":"2023-07-25T10:55:41","date_gmt":"2023-07-25T09:55:41","guid":{"rendered":"https:\/\/www.n-able.com\/?p=47113"},"modified":"2023-07-27T11:02:37","modified_gmt":"2023-07-27T10:02:37","slug":"top-4-methods-used-to-attack-networks-and-how-to-defend","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/de\/blog\/top-4-methods-used-to-attack-networks-and-how-to-defend","title":{"rendered":"Top 4 Methods Used to Attack Networks (And How to Defend)"},"content":{"rendered":"

Threat actors use a number of different techniques to gain access to company networks so that they can deliver ransomware payloads. In this blog, we look at four of the most common techniques currently being used to attack networks. The intent is to help MSPs and IT admins understand where the threats are coming from, and then where to focus their attention in order to protect their (or their customers\u2019) networks. <\/span><\/p>\n

Where Do Most Network Threats Originate?<\/span><\/h2>\n

In a recent Cyber Insurance Webinar<\/span><\/a>, cyber security expert Dr Siegfried Rasthofer, set out what he saw as the most common techniques threat actors are using to get into our systems. These included: <\/span><\/p>\n

1.Social Engineering<\/span><\/h3>\n

Even for big ransomware gangs, social engineering attacks like phishing are still one of the most popular\u2014and effective\u2014ways to deliver malware into an organization. Emails containing files, like infected Word, Excel, or PDF documents, can allow the bad guys to open up a back door and get a foothold in company\u2019s network, once those documents are opened by an unsuspecting user.<\/span><\/p>\n

2. Credential Phishing <\/span><\/h3>\n

This is where threat actors create a website that mimics, for example, an official Microsoft site, and encourages the user to enter their Windows account details. As an offshoot of this we\u2019re also seeing a rise in Call Back Phishing, where a user will get an email or SMS saying that they have a serious security issue with their device and that someone would like to give them a call back to resolve the problem. During that call the bad guys will attempt to get the victim to install remote access software and the malware will be installed through this. While this is a little more effort for the bad guys it can be very effective for them. <\/span><\/p>\n

3. Vulnerability Exploits<\/span><\/h3>\n

Any system that is public facing can be easily scanned for known vulnerabilities that haven\u2019t been patched, and then targeted for exploitation. While we necessarily make a big thing about Zero Day vulnerabilities, Dr Rasthofer pointed to a more concerning fact is that the majority of exploits he is seeing are actually to systems with N-Day vulnerabilities, where the vulnerabilities are already well known and have a patch available. Threat actors often use these well-known vulnerabilities to gain access and download their payload. There is also a version of this that uses brute force attacks to target external remote services like RDP. If your RDP is publicly exposed you need to think hard about whether this is actually necessary.<\/span><\/p>\n

4. Initial Access Brokerage<\/span><\/h3>\n

Here, threat actors (either groups or individuals) harvest company log-in credentials to gain access to systems. Once they have access, they don\u2019t try to make any movement within the network, instead they sell that access to other threat actors and ransomware gangs, who will then continue to go and do an attack. These credentials are normally readily available on different markets on the Dark Web and cost on average around $4600 for big organizations. <\/span>Compromised RDP credentials can be purchased for much less, as low as a few dollars in bulk.<\/span><\/p>\n

Security Procedures and Solutions to Help Defend Against Network Compromises<\/span><\/h2>\n

This is far from an exhaustive list of techniques being used but they do <\/span>represent the more common vectors used by threat actors. A more comprehensive list of the tactics, techniques and procedures used by threat actors can be found in the Mitre ATT&CK framework<\/span><\/a><\/span>. However, knowing the above can help guide you to some of the most effective methods to protect your network, including (but not limited to):<\/span>\u00a0<\/span><\/p>\n