Understanding Cyberattack Killchain
In this article, we will explain why data are precious and compare a cyberattack to a hotel heist so anyone can fully understand the disastrous impact of a cyberattack for a business.
Why are data precious?
Well, we live in a digital world. We do a lot of things online, especially these days with Covid-19, like online banking, shopping, social media, medical consultation, taxes and more.
So there are critical and sensitive information about your health, your finance or what you like, transiting on the internet and being saved somewhere by the government and corporations.
Some companies only save the information they need. While other, like that big blue company, try to harvest as much information as possible to sell it to corporation that use it for marketing purpose. If they know what you like, want or need, they can advertise it to you at the right time.
Imagine attack your bank and steal your credit card info, your name, your address, your phone number and your email address. Imagine someone attack your bank and transfer all your money to another account. Imagine your company gets hacked and all your secret recipes or secret information about your product are stolen.
It’s a massive damage to a company. They can go bankrupt or lose a tremendous amount of money. They can lose customers and it’s an important damage to their brand image. A lot of people consume goods because of their image, like that smartphone fruit company.
Cyberattack and Hotel Heist
A lot of people don’t necessarily understand what a cyberattack does exactly. It’s totally normal because not everyone works in tech or IT. Not everyone in tech or IT is an expert on the subject.
Let’s compare a cyberattack to a hotel for heist for you to understand the different steps and their purpose. In this scenario, robbers are trying to discover and move to the rooms with a big safe full of money and diamonds without being noticed.
Step 1: You order food online and a delivery man shows up to your door.
(You receive a USB key or malicious email)
Step 2: The delivery man is actually a robber and copy your room keycard without your knowledge. They now have access and control of your room and you’re not even aware of it.
(You open the attachment which runs a malicious software and connects to the hacker’s machine. Now they control your PC. You’re not aware of it.)
Step 3: You leave your room and they enter your room. Your room isn’t the final target. They need to move to other rooms to find the ones with money. To try to get access to the room, they show up at the front desk with fake IDs pretending to be the owner of other rooms and they also try fake cards hoping they will work. They can also walk in the corridors and copy other customers cards. What they ultimately want is a “master key”.
(The hacker uses different methods like forged Kerberos tickets, man in the middle to escalate privileges to have admin power)
Step 4: Now that they can access all the rooms, they need to come up with a map of the hotel and a strategy to get to their target. So they walk around looking for all the cameras, they move to other rooms to find the millionaires’ rooms. Once they find the rooms, they start moving all the money, to another room: their hideout.
(Hackers start the discovery of the environment and move laterally in your environment. They get to the sensitive information and move them to a staging area)
Step 5: They take their loot and leave the premises. They can comeback mess up the hotel by: misplacing objects from one room to another, cutting the electricity and water. The hotel discover what happened but the money and diamonds are already long gone. They have to fix everything and it takes a lot of time. Meanwhile customers don’t want to rent their rooms anymore and they’re losing money. The police and security experts need to investigate: no one can come in the hotel. It’s a total mess.
(Hackers exfiltrate the data to a remote server. If it’s a ransonware, they destroy data, encrypt files and rename other before leaving. Then ask for money to restore everything.)
In Conclusion
Now you understand, how disastrous a cyberattack can be. Imagine hackers doing all this but to a hospital, a bank, the stock exchange or even a telco company.
To protect yourself and your company, you need to be aware of tactics hackers uses. Never open an attachment if you don’t know the sender. Never share your personal details (taxes, banking) via email because no serious company would ever ask for your credentials. Report all suspicious emails your receive, you can flag them on Outlook by clicking on “Report Phishing”. If an email is full of typos, it’s probably a malicious email.
