Inside a Cyberattack: How Hackers Steal Data

The truth about cybersecurity is that it's almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry becomes increasingly sophisticated and their technology more advanced. Once a hacker has broken through an organization's defenses, it is relatively easy to move within the network and access information without being detected for days, and even months.

This is a significant concern for Banking and Financial Services organizations, which house valuable sensitive and Personally Identifiable Information (PII). The goal of cybersecurity is to minimize the risk and the impact of a breach. Understanding the adversary's mindset and activity is central to this.

Recently breached Black Basta chat logs provide a realistic insight into hackers' structure and day-to-day life. Cybercrime is a business, with targets, quotas, and call templates. While the motivations for hacking can range from purely financial to nation-state and hacktivism, for many, hacking is simply a day job.

The valuable intelligence here is that hackers seek the path of least resistance, the same as with any day job. This means hackers seek opportunities to minimize effort and maximize output, which can include recceing a site and jumping onto the guest Wi-Fi or simply walking into an organization and plugging straight into an Ethernet cable.

There is also an opportunistic element to their strategy, such as randomly checking for easily exploitable weaknesses or seeking low-hanging fruit -- which is often employees. A new troubling development that achieves efficiency and simplicity is Ransomware-as-a-Service (RaaS), which is like a marketplace to buy access to compromised systems, or to buy custom ransomware, which you can simply deploy onto systems.

This development is democratizing hacking and expanding the cybercrime industry: meaning that for many organizations that process valuable data and essential services, a breach is a case of when, and not if. It is often a simple, mundane scenario that grants hackers access to an organization's system. For example, a hacker could search an employee on LinkedIn, generate their email, and contact HR with a message they've been overpaid with a fake statement attached.

If HR clicks the attachment, the hacker can access the system or deploy malware. Another example is parking outside an organization and finding weak spots such as a server an intern previously set up for a test or a software vulnerability. Cybersecurity measures such as Zero Trust Network Access (ZTNA) and firewalls do delay a hacker's ability to breach the network, however, when they get inside, the organization is relatively vulnerable.

Once a hacker breaches the perimeter, the standard practice is to beachhead (dig down), and then move laterally to find the organization's crown jewels: their most valuable data. Within a financial or banking organization it is likely there is a database on their server that contains sensitive customer information.

A database is essentially a complicated spreadsheet, wherein a hacker can simply click SELECT and copy everything. In this instance, data security is essential, however, many organizations confuse data security with cybersecurity. Organizations often rely on encryption to protect sensitive data, but encryption alone isn't enough if the decryption keys are poorly managed.

If an attacker gains access to the decryption key, they can instantly decrypt the data, rendering the encryption useless. Many organizations also mistakenly believe that encryption protects against all forms of data exposure, but weak key management, improper implementation, or side-channel attacks can still lead to compromise.

To truly safeguard data, businesses must combine strong encryption with secure key management, access controls, and techniques like tokenization or format-preserving encryption to minimize the impact of a breach. A database protected by Privacy Enhancing Technologies (PETs), such as tokenization, becomes unreadable to hackers if the decryption key is stored offsite.

Without breaching the organization's data protection vendor to access the key, an attacker cannot decrypt the data -- making the process significantly more complicated. This can be a major deterrent to hackers.

The Need for Robust Data Protection

Banking and financial institutions hold such valuable data that hackers will be more determined. To counter this, investing in robust data protection is a must rather than relying solely on perimeter cybersecurity.

Organizations should ensure that even if an attacker breaches their systems, sensitive data remains secure -- effectively rendering it useless to cybercriminals.

The Future of Hacking: A Live Demonstration

"Hacking a Billion Dollar Bank" is an in-person event hosted by Protegrity, where a renowned hacker and speaker will run through the evolution of hacking, from its early days to today's sophisticated cyber threats, and a live hacking demonstration.

Click here to register your interest in attending the event: [Registration Link]

Join us for an exclusive breakfast briefing and gain insights into the world of hacking and cybersecurity. Don't miss out on this unique opportunity to learn from the experts and stay ahead of the game.