You would think after a few decades of dedicated effort from both government agencies and cybersecurity software designers, that we’d be able to outsmart hackers once and for all. But it seems that they’re always a step ahead, and continue to succeed in at least some of their nefarious activities. How do they do it, exactly? How do they evade detection and succeed at data theft, ransomware attacks, and so many other plots?
Exploiting trusted platforms. In some cases, hackers exploit trusted services and tools, because they might not be blocked by firewalls, and use them to “tunnel” into infected systems. For example, in April some hackers exploited GitHub Actions to conduct cryptocurrency mining activities.
Upsteam attacks on popular brands. When systems are open to anyone, that also means they are open to bad actors. Sometimes hackers exploit well-known open-source ecosystems, pushing malicious code upstream. Then, once the code has infected that system, it is then distributed downstream to everyday partners, customers, or users. For example, software testing company Codecov recently disclosed an attack that went undetected for about two months, potentially affecting 29,000 clients.
Funneling cryptocurrency payments. Cryptocurrency isn’t quite as untraceable as cash, but cyber criminals find ways around any roadblocks. Often they simply employ multiples of smaller transactions, and send the currency to many different accounts. For example, $760 million in Bitcoin from the 2016 Bitfinex hack was moved to multiple accounts via small transactions, ranging from 1 BTC to 1,200 BTC.
These are just some of the numerous methods cyber criminals use to hide their activities, often for many years without detection. Hopefully we will eventually catch up with these cunning con artists, but it’s important to always remember the perplexing anonymity of the internet. And where there is a “obstacle”, clever hackers can usually craft a way around it.
Still, that’s no excuse to neglect using a proper firewall, training your employees appropriately, and safeguarding passwords meticulously. For more information on outsmarting hackers before they outsmart you, give us a call at 888-RING-MY-TECH. We can help you check your system for vulnerabilities, and address any potential security risks that we find.