San Antonio Managed IT Services providers like Node, LLC experience the impacts of cyber attacks every day. I know from personal experience that the attackers are sophisticated, well coordinated, and often exceed the capability profile of most San Antonio Managed IT Services providers in the region. The attackers are well versed in a variety of programming languages, attack methodologies, and many times come equipped with very fresh exploits that cut through the common defenses faster, and with less effort than we have ever seen.
So how does it work? How does a company become the target of a cyber attack?
Well, the saying “don’t be the low hanging fruit” applies here. The attackers use scanners which probe the entire Internet over a few days time. There are actual “hacker search engines” like Shodan which do the heavy lifting as well. They look at things that are exposed, and ask those things “what version are you?” – in some capacity, their tools figure out that something is running out on the Internet at a certain version. Next, their tools just say “does this version have a known vulnerability” basically. If the answer is “Yes” then they just add that to their attack list.
Since they generally identify the weak targets ahead of time, they then launch their attacks and breach some systems. Sometimes for their attack to work, the remote environment has to meet some specific requirements like it has to be running a certain version of a certain OS for example. When all the conditions are right, they breach the system.
Once they are in, sometimes they are in a kind of “sandbox” and can’t really go very deep into the system, or get outside of this box they are in. That is when they move on to “lateral movement” or “privilege escalation” attacks.
Now, what I have just described is only one kind of attack methodology. There are so many “vectors” that attackers use.
Let me give you another example.An attacker finds a weakness on a website – perhaps using the method I described above – and then breaches the site.
What can they do now?
Well they might place some code on the site which can exploit a vulnerable out of date web browser that loads the site. Consider a user drives by who is using an out of date version of Internet Explorer. The user loads the site – perhaps it is a weather site, or even a Flash based game such as Sudoku (I’m using examples I have seen hit users here) – now that the conditions for the attack are right, and the traffic is present, a attacker will start to get remote shells or be able to attempt to install viruses on computers of users who are visiting this infected website!
If the anti-virus software is out of date, or having some issue, and the user is running unpatched or old versions of software, this can be a wide open door for an attacker.
San Antonio Managed IT Service from Node, LLC provides clients several things in response to these threats. First, our team does patches and installs, manages and confirms the Anti-Virus is working on all the computers we manage. Next, whenever an attack does happen, we defend the environment actively and boot the attacker out. So there is a proactive element, but also a reactive element as well. Both are needed to handle today’s threats.