Documente Academic
Documente Profesional
Documente Cultură
T HE
types
of highly
effective
HACKERS
Highly Effective Approaches to Cybersecurity
Digital transformation is impacting every aspect of
business—shaping growth, transforming products,
optimizing operations, and empowering employees.
But with these extraordinary opportunities comes
many questions about how IT leadership can effectively
evolve their organizations, while still securing their data
against the threat of increasingly severe cyberattacks.
Introduction 2
THE GOOD AND BAD NEWS. Let’s start with the
bad news. Due largely to the seven different types of
hackers outlined in this e-book, the rate of cybercrime
is increasing exponentially. Millions of dollars of
intellectual property are at risk, as well as the threat
of lost productivity. The good news is that your organiza-
tion doesn’t have to fight these criminals alone. While the
reality is clearly daunting, thanks to its sheer size and scope
worldwide, Microsoft is uniquely positioned to help
you do something about it.
Introduction 3
e statistics Accor
im
Cybercr gering
ding t
o the
st ag Agen
cy (N National C
2
are
CYBE
CA), i
n 201 rime
6,
There’s a new
lone, identity fraud RCRIM
In the U.S
.a
SURP E
4 0 0 A
victim ever y
2 , s of
SECONDS
all oth
e
SSED
complain
t crime r forms
(Javelin, 2015)2
M W A R E in the of
O
RANS o therted t IN 2015 (Dark
U.K.
Readin
g, Jun
594
e 201
were repo
6) 3
r im e C o mplaint
Internet C 1 5 — a t a cost of
r2 0
Center fo
ION
9
ILL
0
24 M
2
$
MILLION $
16)1
Release, 20
(FBI Press
at
from mid tacks ( FBI re
port
-2014 to 2
(Proofpo
int, 2015) 4 015
Cybercrime Statistics 4
Script Kiddies
Often bored teens, hacking alone,
don’t put much time or thought
into gaining computer knowl-
edge on their own and instead
exploit existing code.
Script Kiddies 5
TOOLS OF CHOICE. Because they often lack the skill to
write their own code, they instead cut and paste code or
scripts developed by others to cause trouble for their victims.
Among the most damaging tools used by script kiddies are
rootkits, which allow them to solidify their hold on systems
once they’ve broken in. STATS. Although they’re difficult to track, it’s estimated
that there are millions of script kiddies at work around the
TARGETS. Script kiddies often scan the internet for a world. And, although they’re the most inexperienced and
victim computer with a specific vulnerability to leverage immature on our scale of hacker types, they can cause as
their limited skill set. The newest generation of rootkits much damage as their more savvy counterparts.⁹
Script Kiddies 6
Hacking Groups
A loose collection of script kiddies who wield
more power as a collective than as individuals
and can seriously disrupt business.
Hacking Groups 7
TARGETS. Currently, hacker groups typically STATS. Clearly, the range of damage hacker
focus on releasing sensitive documents and groups can do varies widely, but even seemingly
personally identifiable information. These harmless pranks can have potentially disastrous
attacks have the potential to result in serious effects. For example, on April 23, 2013, a single
harm, particularly to high-profile companies, tweet from the hacked account of the Associated
law enforcement, and government personnel. Press led to a $136 billion drop on the S&P
One famous hacker group is LulzSec, known 500 index within approximately two minutes.10
for well-publicized attacks on the CIA and the
U.S. Senate in 2015. THE BEST PROTECTION. A basic 5-step
plan is helpful against ALL forms of criminal
cyberthreats:
Hacking Groups 8
Hacktivists
Collectives of savvy, politically motivated,
and often exceptionally skilled hackers.
They’re fighting a war and cybersecurity
is their weapon of choice.
HERE
VERYW
WE ARE E Hacktivists 9
TOOLS OF CHOICE. In many cases, hacktivists use
the same tools and techniques as regular hackers.
However, because their goal is attention rather than
financial gain, there are some significant differences.
DNS tunneling, for instance, exploits a target’s servers
that convert IP addresses to domain names as entry
points into its networks, or “denial of service” (DoS)
attacks, which act as distraction while the attackers
work to access another part of the network. These,
along with hijacking websites and taking over Twitter
accounts and Facebook pages, allow hacktivists to steal
TARGETS. They might leave a highly visible message
and disclose sensitive information they illegally access.
on the homepage of a site that represents a political
In fact, more than any other type of hacker, hacktivists
affiliation the hackers oppose. Or they may disrupt traffic
often leverage social media to generate publicity and
to a high-profile site that will cause a stir and get people
support for their efforts.11
asking questions, thereby giving them the opportunity
to state their case.
ERE
W H
V E RY
RE E Hacktivists
E A 10
STATS. Most of the cyberattacks performed by hacktivists
are illegal under domestic crime statutes. Few cases, however,
reach the point of prosecution, in part because the damages are
usually minor. However, with nationalist groups getting in on
the action, the problem is growing. In 2012, of the 177 million
records stolen by hackers, 100 million were taken by hacktivists.
Hacktivists 11
Black Hat
Professionals
These are highly experienced hackers who
do this work for a living, bringing decades
of extensive computer knowledge to the
table. They generally neither destroy nor
seek publicity but figure out new ways to
infiltrate impenetrable targets, developing
avenues of attacks that often prove costly
for both governments and businesses.
This is organized cybercrime at the inter- of government employees — than simply making money.
A recent example was the hack of the U.S. Office of Personnel
national level, using hacking techniques as Management, which put at risk the personal information
military, political, and economic weapons. of up to 14 million current and former federal employees.15
Nation-States 18
TOOLS OF CHOICE. Spear phishing, credential harvest-
ing, malware, records theft, and complex techniques for
evading detection... The list is sophisticated and seemingly
endless. The most talented and ruthless hackers are put to
work by nation-states to do the dirty work while the
government officials who employ them remain officially
unsullied. U.S. and European defense officials have charged
that nations such as Russia and Iran are increasingly arm-
ing and encouraging criminal and activist groups with the
cyberweaponry necessary to harm their enemies, without
taking official responsibility for the crimes.
Nation-States 19
STATS. Because nation-state–supported hackers are THE BEST PROTECTION. Most organizations are far
extremely well funded, they can be particularly formidable more likely to experience the other kinds of cybercrime
adversaries. As a result, nefarious nation-state–sponsored detailed here than have to deal with nation-state activity.
cyber activity can have devastating effects on a country’s However, as always there are ways to improve your organi-
national security and its economy. According to Forrester zation’s network security.
research, “...all nation-states are not created equal, and like
individual hackers, each has a different motivation and
1. The FBI has advised network administrators to engage
in “proactive patch management” as the main line
level of cyber capability.”17
of defense.
Nation-States 20
The Cyberweapons
Dealer
A more seasoned criminal who sells
automated pieces of software that act
like weapons, mostly to nation-states
or organized crime rings, but really
to anyone who can afford them.
Cyberweapons Dealer 21
TARGETS. The weapons peddled by these dealers target
vulnerabilities in software that haven’t been discovered by
their manufacturers. Nation-states often use those same
virtual holes to gain under-the-radar access into foreign
computer systems for the purposes of eavesdropping or
even taking control of the systems themselves.
moves the virus (often before users are even aware they’ve side the minds (and skillsets) of the criminals to fight them
been targeted), Microsoft teamed up with various law effectively. A 2014 Rand study found that computer securi-
enforcement around the world, including the DHS and FBI, ty companies and software vendors often pay researchers
to disrupt the Dorkbot network. a bounty for cyberweapons, so they can take them off the
market before they’re used for attacks. But the dealers can
earn 10 to 100 times more on the gray markets, where gov-
ernment and agencies and corporations are the big buyers,
as well as on the black market where criminals conduct
their business.18
Cyberweapons Dealer 22
Security is a journey not a destination.
Knowledge and preparation are power.
23
One security innovation utilized by Microsoft is and two-factor authentication. The datacenters
Red Teaming, a type of wargame that leverages are monitored using motion sensors, video sur-
actual attacks to test Microsoft’s systems and veillance, and security breach alarms. To prepare
operations. These real-life attacks are launched for a natural disaster, the datacenters use seismi-
by our internal Red Team and defended against cally braced racks where required and have auto-
by our Blue Team. By simulating actual attacks mated fire prevention and extinguishing systems.
against Microsoft services, we can better antici-
pate and protect against threats to your data. Red DATACENTER NETWORK SECURITY.
Teaming is just one part of our overall approach Networks within Office 365 datacenters are
to security. Our defense in-depth strategy lever- segmented to provide physical separation of
ages six layers of security to protect your data critical back-end servers and storage devices
from attackers. These layers are physical, network, from the public-facing interfaces. Microsoft
identity, host security, application-level security, Edge router security detects intrusions and
and data security. signs of vulnerability. Customer connections
are encrypted using industry-standard Transport
DATACENTER PHYSICAL SECURITY. Office Layer Security (TLS)/Secure Sockets Layer (SSL).
365 data is stored in Microsoft’s network of The use of TLS/SSL establishes a highly secure
datacenters, strategically located around the client-to-server connection to help provide data
world. These datacenters are built from the confidentiality and integrity between the desk-
ground up to protect services and data from top and the datacenter.
harm by natural disaster or unauthorized access.
Datacenter access is restricted 24 hours per day IDENTITY AND ACCESS CONTROL. In this
by job function so that only essential personnel digital world filled with hackers, it is critical for
have access to customer applications and ser- customers to be able to control who can access
vices. Physical access uses multiple authentication data and how they can use it. Office 365 is
and security processes, including badges and integrated with Active Directory, Azure Active
smartcard, biometric scanners, on-premises Directory, and ADFS. This integration provides
security officers, continuous video surveillance, strong authentication and granular control over
24
how IT professionals and users can access and to the secondary datacenter as one of the
use the service. recovery mechanisms.
HOST SECURITY. Antivirus and antispam The throttling mechanisms in Exchange Online
protection is delivered through Exchange and SharePoint Online are also important tools that
Online Protection and Advanced Threat Pro- defend against DDoS attacks. Exchange throttling
tection.* These services deliver comprehensive for users is based on the amount of Active Directo-
protection against known malware and zero-day ry, Exchange store, and other resources that a user
attacks. They are easy to use and deliver granular consumes.
controls.
DATA SECURITY. Office 365 is designed to host
APPLICATION LEVEL. Office 365 services multiple tenants in a secure way through data iso-
are intentionally built to support a very high lation. Data storage and processing for each tenant
load and to protect and mitigate against appli- is segregated through Active Directory and capabil-
cation-level DDoS (distributed denial-of-service) ities specifically developed to help build, manage,
attacks through the implementation of throt- and secure multitenant environments.
tling, a scaled-out architecture, regional isolation,
and high-performance components. Within Microsoft datacenters, staff’s access to
the IT systems that store customer data is strictly
We also leverage our global presence to controlled via role-based access control (RBAC)
distribute attacks across a vast surface area. and lockbox processes. Access control is an auto-
Customer data is replicated to redundant mated process that follows the separation of duties
datacenters in a primary/backup fashion. principle and granting least privilege. Engineers
The distribution of data in multiple datacenters request access for particular tasks into a lockbox.†
reduces the affected surface area in case one The lockbox process determines the duration
datacenter is attacked. The services in the and level of access.
affected datacenter can be quickly failed over * Available in Office 365 Enterprise E5 or as a standalone
† Customer Lockbox Available in Office 365 Enterprise E5 or as a standalone
25
Customer data in Office 365 exists in two states:
at rest on storage media and in transit from
Office 365 over a network to a customer
device. Office 365 allows encryption of data in
both states to make it unreadable to unautho-
rized parties. All email content is encrypted on
disk using BitLocker 256-bit AES Encryption.