Hackers rarely take on your firewall directly, dramatically punching a series of keys looking at screens of code in a dark room. It makes for a great movie scene—but the reality isn’t as sexy. I sat down with expert hacker, Craig Bowman to discuss hacking 101 and find out why Software-Defined Perimeter (SDP) is the hot security fix.
I often echo and use examples from Craig Bowman, whom I consider one of the best hackers in the tech industry. Bowman is a mentor to me, and he walked me through the anatomy of a hack, why you probably don’t know how sophisticated modern phishing hacks are, and why you might even be compromised at this second.
Hackers aren’t going to attempt to crack your firewall for the same reason crooks don’t go after Casinos. It’s far too difficult, is way too risky, and takes too much time. Instead, they will employ sneaker tactics.
How Do Phishing Attacks Happen, Step By Step?
How Hackers Make Entry
Bowman explained to me that if he wants to get into your network, he’d likely have you simply unlock the door for him. He’ll do it by targeting your phone. “I’d get into your phone because your phone is a trusted device.”
Compromising your phone is as simple as politely “suggesting” you download a piece of malware on your phone. And the reason you might be willing to do this is thanks to some simple human psychology.
His approach is often successful because employees’ behavior is very different on their work computer vs their phone. “You do things on your cell phone you would never do on your work computer or even your home computer because you think about your work phone differently than you do your work computer.” You may be stunned that anyone would intentionally download malware. But it’s far easier than you think.
Employees download everything on their phones. They download games, apps, and attachments without giving it much thought. Employees and contractors break the rules on their cell phones often. IT teams do know this, and the firewalls between devices are quite good, but the best hacking attempts are more subtle.
“What I’d get you to do next is change an e-mail address on your phone only! I can change the e-mail address to a known contact in your database.” Bowman explains he might target your own mother’s v-card adding a new email address for her on the 5th line down. Sure, you can look at it if you know the change has happened, but it’s extremely unlikely. But what good is that?
After a few minutes, your phone synchronizes with your exchange server, meaning your work server (and work computer) have an email address for mom that isn’t legit. The final step, Bowman says it’s to send that malware or malicious attachment from “mom.”
How Hackers Compromise Your Network
Most people know not to click on obvious phishing attack emails from unknown people, but your own mother isn’t a hacker, right? You see the email from your mom, your defenses drop, you click on what “she” sent you and just like that, Bowman has access to your network.
That’s when the magic happens. “I establish whats’ called a ‘Command & Control’ because I need a way to be able to talk to my code. And then I start an ARP request.”
An ARP request isn’t malicious in itself, it simply crawls the network and that doesn’t put up any red flags because networks were designed to respond to ARP requests. Devices on the network simply reply that they’re active.
Every device reports back with a bunch of data. Mostly basic information like the device name, IP address, and other benign information. Bowman, or any other hacker, can’t do much with it, but it does help him create a blueprint of your companies ENTIRE network and in this way, hackers determine where your network weakest.
What Happens When Hackers Find Your Vulnerability
A likely opening for hackers is software that has a known vulnerability or a simple update the user has pushed off. Maybe software that hasn’t been patched. When a hacker finds that, it’s game, set, match. The hacker will deliver the payload, which is tailor-made for the network that he or she now has a blueprint of. But it gets worse.
Once the hacker is “in” they will start moving laterally, depositing more code in various places creating mini communication channels between these bits of code. That way, when someone like you, or your IT team eventually finds this malicious code and attempts to erase it, the mini communication channels is alerted and all the other bits on the network become active.
This kind of hack happens EVERY DAY. Your most frequented has likely been hacked 4 times in the last month, and companies are sent in to clean up the mess.
Every time companies clean up a hack and repair the network, hackers simply move to launch more attacks and compromise other networks. Sometimes, CIOs or IT directors lose complete control of their IT infrastructure. It’s a big problem and the industry is finally innovating their way out of this mess, by giving hackers a dose of their own medicine.
Stop The Hack. Explaining Software-Defined Perimeter
Software-defined perimeter allows applications to see & communicate with only approved and known applications. Think of a group of friends that know each other quite well—if someone new shows up, they stick out like a sore thumb.
In the event of a software-defined perimeter, Bowman’s attempt to crawl your network with an ARP request would turn up nothing. With no ARP responses, hackers have no idea where to start. Security solutions using software-defined perimeter are providing quite successful. Bowman recounted the results from five hackathons with a significant incentive to break in.
These hack contests offered $20,000, even giving the hackers a user name & password of a network device to give them a head start. The hackers are told if they can do ANYTHING, they get the prize. And what happened?
After five hackathons and fifty billion attempts, they have had exactly zero penetrations. Hackers vs software-defined perimeter solutions had a success rate of exactly 0%. Hackers can’t hack what they can’t see.