by Mendy Newman
Posted on March 23, 2022
Want to interview Mendy?
ContactJust as a military attack begins with intelligence gathering about the enemy’s defenses and target selection, a sophisticated cyberattack begins with the hacker collecting intelligence about the target’s cyber defenses so they can find the best way to attack.
In the hacking world, such intelligence gathering is known as “reconnaissance” or “recon,” a term borrowed from the military, used to describe observation of an area to locate the enemy or identify and understand strategic features. Some hackers claim to spend up to three fourths of their effort on reconnaissance.
Understanding how attackers conduct reconnaissance can help you identify appropriate countermeasures and ensure that they are in place. Stymying reconnaissance efforts can significantly reduce your chances of becoming a victim.
Reconnaissance can either be passive, with the attacker conducting their research without interacting with your system, or active, with the attacker taking steps that can be detected (with proper tools and sufficient attention), such as probing your ports.
Attackers can learn a lot of information with passive recon. A few examples:
Since passive reconnaissance does not involve directly engaging with servers in a way that would be detected as unusual activity, the primary mechanisms for defending against passive reconnaissance are simply being careful to keep information about your network, software, systems and so on private. User education is an important part of this effort, since casual posts on social media or Reddit can reveal valuable information to a hacker who’s looking.
Passive reconnaissance is useful, but limited. To really understand the ins and outs of your network and find software vulnerabilities an attacker needs to actively probe for weaknesses. This can be risky for the hacker because it could lead to early detection – in essence, blowing their cover before they get the goods they came for.
Hackers use many different tools to conduct active recon, many of which are also used by cybersecurity professionals and ethical hackers, with the aim of finding vulnerabilities before cybercriminals do. Examples include programs that support:
Additional cyber reconnaissance tools such as Spyse can be used to conduct both passive and active recon.
There’s pretty much no way to make your organization’s digital presence 100% invisible to cybercriminals, but there are several steps you can take to make their job harder.
One of the most important steps you can take is to reduce the “attack surface” available to an attacker who is trying to get into your network. Steps that can be reduce your attack surface include:
Other measures that should be taken include:
Just as a military attack starts with reconnaissance to identify targets and weaknesses, cyberattacks also begin with watchful intelligence gathering. Foiling these attempts to collect information about your network, users, and resources can stop attacks before they even occur, or at least vastly minimize the damage that’s done. Look to a comprehensive Zero Trust SASE platform such as ZTEdge to provide an array of tools that are valuable for foiling reconnaissance missions.
Air Gapping Your Way to Cyber Safety
Physically air gapping enterprise networks from the web is a great way to protect operations, keep data safe … and squelch productivity. Virtual air gapping is a better approach.
Motion Picture Association Updates Cybersecurity Best Practices
The MPA recently revised its content security best practices to address, among other challenges, the issue of data protection in the cloud computing age.
FTC Issues Cybersecurity Warning for QR Codes
QR codes on ads are a simple way to grab potential customers before they move on. No wonder cybercriminals are using QR codes, too.