What hackers hunt for | Kaspersky official blog

If outsiders somehow get inside your network, it won’t be pleasant — no matter what. However, you can minimize the potential damage of such a breach by thinking ahead about which assets an attacker would be most interested in and then beefing up their security. Here’s what to focus on:

1. Personal data

This is one of the most sought-after types of information for cybercriminals. First, personal data (be it that of clients or employees) gives great leverage for extortion. Publication of such information can lead not only to loss of reputation and lawsuits from victims, but also to problems with regulators (who in regions with strict laws on PII processing and storage can impose heavy fines). Second, the dark web market for personal data is considerable — allowing hackers to try to monetize it there.

To minimize the chances of personal data falling into the wrong hands, we advise storing it in encrypted form, granting access to it only to employees who really need it, and ideally keeping the amount of information collected as low as possible.

2. Finance apps

A whole class of malware is used to prey on devices on which electronic payment systems and other financial applications are installed. These offer direct access to company funds, so a single substitution of the transaction beneficiary could have catastrophic consequences. Recently, at small companies in particular, this kind of software is being used more and more on mobile devices.

To avoid monetary losses, the use of financial applications on devices not equipped with reliable security solutions should be prohibited.

3. Account credentials

A single corporate device is not a very interesting target for typical attacker. This is why when they compromise one, they tend to hunt for various credentials for network resources, corporate services or remote access tools, as this allows them to extend the attack and regain access if the initial attempt is detected and blocked. They may also take an interest in the target company’s work email and social media accounts, or the control panel of the corporate website — all of which can be used to attack colleagues of the initial victim, or the clients and partners.

First, any device on which employees use corporate services or resources should have anti-malware protection. Second, it’s worth regularly reminding employees how to properly store passwords (and, if possible, providing them with the necessary application).

4. Data backup

If an attacker gains access to a company’s network, it might be a while before they find something to feed off, but the longer they dig, the greater the likelihood of being spotted and stopped. So don’t make their work easier by leaving a folder called “Backup” in a conspicuous place. After all, backups usually contain information that the company is most afraid of losing — and hence of most interest to cybercriminals.

Backups should be stored on media not connected to the company’s main network, or in specialized cloud services. Doing so also grants additional protection of data in case of ransomware attacks.

5. Software compilation environment

Sure, this advice is not one-size-fits-all: not every company develops software. On the other hand, there are quite a few small businesses and startups that do create applications. If your firm is one of them, we recommend paying special attention to protecting the compilation environment. These days, you don’t need to be a large company to suffer a targeted attack. It’s enough to make an application used by large companies, or just popular applications. Cybercriminals may try to infiltrate your development environment and make you a link in an attack through the supply chain. And the methods they deploy in such attacks can be quite ingenious.

You should work out your development environment protection strategy in advance, and integrate special security tools that do not impact performance into the development process.