Most hackers get a foothold in a system by phishing emails then installing malware. This establishes a command and control channel that’s used to proxy data between the compromised endpoint and the attacker. These channels relay commands to the compromised endpoint and the output of those commands back to the attacker.
There have been prominent command and control attacks originating from Russia, Iran and even the U.S. These attackers can come from anywhere and everywhere — but they don’t want you to know that.
Since communication is critical, hackers use techniques designed to hide the true nature of their correspondence. They’ll often try to log their activities for as long as possible without being detected, relying on a variety of techniques to communicate over these channels while maintaining a low profile.
Hackers and malicious nation-states can exploit vulnerabilities in connected IoT devices with sophisticated malware to gain access to a network so they can monitor users or steal intellectual property, classified or personally identifying data and other critical information. Once they infiltrate an IoT system, hackers can also use their newly gained access for lateral movement to other connected devices or to gain entry to a greater network for various malicious purposes
Attacks can come from anywhere in the world. But because many verticals such as government, manufacturing and healthcare are deploying IoT infrastructure without proper security protections, these systems are targets for attacks by hostile nation-states and sophisticated cybercrime organizations. Unlike attacks against technology infrastructure, attacks against connected civic or healthcare systems could lead to widespread disruption, panic and human endangerment.
Attackers can deploy ransomware to businesses and individuals through spear phishing campaigns and drive-by downloads, as well as through traditional remote service-based exploitation. Once the malware is installed on the victim’s machine, it either prompts the user with a pop-up or directs them to a website, where they’re informed that their files are encrypted and can be released if they pay the ransom.
Ransomware has typically been the work of advanced cybercriminal groups — who remain anonymous after extorting governments or major enterprises requires technological sophistication. However, since the arrival of cryptocurrencies, which simplify anonymous transactions, the general population is at greater risk of ransomware attack.