Friday, May 25, 2012

How did they find me?

I wanted to learn more about E-commerce and the type of breaches that take place so I volunteered to take the bulk of the E-comm cases for my team.  Over the last 18 months I went from zero to "go-to guy" and I learned a lot. Now it's time to share.

From what I've seen; there are 3 main phases to a successful website breach:

1. Reconnaissance - An attacker singles out your site and begins to hammer away with port scans, nessus plugins, automated SQL injection attacks, etc.

2. Infiltration- This is the actual attack. They exploit a vulnerability to upload code, bypass credentials, or brute force their way in to an admin console or SSH, etc.

3. Exfiltration- Attackers access your data and take what they want. In my line of work I see a lot of financial data gathered and stolen, but I have also worked defacement's,  theft of Personally Identifiable Information (PII) and breaches of copyrighted information.

I'm going to tackle these 3 points 1 blog post at a time. The first one on reconnaissance is below.