Small Business Attack – Initial Exploitation
Thus far, I’ve talked about ways that attackers get in to your computers or network. I’ve not talked much about what they do once they’re there. Though there are a great many things that can happen once they get in, one of the first things done is to make sure that they can stay in. They may put backdoors into systems, set up secondary VPNs or modems or they may even sneak other systems onto your network.
Given that many networks aren’t fully mapped or even have tightly controlled access, there are many places on a network that a system can hide. One common trick is to walk into a business with a pre-programmed netbook or wall wart. This machine can then conduct passive network scanning and man in the middle attacks.
With tools like Ettercap, DSniff, p0f, an attacker can alter network traffic in transit while convincing both sides that things are fine. They can identify systems on the network while evading detection and check for important data crossing the network.
Yes, given time (a decreasing amount, sadly), they can do almost anything, but to start, they’ll explore the network and try to identify targets for future exploitation. The question is, what can you do about it?