While creating a defensive plan against cyber-attacks, knowing your adversary is paramount. Often after the shock has wore off from a breach, the effected company will ask themselves “Why us?”. It’s a valid question and one that organizations should ask before an incident occurs to better prepare themselves. There are a multitude of reasons why an attacker chose your organization and below I’ve captured some of the more common reasons.

Opportunity

These attacks are typically based on a unique opportunity that makes your organization an easier target than others. Usually these items are in an organization’s circle of influence and can take steps to reduce.

  • Technology stack
    • Attackers use tools such as search engines (Google, Shodan.io) and job boards to map specific technology use that have experienced recent vulnerability disclosures or are frequently misconfigured. This also provides attackers an opportunity to try weak or default credentials to gain additional access.
  • Public information disclosures
    • Credential disclosures are commonly shared on the internet and within hacker communities. Employees often times reuse their work passwords on outside services that experience a breach which make for easy credential stuffing attacks. Services such as haveibeenpwned.com allow for organizations to effortlessly discover when a credential containing their domain has been disclosed.
  • Phishing
    • Many phishing campaigns permutate domains from lists or crawled from the internet in some fashion. If an employee falls victim to a phishing attack then they take advantage of this newly gained access, if not then they continue on to the next potential target.

Targeted

These attacks are directed at the organization itself and often include detailed research and recognizance. Traditionally attackers will utilize opportunistic attacks for quick access but dive much deeper.

  • Industry Type
    • Often the type of industry that the organization is apart of will draw specific attention such as financial institutions, government entities, and industrial companies. The attacker is looking for a specific asset that the entity possesses or perhaps there’s a controversial issue which spawn hacktivism.
  • Target by proxy
    • Some organizations that experienced a breach learn that they were simply a stepping stone to leverage a relationship to attack their partner, supplier, or customer.
  • Insider Threat
    • While not historically thought of as a way of targeting an organization, insider threats such as disgruntled employees or fraud are commonplace and need to be accounted for.

Each organization should be having a conversation on why and how they may be targeted in the future. In many cases, a quick and easy change could have prevented a drastic and costly security incident.