What is Ethical Hacking?
Ethical hacking is the process of breaking into networks to test their security. Ethical hackers (a.k.a. white-hat hackers or penetration testers) are hired by companies to try to break into their networks. A penetration test provides real-world insight into how a cyberattack would play out. Ethical hackers are part of an organizational nomenclature known as the “red team”. The red team is the offensive side of cybersecurity, while the “blue team” is the defensive side of cybersecurity. Ethical hackers and cybersecurity professionals often work together to secure an organization’s infrastructure from the bad guys (black-hat hackers). Sounds kind of spooky doesn’t it?
Black-hat hackers are the bad guys, The cybercriminals. Their main goal is to break into your network and cause harm to your infrastructure. Black-hat hackers have many tools at their disposal, such as malware, penetration testing software, and OSInt (Open Source Intelligence). Black hats have a detailed understanding of computer networks, cryptography, file structure, operating systems, and vulnerabilities that allow them to exploit the systems they are targeting. To combat the black-hat hackers, ethical hackers need to have the same, if not better, knowledge as the black hats do.
Case Study: 2013 Target Hack
An often-used example of a cyberattack is the Target attack of December 2013. In this particular attack, black-hat hackers were able to exploit a third-party HVAC vendor for Target’s refrigeration systems. After the attackers gained access to the vendor’s network credentials, they were able to access Target’s HVAC management system, and then pivot to their main network (due to a lack of network segmentation). After gaining access to Target’s main network, the attackers were able to explore and find vulnerabilities to exploit. The attackers discovered that the credit card terminals Target used were not in compliance with the PCI DSS standards. The terminals did not encrypt the credit card data on-swipe, thus allowing the attackers to harvest the data out of the terminals’ Random Access Memory (RAM), with a sophisticated malware solution. Here is a good example of the process a malicious hacker goes through to hack a company.
Video – SimplyLearn
The video above provides a simple bite-sized easy-to-understand visual of ethical hacking, the processes behind ethical hacking, and the tools and methodologies used by ethical hackers.
Conclusion
The whole goal of ethical hackers is to discover vulnerabilities that can be exploited before the black-hat hackers do often as part of an overarching security/risk mitigation plan from senior management. Cybersecurity is a constant race between security professionals and cybercriminals. Industries such as healthcare, banking, energy, and retail are under an ever-flowing stream of daily attempts to break into their networks. Without an ethical hacking team, it would be increasingly hard to know which network vulnerabilities a company has and how to mitigate them.
In this article, I provided you with a basic overview of ethical hacking, types of hackers, hacker methodologies, and a brief case study of the 2013 Target cyberattack. Ethical hacking is a highly valued skill highly in demand across all sectors. If you are interested in learning more about ethical hacking and cybersecurity, I highly recommend Professor Messer’s YouTube course for the CompTIA Security+ examination linked here.