2. Initial foothold (Phishing)
"Email people within the company and ask for their password. For instance: 'Click this link to view the updated HR Bonus Policy. You'll need to enter your domain username and password for security.' Use a picture of a padlock for extra credibility."
3. Move laterally
"Use the passwords to log into the company's internet-facing web-based email."
4. Action
"Read all the email, harvest the address book, use email access to reset passwords of other things."
At this point, everything is compromised and it's game over -- without use of the dark web, and with the most rudimentary of tools, the hacker has gained access to private and confidential information which can be seriously damaging.
Another way of gaining an initial foothold is to get malware on to a computer, through infected documents or PDFs.
A broad-spectrum attack takes the form of infecting a website that the target -- or targets -- visits in what is known as a "watering hole" attack.
Boileau explains that while hacks vary in complexity and difficulty, they all require the same starting point: a foothold in the system.
These attacks can also be made by people with access to company computers, such as a disgruntled employee or even a cleaner.
Businesses need to be careful how much data and information is shared across their systems, especially if an employee is given cause to leak, delete, or corrupt that data.
The dark web comes into practice in hacking primarily as a marketplace for hackers -- to hire hackers, buy malicious software, and hire botnets (zombie computers used for distributed denial-of-service attacks).
