And how to reduce your exposure...
The long list of hacked organizations and enterprises continues to grow, right alongside the cost of data breaches which are also on the rise. For years, we see companies believe “that it won’t happen to them”, but reality has shown otherwise.
There are multiple steps to take in case you are hacked (stay calm, contact your resources, notify affected parties, etc), but let’s go a step before that… how do you identify a hack? What does it look like?
The Threat Landscape
If there is one consistent in cybersecurity… every organization is a potential victim. Organizations, not matter what, have something of value that is worth something to others. If you have weaknesses in your cyber security defense, you WILL experience some form of cyber attack.
Before investing in defenses, many organizations often want concrete evidence that they are, or will be targeted, by specific threats. Unfortunately, even though organizations want proof of vulnerability before investing in cybersecurity, it is often difficult to provide an accurate assessment of the threats that specific organizations face.
Types of Cyber Attacks
Before jumping into the common types we see, first lets focus on the two types of cyberattacks — active attacks and passive attacks.
Passive attack: A passive attack is a hacking attempt where data and hardware is monitored and tracked, but no alterations are made. Often, a program or human hacker gain access to a computer or network and monitor the activity of the user, tracking emails, internet usage, and even using the system’s microphone or camera to spy on the user.
Active attack: An active attack is a hacking attempt where the attacker attempts to alter, add or control data or hardware. This is the type of attack most commonly associated with hacking and includes attack types like Denial of Service and Malware.
While these general cyberattack types remain mostly the same, the specific types of cyberattacks are consistently changing.
A first step in bolstering cybersecurity defenses lies in companies and employees understanding what a common cyber attack looks like.
8 Most Common Types of Cyberattacks
1. Advanced Persistent Threats (APT)
An advanced persistent threat, known by the acronym APT, is a type of passive cyberattack. In APTs, a hacker or program gains access to a computer or network over a long period with the intent to gather information. This monitoring process may be done with the intent to steal information or to collect information to be used in a more extensive attack later on.
The best ways to prevent APTs are to stay on top of software patches and monitor network activity at all points of entry. For government agencies, following compliance guidelines and best practices is also highly recommended.
2. Phishing
Phishing is a type of scam where criminals encourage targets, via email or other online communication methods, to perform a certain action. The action the target is encouraged to do may be anything from providing information about themselves to clicking on a link to download something. Once the target completes the action, the originator of the scam can gain access to private systems or information.
Phishing scams are most easily prevented by educating staff members on cyber safety. Employees should know not to click on links or respond to email addresses they don’t recognize.
3. Denial of Service (DoS)
A denial of service or DoS attack is possibly one of the oldest and most common cyberattack methodologies. This type of cyber extortion works by denying service to a legitimate user through two methods:
Specially Crafted Data: This method involves sending specialized data to a system that causes an error within the system, preventing the system from functioning.
Flooding: This method involves overloading a system to slow it down so that the system is unable to function.
DoS attacks can use one or both of these methods to hold a system hostage, forcing the user to pay a fee to return the system to working order. Another distinction to make is the difference between a DoS attack and a DDoS attack — while a DoS attack uses a single computer to carry out the attack, a DDoS attack, or distributed DoS attack, uses multiple computers to do so.
4. Insider Attacks
Insider attacks are attacks that are initiated due to the action of a trusted internal user of a system. These users may be employees, contractors or any other internal user. Many of these insider attacks are unintentional mistakes where an employee fails to practice good cyber safety by clicking on a malicious link. However, rogue or disgruntled current and former employees may also attack the system on purpose for personal gain or revenge. Either way, internal attacks can result in stolen, lost or compromised data.
5. Malware
Malware quite literally means malicious software. These programs are specifically designed to be downloaded to a computer without the user’s knowledge, where the software can cause serious damage or data breaches. There are many types of malware that act in different ways, including viruses, worms, spyware and keyloggers.
6. Password Attacks
Password attacks, also known as brute force attacks, are attacks in which a hacker inputs various password combinations in an attempt to access a network. This is often accomplished using automated systems such as a dictionary attack list or rainbow tables.
Because of their simplicity, password attacks are on the rise. The best way to prevent this type of attack from succeeding is to implement password complexity standards and regular credential changes.
7. Ransomware
Ransomware attacks are the kind that is most likely to keep security engineers, administrators, CSOs and other IT personnel awake at night. Ransomware is a specific type of malware that gathers and encrypts data and devices on a network, preventing user access. User access is only restored if the hacker’s demands are met, which most often relate to paying some type of ransom. Unfortunately, payment does not always result in access. Even if companies pay the ransom, the hacker may refuse to unlock the devices, amplifying the company’s losses.
8. Man-in-the-Middle (MITM)
A man-in-the-middle attack is when a third party intercepts communication between two parties. This third party gains access to the communication then listens in or monitors activity, gaining access to any information shared over that connection, including login credentials, personal information and more.
MITM attacks are the oldest type of cyberattack and began with eavesdropping on phone lines, radio lines and other communications channels; and the methods have become significantly more advanced over time, however.
The best way to prevent MITM attacks from affecting your workplace is by not accessing unknown or unfamiliar Wi-Fi access points and by educating your employees on proper cybersecurity practices
Protecting Your Business’s Network
While many businesses fail to address their cyber security vulnerabilities until the worst happens, industry groups and regulatory bodies are ramping up their mandates to help combat the rising threat of cyberattacks against businesses and consumers (see the Ohio Data Protection Act as an example).
Reducing your exposure to cyber attack
Fortunately, there are effective and affordable ways to reduce your organization’s exposure to the more common types of cyber attack on systems that are exposed to the Internet.
The following methods are common ways to reduce your risk of exposure:
Boundary Firewalls and Internet Gateways - establish network perimeter defenses, particularly web proxy, web filtering, content checking, and firewall policies to detect and block executable downloads, block access to known malicious domains and prevent users’ computers from communicating directly with the Internet
Malware Protection - establish and maintain malware defenses to detect and respond to known attack code
Patch Management - patch known vulnerabilities with the latest version of the software, to prevent attacks which exploit software bugs
Whitelisting and Execution Control - prevent unknown software from being able to run or install itself, including AutoRun on USB and CD drives
Secure Configuration - restrict the functionality of every device, operating system and application to the minimum needed for business to function
Password Policy - ensure that an appropriate password policy is in place and followed
User Access Control - include limiting normal users’ execution permissions and enforcing the principle of least privilege
If your organization is likely to be targeted by a more technically capable attacker, continue your journey with:
- DIY IT Checklist
- 10 Steps to Define Your Cyber Security Strategy
- Security Vulnerability Self-Assessment
All of these resources list basic actionable security controls and processes to protect your business from cyber attacks. As always, Emerge is here to help. If you need more assistance or questions answered give us a call at 859-746-1030.