It’s a war zone out there. In the seemingly endless game of cat and mouse, precise intelligence remains the best tool for defeating attackers at their own game.
Here’s an analysis of today’s top six cyber threats and tips on how to identify and stop them.
1. Ransomware
Ransomware is easily the biggest cyber threat, as it gives attackers the biggest bang for their buck with a relatively low probability of being caught. “There is also a low threshold in the skill category to break into this sort of thing,” said Andy Rogers, a senior evaluator at cybersecurity and compliance firm Schellman. “There are many Ransomware-as-a-Service (RaaS) businesses out there ready to make sure you have the tools you need to launch a ransomware campaign.”
These “service providers” face minimal risk, as they themselves do not launch any attacks. “It was a pretty sweet deal for them,” he said. Also, payments come in the form of cryptocurrencies, so they are difficult to track.
Ransomware has become one of the most profitable criminal industries in the world thanks to its anonymity and high solvency. “Many recent high-profile supply chain attacks, like the Colonial Pipeline in 2021, are ransomware attacks in which hard drives (HDDs) and solid state drives (SDDs) are encrypted and hackers have use them to ransom up to $4.4 million in crypto,” noted Rogers.
Establishing solid security policies and procedures, including security awareness training, is the best way to avoid becoming a victim of ransomware. Rogers recommends patching systems and applications on a monthly basis, as well as separating vulnerable systems that cannot be patched from critical systems and data. He added: “Maintain regular backups of your data and do it in such a way that they cannot be written to by ransomware.
2. Zombie botnet
Zombie botnets are created to perform specific malicious actions, such as distributed denial of service (DDoS) attacks, key writing, and spamming. “Such threats have the potential to be devastating because they can be used to do things like steal,” said Eric McGee, senior network engineer at data center service provider TRG Datacenters. your identity or cripple an entire network with a single attack.”
Each computer in the botnet is described as a zombie because of the fact that the computer — and its owner — is unaware that the machine is taking malicious actions seriously and mindlessly. Intelligent Internet of Things (IoT) devices are particularly attractive targets for zombie botnet attacks.
“It can be easy to bypass the security of your IoT devices…but such devices are often the easiest way for attackers to gain access to your systems,” warns McGee. friend”. He suggests protecting against zombie botnets on IoT networks by restricting each device’s ability to open incoming connections and requiring strong passwords on all connected accounts.
3. Outdated policies and procedures
Outdated and technical manual processes and policies pose a serious, though largely self-inflicted, threat to cybersecurity. “The number of emerging vulnerabilities and the potential for exploitation is growing exponentially,” said Robert Smallwood, vice president of technology at General Dynamics (GDIT). “An organization’s processes and policies need to enable agility and speed so that the organization can pivot and respond quickly and automatically to emerging threats.”
Organizations that have fallen behind or even completely neglected the business renewal and modernization process run the risk of incurring a technical debt that can expand the attack surface of the network.
Many businesses continue to grapple with rigid and outdated policies, Smallwood notes, while failing to take advantage of the hybrid environments that automatically make up a modern network. In addition, many organizations provide policy exceptions for legacy protocols or devices that do not provide adequate threat mitigations, circumventing security measures such as multi-factor authentication. prosecution,” he added.
Critical processes should be regularly reviewed as a fundamental change management task. “Once changes impacting the network are implemented, the associated policies and processes need to be evaluated,” says Smallwood. For some organizations, this may require an assessment of all network-related processes. “In such cases, it’s best to start with your typical IT service management methods … as well as any process that relies heavily on manual operations.”
4. Attack in the center
In a man-in-the-middle (MTM) attack, a third party intercepts communication between two unsuspecting parties to eavesdrop or alter the exchanged data. It’s a task that can be accomplished in a number of ways, such as spoofing an IP address, using a malicious proxy server, or through Wi-Fi eavesdropping.
An MTM attack can be relatively simple, such as credential sniffing to steal usernames and passwords. At a higher level, MTM can be used to create a sophisticated micro-profit that redirects victims to a bogus, but highly realistic website designed to achieve a nefarious goal. Specifically.
In any of its forms, an MTM attack can be very devastating, as once inside the network an intruder can attack horizontally, starting at one part of the network then discovering holes will allow them to move to other areas.
“Since attackers are logging in with valid credentials, it is often difficult to detect an intrusion,” said Benny Czarny, CEO of OPSWAT, a company specializing in network protection. infrastructure network.
Keatron Evans, principal security researcher at security training firm Infosec Institute, says MTM attacks are often overlooked and underestimated. “People think [the threat] He said:
Another misconception is that network-based threats will magically disappear as soon as an organization moves to cloud services. Evans warns: “It is simply not true. “Stay diligent even when you’ve moved to the cloud.”
To prevent MTM attacks, Evans recommends adding port-based security with DHCP tracing and Dynamic Address Resolution Protocol (DARP) testing, and upgrading to IPv6 as soon as possible. . He also proposed replacing ARP, one of the main triggers of network-based man-in-middle attacks, with a newer protocol called Neighbor Discovery Protocol (NDP).
5. Business Email Compromise
Business Email Compromise (BEC) is a serious cyber threat faced by businesses of all sizes in all industries. “As companies increasingly adopt aggressive access policies,” said Jonathan Hencinski, director, threat detection and response at Expel, a managed cybersecurity detection and response company. conditions, like single sign-on, BEC fraud will increase in reach and financial impact.
BEC attacks lead directly to credential compromise. The most difficult type of attack to detect is one where an attacker enters through the front door with valid credentials. BEC attackers use VPNs and hosting providers to bypass conditional access policies.
“A common approach to these types of attacks is to use legacy protocols to bypass multi-factor authentication (MFA) in Office 365,” says Hencinski. logged in and being on the network, they can have access to critical controls and sensitive information throughout the organization.”
BEC attacks can hit any network at any time. “Since 2019, we have seen a 50% increase in the use of VPN services and hosting providers to access compromised accounts,” Hencinski said. “Using these services allows attackers to bypass conditional access policies that deny logins from certain countries using IP geo-records.”
Detecting BEC attempts is a simple three-step process. “The first step is to check e-mail to prevent and detect phishing e-mails trying to steal employee logins and to detect when a threat actor is using an employee’s account,” says Hencinski. employees to send fraudulent e-mails. The second step is authentication monitoring to detect the use of stolen credentials. “The third is account monitoring for the hallmark signs of a BEC account takeover,” he noted.
6. Extension Tools
The spread of tools, with IT and network leaders scrambling to manage dozens of different network protection technologies, can make the goal of becoming an attack-proof business more difficult to achieve. Amit Bareket, CEO and co-founder of cybersecurity service provider Perimeter81, warns of the cyber complexity caused by the pervasiveness of tools and the lack of easy cybersecurity management. .
Bareket points to a study his organization recently conducted that found that 71% of CIOs and related executives believe that a large number of network tools make the detection of active or Protection against data breaches becomes more difficult.
Keith Mularski, executive director of cybersecurity at EY Consulting, says that following basic security rules remains the best way to protect from all types of cyber threats. “Isolate mission-critical systems and networks from the Internet and tightly control who or what has access,” he advises.
Mularski recommends distrusting and splitting things across your operational systems. “Make sure you avoid ‘hidden trust’ – everything and everyone accessing your network must be authenticated, no matter where they are, when they visit, or who they are.”
To enhance preparation, Mularski also suggests running scheduled simulations. “Like an athlete, you want your team to strengthen their muscle memory and implement more intuitive and quick response processes in the event of a breach or incident.”
Copyright © 2022 IDG Communications, Inc.
