Network security is continually becoming an area of tremendous focus for companies of all sizes. Whether you’re a corporation or a small-to-medium sized business (SMB), you’re a target for a variety of network attacks that can stop your business in its tracks.
There are a plethora of network security threats that businesses should be aware of to ensure the continuous protection of their systems, software, and data. Let’s review what we believe to be the top 10 network security threats and solutions that you can use to protect your network from being compromised by these malicious attacks.
Businesses currently fall victim to ransomware attacks every 14 seconds. These ransomware attacks are growing more than 350% annually with IoT attacks increasing by 217.5% year over year (YoY) from 2017 to 2018.
This massive increase in ransomware was triggered by the creation of cryptocurrencies such as Bitcoin, which allow hackers to demand ransoms anonymously. These sophisticated attacks start by infecting secure database systems, encrypting data, and threatening deletion or corruption of files unless a hefty ransom is paid. Being proactive with a ransomware recovery strategy and keeping data backups off of your network will ensure you don’t encounter loss of data, business interruption, and added costs pertaining to having to pay the ransom.
The number one rule, if you find yourself infected with ransomware, is to take a page out of the FBI playbook and not pay the ransom. This just encourages more cybercriminals to launch additional attacks against your business or other businesses.
Make sure to pay close attention to the ransom message itself before doing anything. Check with your IT team to see if your company’s files are really worth the ransom you’re being called to pay. If the data that the ransomware refers to is already backed up on a separate network, then a full system restore might be in order.
If you notice your system slowing down for no reason, shut it down and disconnect it from the Internet. Once you’ve rebooted your system and found that you are no longer compromised, download and install a security product and run a full scan just to make sure that’s the case.
Assess your Network Security
Although not technically malware, botnets are currently considered one of the biggest threats on the internet today. These powerful networks of compromised machines can be remotely controlled and used to launch massive attacks.
Each botnet triggers a plethora of “Zombie” computers that are used to carry out meticulous Distributed Denial of Service (DDoS) attacks (we’ll get to these later). These attacks are used to overwhelm the victim and make them give in to paying the ransom and gain back control of their system.
Start your proactive defense against botnets by doing everything in your power to keep your own system from becoming a Zombie machine as well. This can be done by playing defense on preventing infection from worms and viruses.
If you find that your computer has become a botnet, it is imperative that you remove the malicious software that’s controlling it by running an antivirus scan of your computer to locate and remove the botnet malware. Although running antivirus scans and keeping operating software up to date is a good start, it still doesn’t make your system 100% impenetrable. Your system can still be attacked when outside machines are directed to attack your web server or infrastructure, so make sure to stay on guard and watch for potential signs that hackers have slipped past your defenses.
3. Computer Viruses and Worms
Statistics show that approximately 33% of household computers are affected by some type of malware, more than half of which are viruses. Viruses are attached to a system or host file and can lay dormant until inadvertently activated by a timer or event. Worms, on the other hand, infect documents, spreadsheets, and other files, sometimes by utilizing macros.
As soon as a virus or worm enters your system, it will immediately go to work in replicating itself with the sole goal of infecting as many networked systems and inadequately-protected computers as possible. Transmission of viruses and worms is often done by exploiting software vulnerabilities. Once they’ve found their niche in your system, they spread like wildfire affecting as many system components and users as possible.
Statistics show that 53% of computers in use in the U.S. have experienced a virus at one time or another. Your first line of defense is to install an anti-malware solution that is connected to all networked devices and systems. This can significantly reduce the possibility of contracting viruses and keeping them from spreading amongst your network.
Make sure to take the time to recognize the threats early and take the necessary steps to contain them before they have a chance to inflict any damage. You can take this protection one step further by using a personal firewall to block external access to network services. It might not deter the attack 100%, but it will definitely slow it down or even make it not worth the while of the attacker to even continue.
4. Phishing Attacks
Phishing attacks are a form of social engineering that is designed to steal sensitive data such as passwords, usernames, credit card numbers. These attacks impersonate reputable websites, banking institutions, and personal contacts that come in the form of instant messages or phishing emails designed to appear legitimate. Once you hit reply or click the embedded URL in these messages, you will be prompted to use your credentials or enter your financial details which then sends your information to the malicious source.
It’s best to use care when clicking on the links in email messages is of critical importance. If you’re not sure where the messages came from and don’t know (or trust) the sender, then it’s probably best to dump their email in your spam folder just to be safe.
If you see that there is a ton of misspelled words in the email, it might be best to stray towards caution. If you’re suspicious about the source of the email but want to investigate further, make sure not to reply to the email directly. Instead, grab the email address from the suspicious email and send them an email to voice your opinions on their sketchy email.
Also, consider purchasing a web content and anti-phishing filter which will prevent access to malicious sites even if your employee (accidentally or deliberately) clicks on a bad link. These services will 1) block the attempt 2) inform the user of their attempted access of a bad site and 3) notify administrators of this attempt, which could provide an opportunity to discuss the situation with the employee and train them to spot future phishing attempts.
5. DDoS (Distributed Denial of Service)
Overwhelming hosted servers and causing them to become completely inoperable is the task of a cyber-attack known as a Distributed Denial of Service (DDoS) attack. According to statistics, 33% of businesses fall victim to DDoS attacks. DDoS attacks can be disastrous for companies that make their money operating online (social media, e-commerce sites, etc.), potentially causing millions of dollars in lost revenue every day the website is down.
It’s likely that not all of the potentially thousands of computers being used for a DDoS attack actually belong to the attacker. Instead, we can assume that most of the compromised computers are added to the attacker’s network by malware and distributed across the globe via a botnet.
DDOS attacks can be so large that they can overwhelm Internet connections which is why it is so important for businesses to maintain a collaborative relationship with their Internet Service Providers (ISP). As websites continue to shift their focus to being hosted in the cloud, they must double down on their network protection that corresponds to their cloud service.
If you find that you may be the target of a DDoS attack, make sure to reduce the possible points of attack and let your IT team concentrate on mitigating the brute force of the attacks. By restricting direct Internet traffic to certain parts of your infrastructure such as your database servers you can limit the options for attackers and give your team the chance to build protections in a single place.
Even before Bitcoin skyrocketed in 2017, cryptojacking has been the tool of choice for hackers looking to steal cryptocurrency from unsuspecting victims for their financial gain. These attacks are similar to worms and viruses, except that instead of corrupting sensitive data and information, the end goal of cryptojacking is to steal CPU resources. With cryptojacking exploits, hackers trick their victims into loading mining codes onto their computers and then use those fraudulent codes to access the target’s CPU processing resources to mine for cryptocurrency.
Since cryptojacking attacks significantly impact the performance of systems, it’s wise to develop methods to continuously monitor and diagnose CPU usage and be alerted to changes over time. Keeping your web filtering tools up to date will also help you determine if a web page is delivering cryptojacking scripts and make sure your users are blocked from accessing it.
Maintaining endpoint protection is also extremely important due to its ability to detect known crypto miners. Just make sure that you don’t lean on any single endpoint solution too much as many crypto minor authors are constantly changing their techniques to avoid detection at the endpoint.
7. APT (Advanced Persistent Threats) Threats
Advanced Persistent Threats (APTs for short) are cyber-attacks that call for an unauthorized attacker to code their way into an unsuspecting system network, remaining there undetected for quite some time. Instead of revealing its position, the APT siphons financial information and other critical security information away from the victim’s network.
APTs architects are skilled at using a variety of techniques to gain network access; using malware, exploit kits, and other sophisticated means to do so. Once the attacker has made it past the network firewall, they sit idle until they discover the login credentials that they came for. After obtaining these credentials, the APT dives deeper in the network to infect other parts of the system, compromising as many forms of data as possible.
APTs are incredibly difficult to detect due to the stealth and cunning of the experienced attacker. However, there are some key indicators that can help system administrators identify and counter APTs. Any unusual patterns in network activity or large amounts of data access that are outside the normal range for the business should be scrutinized and investigated as a possible APT attack.
Pinpointing the exact location of the APT can be done by segmenting your network to isolate critical data. You can also use honeypots to trap internal attacks and integrate application-specific white lists to limit data access to only the applications that should be allowed. This will give you a handle on the location of any network usage that is outside the norm and allows your team to take steps to keep your network free from any outstanding APTs quickly.
8. Trojan Horse
A Trojan horse, or “Trojan,” is a program that appears to be legitimate, but is actually infected with a myriad of viruses. Once a Trojan horse has network access, it can be used to log keystrokes for the purpose of stealing highly sensitive personal information.
Trojan horse attacks often spread via email in a similar manner as a phishing attack would exploit a network. When users click on an email (which is supposedly sent from someone that is trustworthy), they would find an attachment which automatically downloads malware onto the victim’s computer. Once the trojan has access to your computer, it can even hijack your webcam and tap into your most sensitive data and information as a means to exploit you with every step you take.
Just as is pertinent with all types of malware and phishing attacks, it’s best to understand what these attacks look like so that you’re more educated on how to deter their onset. You should also supplement your efforts with effective cybersecurity software that frequently scans your network and alerts you as soon as a Trojan virus has been detected and remediated.
It’s also prudent to keep your security patches and software up-to-date since hackers commonly gain access through trojan horse attacks by exploiting known security holes in these types of programs that can help the Trojan do its work. Add another line of defense for your network by keeping your Internet connection as secure as possible and always keeping a software and hardware firewall up at all times. This can help control malicious Internet traffic and often stop Trojans from downloading to your computer in the first place.
Rootkits are a collection of tools that are placed on a network by an attacker that has exploited a system security vulnerability. The attacker uses the rootkit to enable remote access to the victim’s system and gain administration-level access over their network. Following the remote access connection, rootkits set out to perform malicious attacks that include (but are not limited to) key-logging, password stealing, antivirus disabling, and much more.
Although there are no commercial products available that can find and remove all known and unknown rootkits, there are ways to look for a rootkit on an infected machine. Unfortunately, these behavioral based static analysis methodologies can be expensive to deploy and may only be able to detect backdoors, but not remove once a RootKit is found. In the end, safeguarding your system from Rootkits is usually done by keeping patched against known system vulnerabilities.
10. SQL Injection Attack
SQL injection attacks use malicious code to exploit security vulnerabilities and obtain or destroy private data. These data-driven attacks are quickly becoming one of the most dangerous privacy issues for data confidentiality in the world as many e-commerce platforms still operate on SQL queries for inventory and order processing. All in all, one well-placed SQL injection could cost a company millions (or even billions if you’re a company as large as the likes of Apple or Amazon).
Preventing SQL Injection vulnerabilities calls for the implementation of parameterized database queries that are inflexible to outside interference. Minimizing SQL injection attacks can be done by keeping all database server software up to date with the latest security patches while making sure not to use shared database accounts between different websites or applications.
These network security threats and solutions can help your organization stay positive as you continue your march towards success if properly implemented by an experienced cybersecurity organization. Optimizing your solutions to network security threats in a manner that has been articulated in these prompts by limiting vulnerabilities, keeping patches and software current, and educating your team on how to identify these attacks is critical. If your organization needs extra assistance in keeping your network free of these types of exploits, make sure to contact RSI Security for a consultation.