It’s a cyber war out there. Your enterprise is pitted against bad actors, and you don’t even have the benefit of the Geneva convention. For hackers and cyber attackers, there are no rules. Anything goes, including the dirtiest of tricks, to reach their goals. Yet some cyberattacks are likely to crop up more frequently than others. Some are easier to carry out, others take advantage of widespread vulnerabilities, and yet others are faster ways for attackers to reach their goals. Applying a little cyber intelligence can help save your business from the attacks expected to be the most frequent over the next year or so, and position you to be better protected thereafter.
The cyber world keeps changing rapidly. Not surprisingly, therefore, attacks are changing too. Hackers and cybercriminals still want to make money, take control, destroy assets and reputations, or achieve some combination of these objectives, but now they are finding fulfilment in new ways. Attacks are becoming increasingly sophisticated. They start with an information-gathering phase, to allow the attackers to tailor their actions to each target. They then often avoid traditional methods of defence: for example, the latest viruses and other malware automatically morph to elude detection by antivirus programs that can only find threats with known “signatures”. There are also signs that smaller businesses will be increasingly targeted, as attackers find new ways of automating their attacks and using “mass-customization” to extend their attacks for little or no extra effort.
Challenges of New and Emerging Threats
Some of the biggest challenges of new and emerging cyber threats are their speed, their scope, and their availability. Speed cuts both ways. An advanced persistent threat (APT) can lie dormant in a system for a long period, swinging into action just when the victim thought it was safe to go back into the cyber water. On the other hand, attackers can sometimes concertina the different phases of an APT into a very short time span, compromising entire networks in a few hours after gaining an initial foothold via a vulnerable PC or a purloined user account. The scope of these attacks means it is now not enough to treat isolated security events. Instead, enterprises must identify chains of events to understand the overall nature of an attack. As for availability, between malware-as-a-service and malicious botnet rentals, not to mention publicly available open source attack software, wannabe attackers never had it so good.
The challenges above are also compounded by confusion in organisations about what they should be defending against. While lists like the OWASP Top Ten Threats may be valuable to cyber security experts who can make the connection between SQL injections, buffer overflows, and real-life business impacts, the jargon alone leaves many enterprises scratching their corporate heads. Neither is it effective to adopt a piecemeal approach, trying to handle one specific attack after another. It’s like trying to save a few individual trees, when you should be worrying about the forest. The five attacks we describe below therefore represent types of attacks in general, rather than highly specialised techniques, with simple actions to mitigate or eliminate the threat, where possible.
Top Cyber Attack 1: The Email/Phishing Attack
The phishing attack via email is designed to trick recipients of the email into installing malware on their devices or into visiting a website that then performs the installation. The most accomplished phishing emails are very hard to distinguish from authentic emails from a bank, phone company, or other reputable entity. The whaling attack, a variation, tries to give the recipient the impression of coming from a high-level manager in the same organisation. Victim of an attack that used both approaches, the Bangladesh central bank lost around $100 million dollars in one day in 2016.
How to mitigate: Educate your users about how to recognise a phishing email, for example, by mousing over a link to see the malicious web address hidden behind the fake one. Remember, attackers can use phishing to go after user credentials for social media accounts as well as business accounts. They know many people don’t bother to use separate user IDs and passwords, making social media a way in for an attack. So, use two-factor authentication (e.g. account ID and code number sent to a mobile) to prevent simple login-password attacks, especially on confidential systems.
Top Cyber Attack 2: Ransomware
The ransomware attack works by infecting your hard drives with malware that encrypts your data using an encryption key that is unknown to you. To decrypt and recover your data, you must then pay money, a ransom, to the attacker. Ransomware is often distributed via email, but it deserves a mention of its own for the following reasons. First, it has become very popular because it is easy, fast, and profitable for attackers. Second, it may also morph into a “ransomworm” attack that spreads the ransomware automatically to all systems in your business.
How to mitigate: Besides educating users about malicious emails (see above), the simplest and most effective way is to make frequent, regular backups of your data and applications, testing them to make sure you can use them to restore working systems. In the event of a ransomware infection, you then revert to your most recent, non-infected backup.
Top Cyber Attack 3: The Vendor Vulnerability Exploit
No IT system is perfect, and some are much less perfect than others, especially in terms of security weakness and flaws. Vendors typically release new versions of their products to correct security problems (the ones they know about, at least), although some older systems may no longer be supported in this way. Attackers know that many enterprises are lax about installing the new versions or corrections (“patches”) and will routinely try attacks to exploit vulnerabilities.
How to mitigate: Apply the vendor’s patches! Remember, this applies to mobile devices as well as IT servers, and an insecure mobile device can be the foothold an attacker is looking for, to build up a full-scale attack on your business.
Top Cyber Attack 4: Internet of Things (IoT) Attacks and DDoS in Particular
Don’t skip this section, there’s more to it than being aggressed by your new toaster! Cyber security is a major issue for many “things” connected to the IoT, including anything from office IP cameras and smart thermostats to entire industrial networks. Many devices are now in use with limited or no security, and little or no possibility to upgrade them either. Attackers are taking an increasing interest in IoT devices and networks, because they can use them to control or sabotage physical objects, like power generators. They can also build “botnets” from IoT devices to launch distributed denial of service attacks, or DDoS for short, which overwhelm your systems with excessive network traffic. Their goals? Either to extort money from you to have them stop the attack, or to launch another attack on your systems that have now been crippled by the initial DDoS attack.
How to mitigate: Check the security capabilities of smart or connected objects before you start using them. Isolate vulnerable industrial systems and networks from the outside world if possible, or have only one point of access that is properly protected by firewalls at the network and application level. Filter network traffic by region and by type of network protocol to avoid or limit DDoS attacks.
Top Cyber Attack 5: The Insider Attack
Employees with grudges or with criminal intent can be even bigger threats than external attackers, because these employees may have authorised access to your systems and network. They may also have detailed knowledge of configurations and operations. High-profile cases of insider attacks include Terry Childs locking his employer, the City of San Francisco, out of its own networks, and Eddie Tipton, a programmer for US state lotteries, adding his own code to allow him to illegally predict jackpots.
How to mitigate: Make sure there are adequate systems of control in place. For example, avoid putting all the power into the hands of one person and have team members review each other’s programming or other IT work. Also, avoid giving employees reasons for becoming insider attackers in the first place!
The top five cyberattacks of today may not be the same as those of tomorrow. However, they are likely to have one factor in common. Any cyberattack will have an impact on the system under attack, or leave traces of its presence. By monitoring behaviour relating to data flows, account access, processor and memory usage, network traffic, and other indicators, the right security system can detect abnormal situations, like the unexpected transfer of data from one system to another, and alert staff to take remedial action.
Ready to Stop Attacks?
Get your priorities right. Deal with the cyber threats most likely to affect your business, and avoid being side-tracked by any “attack of the week”. Remember that behavioural analytics can be an effective way of detecting abnormal situations in your IT before they develop into fully-fledged attacks, while education and awareness campaigns can help employees to avoid many of the traps set by attackers. In all, the harder you make it for attackers to find a way in or to continue their attacks without interruption, the sooner they will give up trying to attack you and move on, which is a good strategy to defeat cyber attacks of any kind.