The job of a security administrator is far more complex today than ever. Plethoras of attacks attempt to blow down your corporate doors on a daily basis. Below, we’ve outlined today’s most prevalent attacks, and provided some expert advice on how to prevent being their next victim.
Malware and targeted attacks
Malware has moved a long way from the viruses and worms of the 1990s, becoming ever more crafted to target specific businesses or sectors, to steal data or allow hackers a backdoor into your networks. Malware is a key component of most digital threats, sometimes an end in itself but often just a stepping-stone towards a longer-term objective.
Anti-malware protection should have multiple layers, filtering the initial arrival vectors of email and web as well as monitoring desktops, servers and even internal network traffic for suspect activity. Old-school techniques of recognizing known bad files are being largely supplanted by smarter methods which can spot previously unseen threats by their behavior, while whitelisting, allowing only trusted code to run, may be an option in some environments.
At the most extreme end, air-gapped systems completely isolated from internet-connected networks can be a good way of keeping out all but the most advanced and determined of attackers.
Increasingly sophisticated psychological techniques are routinely deployed by both scammers and hackers, aimed at tricking us into giving away sensitive information from banking details to account passwords. At a corporate level, the biggest risk is from targeted “spearphishing” attacks, which may be aimed at something as simple as redirecting a planned payment to a scammer’s account, or may try for more complex infiltration, trying to get access to user logins which can be used to remotely access systems inside the corporate network, and from there snoop on secrets, cause damage or simply access payment systems and steal money.
Email is the main vector for phishing, so everyday mass phishing is largely mitigated by high-quality mail filtering, which should block the majority of standard scams from even reaching inboxes. If a phish does get through, the next layer is user education – all users, but particularly those with valuable admin rights, need to be well trained in spotting potential scams. Regular user testing, sending out phish-like mails and following up with anyone who gets caught out, is an important part of training.
If someone is tricked into following a phishy link, business-grade web filtering should spot and block more common or obvious sites from loading, but targeted efforts may be harder to detect, and may well be crafted to look exactly like your corporate or bank login. Using password managers can help here, as they will fail to recognize the site and won’t fill out the account details as expected, alerting the user that something isn’t right.
At this stage, 2-factor authentication should also provide a strong fallback. Even if a user is fooled into filling in their username and password, the attackers should have no chance of actually logging in if they don‘t have the second factor, usually a phone app or dongle.
Vulnerabilities and zero-day attacks
No software is guaranteed perfect, and patches and updates are released to fix flaws on a daily basis. If the bad guys find a vulnerability before it is patched, they may well be able to leverage it to compromise your systems and networks, potentially gaining remote access to your data or even remote control of your systems.
A solid regime of patching is vital to minimize the time between discovery of a flaw and having a fix in place, and tools are available to both monitor your networks for known vulns and to spot exploitation even if a vulnerability hasn’t been reported yet.
Of course, patches aren’t always perfect either, so you’ll probably want to test them out before deploying to your precious production systems.
If the bad guys can sneak malware into your network without being detected or blocked, one of the most common activities these days is the ransomware attack, encrypting your critical data and demanding money (generally in untraceable cryptocurrency) for the codes to get it back.
This should of course be prevented by anti-malware protections, which could either recognize the malicious code or alert on suspicious changes to your files. If this fails, you need a solid backup regime to ensure you never lose more than the minimum of work.
Backups need to be kept secure from the encryption attack, ideally completely separated from your network so they can’t be affected by the malware, and they need to retain several iterations in case the problem isn’t spotted for a while. Testing the efficacy of your backups on a regular basis is a must to ensure they remain reliable and effective.
Denial of service
Sometimes attackers aren’t interested in actually penetrating your network – all they want to do is stop it working. Denial of service attacks, often distributed across large networks of compromised devices, can produce massive amounts of traffic specifically designed to overload and disable a specific website or other service.
Resiliency and uptime can be key to many businesses, especially those with high traffic or high expectations of availability. Monitoring traffic for anomalies and spikes can still be useful, but is generally best left to a dedicated service, which should also include distributed hosting and content delivery. Make sure your networks can withstand heavy bombardment with regular load testing.
We’re here to help
Feeling a little overwhelmed? We don’t blame you. We have on staff some of the world’s best risk assessors, pen testers and vulnerability testers to ensure your network is as healthy as possible to thwart such attacks. Get in touch to see how we can simplify your task of sanitising and securing your work environment.