The types of cyber-security attacks that businesses need to protect themselves from are continually growing and evolving. Keeping your company secure means having insight into the most common threats, and the categories of cyber attacks that might go unnoticed. From how to use the principle of least privilege to which connections you need to be monitoring, we look at the top types of network attacks and how to level up your security for 2019.
Watering Hole Attacks
Last year, Guardicore Labs discovered Operation Prowli, a campaign that compromised more than 40,000 machines around the world, using attack techniques such as brute-force, exploits, and the leveraging of weak configurations. This was achieved by targeting CMS servers hosting popular websites, backup servers running HP Data Protector, DSL modems and IoT devices among other infrastructure. Consumers were tricked and diverted from legitimate websites to fake ones, and the attackers then spread malware and malicious code to over 9,000 companies through scam services and browser extensions. This kind of attack puts a whole organization in jeopardy.
More effective watering hole attacks can be achieved if an attacker homes in on the websites that you and your employees use regularly. On top of this, always make sure that your software is up to date so that attackers cannot leverage vulnerabilities to complete these types of cyber attacks. Lastly, ensure you have a method in place to closely watch network traffic and prevent intrusions.
Third-Party Service Vulnerabilities
Today’s surge in connectivity means that enterprises are increasingly relying on third party services for backup, storage, scale, or MSSP’s, to name a few examples. Attackers are increasingly managing to infiltrate your network through your connection with other businesses who have access to your data center or systems. According to the Ponemon Institute, more than half of businesses have suffered a breach due to access through a third-party vendor, one example being the devastating Home Depot breach where attackers used a third-party vendors credentials to steal more than 56 million customer credit and debit card details.
As well as current suppliers, businesses need to be aware of previous suppliers who might not have removed your information from their systems, and breach of confidentiality where third-parties have sold or shared your data with another unknown party. As such, your company needs visibility into all your communication flows, including those with third-party vendors, suppliers, or cloud services, as well as in-depth incident response to handle these kinds of attacks.
Web Application Attacks
When it comes to categories of cyber attacks that use web applications, SQL injection is one of the most common. An attacker simply inserts additional SQL commands into a application database query, allowing them to access data from the database, modify or delete the data, and sometimes even execute operations or issue commands to the operating system itself. This can be done in a number of ways, often through client-server web forms, by modifying cookies, or by using server variables such as HTTP headers.
Another example of a web application attack is managed through deserialization vulnerabilities. There are inherent design flaws in many serialization and deserialization specifications that means that systems will convert any serialized stream, into an object without validating its content. At an application level, companies need to be sure that deserialization end points are only accessible by trusted users.
Giving web applications the minimum privilege necessary is one way to limit these types of cyber-security attacks from breaching your network. Ensuring you have full visibility of connections and flows to your database server is also essential, with alerts set up for any suspicious activity.
What Can Attackers Do Once They Have Access to Your Network?
Ransomware: Attackers can use all types of network attacks to withhold access to your data and operations, usually through encryption, in the hope of a pay-out.
Data destruction/theft: Once attackers have breached your perimeter, without controls they can access critical assets such as customer data. This can be destroyed or stolen causing untold brand damage and legal consequences.
Crypto-jacking: These types of cyber attacks are usually initiated when a user downloads malicious crypto-mining code onto their machine, or by brute-force using SSH credentials, like the ‘Butter’ attacks monitored by Guardicore labs over the past few years.
Pivot to attack other internal applications: If a hacker breaches one area, they can leverage user credentials to escalate their privileges or make lateral moves to another more sensitive area. This is why it’s so important to isolate critical assets as well as take advantage of easy and early wins like separating the production arm of your company from development.
The Most Common Types of Cyber-Security Attacks are Always Evolving
With so many types of cyber attacks risking your network, and subtle changes turning even known quantities into new threats, visibility of your whole ecosystem is foundational for a well-protected IT environment.
As well as using micro-segmentation to separate environments, you can create policy that secures end points and servers with application segmentation. This helps to stop a breach from escalating, with strong segmentation policies that secure your communication flows with the principle of least privilege.
On top of this, complementary controls that include breach detection and incident response with visibility at their core ensures that nothing sinister can fly underneath your radar.