External security threats and internal vulnerabilities are among the most deceptive. Here’s how to effectively protect your network against both.
This is a permanent war. In this endless game between cybernetic cat and mouse, accurate intelligence remains the best asset to defeat the attackers in their own game. Six major threats are targeting the network today. Here are some tips for identifying and eliminating them.
1 – Ransomware
Ransomware is arguably the biggest threat to networks, as it offers attackers the best value for money, with a relatively low probability of getting caught. “In terms of skills, the admission ticket to get started in this type of business is also low,” said Andy Rogers, senior assessor at Schellman, a company that specializes in cybersecurity and compliance. “There is no shortage of Ransomware-as-a-Service (RaaS) actors capable of providing all the tools needed for a ransomware campaign,” he added. These “service providers” carry little risk, as they themselves do not launch any attacks. “It’s a pretty interesting market for them,” he said. In addition, the payment is made in the form of cryptocurrency, which makes it difficult for them to see.
Due to anonymity and potentially high payouts, ransomware has become one of the most profitable criminal activities in the world. “The majority of recent, high-profile attacks targeting supply chains, such as the Colonial Pipeline in 2021, were ransomware attacks, in which hackers demanded up to $ 4.4 million in cryptocurrency. ransom after encrypted storage media, hard drives and SDDs, ”Rogers said. Having robust security policies and procedures, including security awareness, is the best way to protect a business from becoming a victim of ransomware. Andy Rogers recommends monthly patching of systems and applications, as well as isolating vulnerable and hard-to-patch systems from other critical systems and data. “It’s important to make regular backups of your data, making sure it’s not encrypted by ransomware,” he added.
2 – Zombie botnets
Zombie botnets have a duty to perform particularly malicious actions, for example, Distributed Denial of Service (DDoS) attacks, keylogging, and spamming. “These threats are potentially destructive because an attack can steal identities or damage an entire network,” said Eric McGee, senior network engineer at data center service provider TRG Datacenters. Every machine in a botnet is called a zombie because the computer – and its owner – is unaware that it is honest and thoughtless performing malicious actions. Smart Internet of Things (IoT) devices are particularly tempting targets for zombie botnets. “It’s easy to miss the security of IoT devices … but they often give attackers very easy access to the system,” McGee warns. To guard against zombie botnets on IoT networks, he suggests limiting each device’s ability to open incoming connections and requiring strong passwords on all connected accounts.
3 – Outdated processes and policies
Although widespread, outdated, siloed, manually implemented processes and policies pose another serious threat to network security. “The number of emerging vulnerabilities and potential exploits is growing exponentially,” said Robert Smallwood, vice president of technology at General Dynamics (GDIT). “A company’s processes and policies must provide agility and speed so that the company can pivot and respond quickly and automatically to emerging threats,” he said. Organizations caught up, or those that have completely neglected their processes of modernization and refreshment, risk being severely punished by technical debt that could extend an attack on a network.
“Many organizations continue to struggle with strict and outdated policies that deprive themselves of the benefits that automated hybrid environments can bring to a modern network,” Smallwood said. “Furthermore, many organizations make policy exceptions for legacy protocols or equipment without paying them the appropriate threat protection, thus bypassing security measures such as multi-factor that testimony, ”he said. Critical processes need to be reviewed regularly as part of change management. “As the changes affect the network, it’s important to re -evaluate the relevant processes and policies,” Smallwood said. In some companies, this involves an analysis of all network -related processes. “In this case, it’s best to start by reviewing traditional IT service management practices … and any processes that rely heavily on manual activities,” he advises.
4 – Man-in-the-middle attacks
In a man-in-the-middle (MTM) attack, a third party blocked communication between two unsuspecting parties in order to eavesdrop or alter the exchanged data. There are several ways to accomplish this task, such as impersonating IP addresses, using a malicious proxy server, or eavesdropping on WiFi. The MTM attack is possibly simple, for example, by sniffing credentials to steal usernames and passwords. At a higher level, the MTM attack can be used in support of a more sophisticated action, for example, redirecting victims to a fake, but very realistic website with a specific malicious intent. Whatever its form, an MTM attack can be devastating because when the attacker enters a network, they can move to the side, starting with one part of the network and then discovering vulnerabilities that will allow it. to move to other places. “Because attackers log in with‘ valid ’credentials, it is often difficult to identify the intrusion, giving them time to penetrate deeper into the network,” said Benny Czarny, CEO of OPSWAT, a company that specializes in the protection of critical network infrastructure.
“MTM attacks are often overlooked and underestimated,” said Keatron Evans, chief security researcher for training company Infosec Institute. “People think that the threat can be solved by encrypting the transmission data, but it only solves a small part of the problem,” he added. Another misconception is that network-based threats magically disappear when a business switches to a cloud service. “That’s just plain wrong,” warned Mr. Evans. “You have to stay diligent, even if you switch to a cloud service.” To prevent MTM attacks, Keatron Evans recommends adding port-based security with DHCP snooping and stateful Address Resolution Protocol (DARP) inspection, and switching to IPv6 as soon as possible. He also proposes to replace ARP, one of the main tools of network-based man-in-the-middle attacks, with a newer protocol called the Neighbor Discovery Protocol (NDP).
5 – Business Email Compromise
Businesses of all sizes and in all industries are faced with business email compromise (BEC). This is a serious threat to the network. “As businesses increasingly adopt conditional access policies, such as single sign-on, BEC fraud grows in scope and financial impact,” said Jonathan Hencinski, director of detection and response to threats to Expel, a cybersecurity company that specializes in managed detection and response. BEC attacks directly lead to credential compromise. The most difficult type of attack to determine is one where the attacker enters the front door with valid credentials. BEC attackers use VPNs and hosting providers to circumvent conditional access policies. “These types of attacks often use legacy protocols to bypass multi-factor authentication (MFA) in Office 365,” Hencinski said. “Once an attacker has compromised credentials and is on the network, they can access critical controls and sensitive information throughout the enterprise,” he added.
BEC attacks can hit any network at any time. “Since 2019, the use of VPN services and hosting providers to access compromised accounts has increased by 50%,” Jonathan Hencinski said. “The use of these services allows attackers to circumvent conditional access policies that deny connections from certain countries via geo-IP records,” he added. Three simple steps detect attempts to compromise business email. “The first is to inspect emails to prevent and identify phishing emails that attempt to steal employee credentials and see if a threat actor is using an employee’s account to send phishing emails , “Mr. Hencinsky explained. The second is to monitor authentication to detect fraudulent use of stolen credentials. “Finally, the third is to monitor the accounts for the hallmark characteristics of taking the BEC account,” he added.
6 – The proliferation of tools
IT managers and network managers rely on many tools to manage dozens of different network protection technologies. However, this multiplication can complicate the task of protecting the company. “The complexity created by the proliferation of tools and the difficulty of simple cybersecurity management can expose IT and security teams to destructive cyberattacks,” warns Amit Bareket, CEO and co-founder of network security services provider Perimeter81. According to a recent study by his company, 71% of CIOs and relevant executives felt that the high number of cyber tools made it difficult to identify active attacks or defend against data breach.
Keith Mularski, managing director of cybersecurity at EY Consulting, said that following basic security practices remains the best way to protect against all types of network threats. “Critical systems and networks need to be isolated from the Internet and tightly control who or what has access to them,” he advises. “Zero trust and segmentation of all operational systems is required,” Mularski further recommends. “We must avoid‘ implicit trust ’: everyone who accesses the network must be authenticated, where they are, when they are accessing it and who they are”. To improve preparation, Mularski also suggests conducting programmed simulations. “As an athlete, you need to train your team to practice response techniques to be able to react faster and more intuitively in the event of a violation or incident.”