Editor’s note: This is the tenth post in our “12 Days of Breach-mas” series — every day we’re sharing new tips and insights to help keep you more secure. For a recap of what you may have missed, see our summary post here.
These days it's incredibly common to find big data breaches in the headlines, but it's frustratingly rare for the coverage to include anything more than a high-level overview, let alone tips and tactics for companies eager to avoid the same mistakes and apply lessons learned.
Write ups from Troy Hunt and Brian Krebs aside, we typically don't get much insight into the tactics and vulnerabilities attackers actually leverage. To get started down that path, here are ten of the most common cyber threats your company is likely to face, along with tips for how to address them.
Photo by: Derek Gavey
What it is: A malicious attempt to acquire sensitive information by mascquerading as a trustworthy source via email, text, pop-up message, etc.
For as complicated and state-of-the-art as the world of cybersecurity seems, the fact is if your company gets hacked, it will most likely be because one of your employees clicks something they shouldn't. Hackers know your employees are the weakest link, and they've gotten incredibly good at creating phishing messages that not only look legitimate, but also appear to come from sources we known and trust. For an example of a phishing attempt in action, see this email that was sent to our CEO.
Protection: In addition to training employees on how to spot the tell-tale signs of phishing emails, another way to prevent many phishing attacks from being successful is for companies to stop using email as a way to transfer files. There are plenty of alternative services to consider, and that would allow for blanket "don't open attachments" policies instead of asking employees to determine what's safe and what isn't.
What it is: Malware that encrypts and threatens to destroy, permanently remove access to, or publicly post data unless a victim makes payment.
Ransomware has been a fixture in cybersecurity headlines this year, becoming an increasingly popular — and incredibly lucrative — way for attackers to monetize their exploits on systems. The FBI estimates that CryptoWall, one of the most notorious examples of ransomware, has cost U.S. businesses and consumers at least $18 million this past year alone.
Protection: Companies should invest in strong endpoint protection (as well as other layers of defense) to block the introduction of ransomware in the first place, but to really play things safe they should invest in secure, reliable backup for their sensitive and critical assets.
3) Software Vulnerabilities
What they are: Flaws, glitches, or weaknesses discovered in software that can lead to security concerns and exploits.
New software vulnerabilities are discovered all the time (just ask the Adobe Flash Player folks), and left unaddressed they can become easy gateways for cyber attacks and infection.
Protection: Consider investing in patch management software and a working framework to make addressing vulnerabilities a standard practice. As much as possible, it's also a good idea to limit and standardize the versions of OS and applications your employees are running. That will make the process of scanning for vulnerabilities and rolling out patches and updates slightly more manageable.
What it is: An attack campaign that delivers a payload of malware by disguising itself as an ad.
When thinking about malvertising it's a good idea to remember that online threats aren't confined to sketchy websites. As a recent attack that infected up to 27,000 Yahoo visitors per hour shows, malvertising can appear on legitimate sites and look like any other ad.
Protection: In addition to exercising caution and a general healthy adversion to ads, companies should make sure their users have updated endpoint protection running on their machines.
5) Drive-by Downloads
What it is: An attack that installs malware on a user's machine as soon as they visit an infected website.
Unfortunately, malware can also be delivered automatically simply by visiting a website. As with malvertising, the site doesn't have to look suspicious to be infected — criminals are also able to perpetrate drive-by downloads by compromising legitimate, hi-trafficked sites.
Protection: Since infection can easily occur without a user's knowledge, it's important to reduce both the risk and consequences of an attack. For starters, make sure users are keeping their software up-to-date, endpoint protection is installed on their devices, and don't give admin access to their computers.
6) Denial of Service (DoS) / Distributed Denial of Service (DDoS) Attack
What it is: An attempt to make an online service unavailable by overwhelming it with traffic, sometimes utilizing entire networks of infected computers known as botnets (a distributed denial of service attack).
DDoS attacks can be used by hacktivists take down sites for political reasons (see the attack on the Trump Towers webiste launched by hacker group Anonymous), or simply used by criminals as another method of extortion.
Protection: To protect your company's website you'll need to find ways of blocking or absorbing malicious traffic. Webmasters can talk with their hosting provider and third-party services for help. For more information on DDoS attacks, see DigitalAttackMap.com.
7) SQL Injection
What it is: A type of security exploit where an attacker inserts structured query language (SQL) code into an input box or entry form for execution.
As an example, an attacker could utlize a user sign-in form to send a request to the database rather than entering in a username or password. If successful, the attack could grant the attacker unauthorized access to the entire database.
Protection: SQL injection attacks are made possible due to vulnerabilities introduced during software development. For guidance on how to avoid these flaws, see OWASP's SQL Injection Prevention Cheat Sheet.
8) Man-in-the-Middle (MITM) Attack
What it is: A technique where an attacker intercepts and relays communication between two parties or systems in order to capture, send, and receive priveledged information.
Hackers can leverage man-in-the-middle attacks to get their hands on access credentials, modify transactions, and further compromise systems.
Protection: Defenses against man-in-the-middle attacks generally include various authentication and encryption techniques to ensure secure connections. Companies may also consider investing in a virtual private network (VPN). See this post for more information on man-in-the-middle attack defenses.
9) Password Attack
What it is: Attempt to crack passwords.
Attackers can also try gaining access to your systems a more old-fashioned way — by attempting to guess your passwords. But while the technique may be an old one, the tools hackers now have at their disposal are anything but. Using software and brute force attacks, hackers can crack simple passwords in minutes (check how long it would take to crack a password like your own here).
Protection: Encourage your users to use strong passwords is the short answer. Encourage them to use password managers is the better one.
What it is: Malicious software that misleads users into believing they've been infected and convinces them to download a fake malware removal tool that acutally does infect them.
Scareware is rogue security software that preys on users' fears by displaying pop-up warnings that may look like legitimate alerts. Once the user follows the instructions and downloads the software, however, their system is now infected.
Protection: A solid defense involves the typical standards, including firewalls and trusted endpoint protection installed, as well as user education.
Stay tuned for more actionable cybersecurity tips and advice during our “12 Days of Breach-mas” by subscribing to our blog below.