The last couple of years have seen some of the most frequent and severe cyber security attacks ever recorded against businesses in a variety of industries. As security professionals prepare for another record-breaking year of network breaches and data security risks, it is imperative that companies make themselves aware of the latest cyber threats in circulation to ensure their security countermeasures are up to par.
While we can’t predict the emergence of new threats, here is a list of the top nine network security threats we expect in 2019 and how your enterprise can stay protected.
1. Viruses and Worms
Computer viruses and worms are destructive malicious programs designed to infect core systems, destroying essential system data and making networks inoperable. Viruses are attached to a system or host file and can lay dormant until inadvertently activated by a timer or event. Worms are more general – infecting documents, spreadsheets and other files, sometimes by utilizing macros. Once either one enters your system, it will immediately begin replicating itself, infecting networked systems and inadequately-protected computers. Viruses and worms form the building blocks for many more advanced cyber threats.
Installing anti-malware solutions on all networked devices and systems can significantly reduce the possibility of contracting these viruses or allowing them to spread. By recognizing the threats early and containing them, these solutions enable admins to detect malicious programs and remove them before they inflict any damage. In addition, IT professionals must aggressively keep software up to date, both on the end-user systems and on core system computers. With more infrastructure in the cloud, protective strategies must be extended to protect both local and cloud-resident data. And users must be trained to avoid the human engineering aspects of attacks, such as phishing attacks. This multi-faceted approach is known as defense-in-depth.
2. Drive-by Download Attacks
Network Security ThreatsIn the past, a simple way to ensure that you didn’t contract a computer virus was to not download files from any source you didn’t trust. Easy right? Unfortunately, today it’s not that easy. A drive-by download is a form of attack that allows malicious code to be downloaded from an internet site through a browser, app, or integrated operating system without any action on the user’s part. These URLs are designed to look and act like real websites, but in fact, they are breeding grounds for several different types of malicious code in hopes that one of them will get through your system’s security.
Keeping your browser up-to-date is one of the best ways to help identify these malicious sites before you visit them. You can also use a safe search tool, designed to filter potential threats and ensure you’re not able to navigate to them.
Botnets are powerful networks of compromised machines that can be remotely controlled and used to launch attacks of massive scale, sometimes including millions of Zombie computers. Botnets are controlled by Command and Control (C&C) networks, which are run by the hacker. They can be used to launch Distributed Denial of Service (DDOS) attacks, to make a target website so busy that it can’t process legitimate requests. In fact, DDOS attacks are sometimes able to completely crash the targeted site, and relief may be offered only if the target website owner pays a ransom. Botnets can also be used to attack secure systems, with each bot operating at a low attack frequency to evade detection, but the aggregate performing a large brute-force attack.
The first defense against botnets is to keep your own machines from becoming botnet “Zombies,” by using techniques for preventing infection from worms and viruses, including using antivirus software and keeping operating software up to date. But even if all machines in your enterprise are kept clean, you can be attacked when outside machines are directed to attack your web server or infrastructure. Because of the scale, defense in this case requires a cooperative approach including working with your ISP, system software vendors, and law enforcement agencies.
4. Phishing Attacks
Phishing attacks are a form of social engineering attack that is designed to steal user logins, credit card credentials, and other types of personal financial information. In most cases, these attacks come from a perceived trusted source, when in fact they’re designed to impersonate reputable websites, banking institutions, and personal contacts. Once you reply to these messages and use your credentials or enter your financial details, the information is then sent directly to the malicious source.
To adequately combat phishing attacks, vigilance is critical. Unfortunately, these attempted attacks are hard to avoid, but as a rule of thumb, you should train your users to always be cautious when reading and opening all emails. Before clicking an external email link, you should look at the actual URL, as it may be different than the text in the email. Enter the URL manually, or be 100% sure of the source and delete any emails that seem to be fraudulent.
5. Exploit Kits
Over the years, hackers have looked for more automated ways to exploit users systems. These kits are self-contained and sold on the dark web. The attack is planned to work in several stages starting with a scan of the user’s system once they navigate to a landing page. If vulnerabilities are discovered, the compromised website will then divert web traffic to an exploit and eventually the malicious payload.
Exploit kits are designed to be discreet, so discovering them as they are executed requires the same techniques used to defend against other sources of worms and viruses. Software solutions include antivirus and intrusion preventions systems, and human solutions include anti-phishing training for users.
6. DDoS (Distributed Denial of Service)
A very damaging form of cyber attack that is regularly being used against businesses today is DDoS (Distributed Denial of Service) attacks. The purpose of these attacks is to overwhelm the hosted servers of their targets with requests for data, making them completely inoperable. This form of attack can be disastrous for companies that sell their products and services online, causing thousands if not millions of dollars in lost revenue a day.
Early detection is vital to protect your network effectively against a DDoS attack. WAFs (Web Application Firewalls) are a great tool to use against these attacks as they give you more control over your web traffic while recognizing malicious web exploits. Using these security solutions, you can create custom rules that enable you to block common attack patterns and can deploy countermeasures within minutes of recognizing network discrepancies.
Because DDOS attacks can be so large they can overwhelm your connection to the Internet, a cooperative approach including your service provider is often required. When your site is hosted in the cloud, some measure of protection should be included in your cloud service.
Among all of the latest cybersecurity threats that have been discovered over the years, none create as much fear and uncertainty as ransomware attacks. 67% of businesses attacked by ransomware have permanently lost part of or all of their company data. By infecting secure database systems, encrypting data, and threatening deletion or corruption of files unless a hefty ransom is paid, ransomware is a very dangerous form of malware. The massive increase in ransomware was triggered by the creation of crypto-currencies like Bitcoin, which allow ransom demands to be paid anonymously.
As ransomware is a form of malware, the same defensive strategies are required – antivirus software, keeping software updated with the latest security patches, and training employees to recognize phishing attacks. But there is an additional protection which is essential – reducing the impact of a loss of data by having a backup and ransomware recovery strategy or by keeping data in multiple, replicated locations. This way, the business can continue uninterrupted, without needing to pay ransom.
With the rise in popularity of cryptocurrency mining, hackers have found ingenious ways of utilizing hardware resources from unsuspecting victims for their financial gain. By tricking their victims into loading mining codes onto their computers, hackers can use their target’s CPU processing resources to mine for cryptocurrency, significantly impacting the performance of their systems. Without understanding the cause of these performance slowdowns, companies can incur real costs trying to source performance solutions or replacing system hardware to resolve the issues.
To defend against these malicious resource attacks, IT teams should have methods to continuously monitor and diagnose CPU usage and alert to changes over time. Cryptojacking attacks are similar to worms and viruses, except that the end goal is to steal CPU resources not to corrupt data. As such, the same preventative measures are required as with other malware attacks.
9. APT Threats
APTs (Advanced Persistent Threats) are a form of cyber attack where an unauthorized attacker code enters an unsuspecting system network and remains there for an extended period undetected. Rather than inflicting damage to these systems, APTs will quietly sit, stealing financial information and other critical security information. APTs use a variety of techniques to gain initial access, including malware, exploit kits, and other sophisticated means. Once login credentials are discovered, APTs can scan and infect deeper parts of the infected system, inevitably compromising all forms of data and easily navigating between connected networks.
While these forms of attack are difficult to detect, there are some key indicators that system administrators can notice to help identify and counter APTs, including looking for unusual patterns in network activity or large amounts of data access, outside the normal range for the business. In addition, IT professionals can improve defense by segmenting the network to isolate critical data, using honeypots to trap internal attacks, and using application-specific white lists to limit data access to only the few applications that should be allowed.
Constant improvements in computer and network technology are often matched or exceeded by rapidly advancing hacker attacks. It’s a cat and mouse game and unfortunately there’s no end in sight.
Remaining educated on the latest cyber threats is the first step in improving your security processes and combating these malicious attacks. By keeping all of your system hardware and software up-to-date, actively monitoring your network usage, and utilizing the internet security measures that anti-malware and anti-virus solutions provide, you can ensure that your business is ready to battle whatever cybersecurity risks the new year brings.