You can’t defend yourself from threats you don’t understand. While malware and phishing are fairly familiar, the mechanics of these cyberattacks are less well known. Understanding the delivery method will help clarify the role of different security controls required to combat the common threats.
Being aware of the threats is discomforting, but not knowing where they’re coming from and how to defend yourself can be even more disconcerting. In this article, we break down the 8 most common forms of attack and how to protect yourself and your business against them (without the excess tech-speak):
1. Phishing & Social Engineering Attacks
Phishing involves sending emails that appear to be from trusted sources. The aim is to gain your sensitive information or to spread malware. Part confidence trick and part hacking, phishing is one of the easiest (and therefore, the most common) ways to breach a company’s security. Think of it as a way to find out your password - a highly effective password attack. Spear phishing has the same outcome, but uses a more focused approach. These attacks require more research on an individual or a target user group. For example, with a little online research, a phisher can identify your colleague’s email addresses and send what appears to be a legitimate email from a trusted source instructing your users to download a file (malware), or even hand over the login details to a key business application.
How to protect your business:
- Train your users on the correct protocols for password security.
- Check that links go to the URL they say they will (hover over links before clicking).
- Look at the email header “Reply-to” and “Return-Path” to ensure it matches the source you believe the email is from.
2. Password Attacks & Credential Reuse
This is probably the first type of attack that springs to mind when you talk to your users about cyber security. And yet, despite the risks being well known, people fail to use strong passwords, inadvertently give them away to phishing scammers or scribble them on bits of paper. A hacker will use an array of password hacking techniques, from lists of common ‘weak’ passwords, to sophisticated ‘Rainbow table’ attacks, using previously hacked/cracked lists of hashed passwords.
Preventing Password Attacks:
- Educate your users on phishing methods.
- Encourage & enforce the use of strong, unique passwords.
- Implement an account lockout policy.
- Prohibit the use of default passwords.
3. Denial-of-Service Attacks
There are various DoS and DDoS (Distributed Denial of Service) attacks. Don’t be misled by the fun-sounding names. These attacks will have devastating consequences on your business. The most common are teardrop attack, smurf attack, TCP SYN flood attack, ping-of-death, and botnets. DoS & DDoS attacks hurt businesses by flooding target web servers with requests, stopping your regular users from connecting. This means website downtime, disappointed customers, reputation damage and can even result in data losses & compensation payouts.
How to Protect Your Business:
- If you don’t have “always-on” DoS protection, ensure you have protocols to help you stop an attack or minimise the impact.
- It's minimising enough to hope that your firewalls and ISP can stop the heavy loads that attackers use today. There are three main options to consider for DoS protection:
- On-premise protection identifies, filters, detects, and protects your network.
- Cloud-based counteraction is used to deflect, absorb, reroute, and scrub.
- Hybrid solution (combining on-prem and cloud DoS protection).
4. Man-in-the-Middle (MitM)
As the name suggests, a Man-in-the-Middle attack is when a hacker inserts themselves between two legitimate hosts. It’s the cyber equivalent of eavesdropping on a private conversation. An Eavesdropping attack is a common type of attack itself. But the MitM attack goes a step further. The MitM attack has the added malevolence of disguising itself as one or both of the people speaking. This means it doesn’t just intercept and listen to messages between clients and servers. It can also change the messages and plant requests that appear to be from a legitimate source. These types of attacks are notoriously difficult to detect, but there are preventative measures you can take.
Preventing MitM attacks:
- Use SSL certificates (HTTPS, not just HTTP) to enhance security (and user trust) on your website or extranet.
- Consider an Intrusion Detection System (IDS).
- Set up a VPN to add additional layers of protection over Wi-Fi (and other confidential networks).
5. SQL Injections
A Structured Query Language (SQL) injection is when malicious code is inserted into an SQL database. For an attacker, it can be as simple as submitting malicious code into a website’s search box. Once the code’s been unleashed, it can read, modify or delete your data. Some SQL attacks can even shut down your database and issue commands to your operating system.
How to protect against SQL injection attacks:
- Apply a least-privilege permissions model in your databases.
- Stick to stored procedures (exclude dynamic SQL) and prepared statements (parameterized queries).parameterized data inputs against an allowlist.
6. Zero-day Exploit
If a user uncovers a security risk in a program, they may well notify the software company so they can develop and issue a security patch to fix the issue. But they may also share their discovery online. The next thing you know, this well-meaning user (who only wanted to warn others) has just exposed a vulnerability to the world. And guess who’s scouring the internet for exactly this type of information? While the software developers rush to fix the problem, hackers get busy exploiting it.
How to detect and protect against Zero-day exploits:
By their nature, zero-day attacks are usually the most difficult to defend against, since the precise nature of the attack is only available after it has happened. These vulnerabilities are not only highly prized by cyber criminals, but also by nation states.
- Keep your operating systems and application software up to date.
- Use virtual LANS to protect transmitted data by using a firewall.
- Protect against wireless malware attacks with a secure Wi-Fi system.
- Stick to websites with SSL certificates.
7. Cross-Site Scripting (XSS)
This attack usually runs with social engineering because it requires a user to visit a web page where the hacker has inserted a malicious script. When you land on an infected web page, the malicious payload can expose you to various unpleasant consequences. In a worst-case scenario, the XSS attack can access webcams, microphones, log keystrokes and even take remote control over your machine. The most common vehicle is JavaScript, which is widely used across the web.
How to prevent XXS attacks:
- Ensure your users are educated on phishing techniques.
- Sanitise the data input. Sanitises with an HTTP request.
- Run XXS vulnerability tests.
8. Drive-By-Downloads
Unlike many other cyber attacks, you don’t have to open an email attachment or download anything to become infected. A drive-by download can take advantage of an operating system, web browser or app with vulnerabilities (due to a lack of security updates). It can be transmitted by viewing an email, pop-up or website.
Preventing drive-by downloads:
- Keep your OS and browsers updated.
- Stick to trusted sites you normally use (even if they can be hacked).
- Only keep the apps and programmes you need - the more plug-ins, the more weak spots you will have.
Phishing-as-a-Service
91% of cyber attacks start with a phishing email, and your employees are increasingly becoming the weakest link in your cyber security. CyberOne's ‘Phishing-as-a-service’ hosts a carefully designed programme to test, train and reduce your users’ susceptibility to phishing emails and multiple other threats. Discover how vulnerable your organisation is to ongoing Cyber Security.Programme Attackers have many methods and techniques to disrupt and compromise networks and systems. By understanding the most common types of attacks, you can realise your critical vulnerabilities - passwords, unpatched systems, misconfigured hardware and more. Regular Penetration Testing, sophisticated social engineering, strong passwords and in-depth user awareness training are all crucial parts of an ongoing cyber security assessment programme, putting you in a far better position to create actionable steps to mitigate unwanted threats and make a real difference to your cyber security posture.