In just a few short years, cybercrime is expected to do more damage than all natural disasters combined. By 2025, it is estimated that cybercrime will cost the world $10.5 trillion dollars annually. This is a 66% increase from the $7 trillion dollars in damages predicted for 2021 (Source: fortune.com)
In addition to exploiting new attack vectors such as artificial intelligence, attackers have developed advanced persistent threat tactics in order to help them bypass these security measures.
As the attack vectors become more sophisticated, so too are organizations’ defensive strategies.
Attack Vectors and their Defense Strategies
Social Engineering
Social engineering is the psychological manipulation of people in which the attacker uses human communication to obtain information, break into systems or networks, or commit fraud. Social engineering attacks are usually based on exploiting trust relationships between people in order to trick them into revealing sensitive information.
Defense
Conducting security awareness training for employees on a regular basis is the best way to protect against social engineering attacks. The investment in security awareness training can pay off in the long run, lowering your team’s risk of falling victim to a social engineering attack.
Some quick tips:
- Think before you click
- Research the sources
- Email spoofing is ubiquitous
- Don’t download files you don’t know
- Offers and prizes are fake – This goes back to thinking before you click and don’t download files
Technical Vulnerabilities
Operating systems and software programs can be exploited through technical vulnerabilities. These are defined as weaknesses that can be exploited by someone with malicious intent. When a vulnerability is exploited, the attacker may gain access to more sensitive areas of the system and carry out dangerous activities.
Defense
Security isn’t just about installing third-party solutions. It’s also about making sure you have a good patching and change management process to ensure that when you deploy those security solutions, they actually get deployed into your networks and the configuration changes in your environment get applied so that you can protect yourself against the most common attacks.
Misconfigurations
A common mistake that companies make is misconfiguring their systems and applications, which leaves them vulnerable to attacks. Insecure configuration options and misconfigurations can lead to vulnerabilities in applications. When a component is vulnerable to attack as a result of these issues, it is referred to as a “security misconfiguration vulnerability.”
Defense
It is important to have procedures and systems in place that help to secure your configuration process and make use of automation where possible. Monitoring the settings of applications and devices, and comparing these to recommended best practices, can help to identify any potential security risks from misconfigured devices across your network.
Watering Hole/Drive-by Download
Watering Hole
Watering hole attacks happen when a threat actor compromises sites that victims visit, hackers can gain access to their computers and networks, causing serious damage.
Drive-by Download
Hacker creates a vector for malware delivery — usually through online messages, ads, or downloads of legitimate programs. You can interact with these vectors without realizing it — for example, by clicking on a deceptive link or downloading software that has malware embedded in it.
Drive-by downloads are designed to:
- Hijack your device
- Spy on your activity
- Ruin data or disable your device
There are two main variants of Drive-by Download attacks:
- Non-malicious potentially unwanted programs or applications (PUPs/PUAs)
- Malware-loaded attacks
Defense
When it comes to these types of attacks, the best defense is to err on the side of caution. You should never let your guard down when it comes to security.
At CyberMaxx, we’ve put together some of the best tips and tricks on how you can avoid downloading malicious code:
Website Owners
- Keep all website components up to date
- Remove any outdated or unsupported components of your website
- Use strong passwords and usernames for your admin accounts
- Install protective web security software into your site
- Consider how your advertisement use might affect users
Endpoint Users
- Only use your computer’s admin account for program installations
- Keep your web browser and operating system up to date
- Be wary of keeping too many unnecessary programs and apps
- Use an internet security software solution on all your devices
- Always avoid websites that may contain malicious code (i.e. the usual suspects can be gambling, pornography, or fake PayPal or Amazon redirects)
- Carefully read and examine security popups on the web before clicking
- Use an ad-blocker. Drive-by download attacks often use online ads to upload infections
DDoS (Denial-of-service)
A Distributed Denial of Service (DDoS) attack in which a group of compromised systems connected over the Internet is used to send high volumes of traffic toward a target computer or network.
The goal is to make the targeted resource unavailable to legitimate users. The source of this traffic can be a botnet, Mirai, or another cyberattack tool.
Defense
If an organization’s network is experiencing a DDoS attack, the organization should work with the upstream ISP and any other service providers. They can either stop the flood or at least slow it down so the network can recover. Enlisting help from security experts that specialize in DDoS mitigation is another option.
Cybersecurity: An Ever-Evolving Landscape
Taking the time to correctly assess (Vulnerability Risk Management/Exposure Management) where any potential security pitfalls may be and planning for their eventuality can minimize the chances that something will go wrong and threaten the network infrastructure’s security. Everyone is vulnerable to these risks, but you can do a lot to prevent them.
Of course, without the proper training of employees and other users of the organization’s networks and devices to be extra diligent, all the VRM in the world can’t do a thing – It’s important to make sure they are cautious of files, links, and potentially harmful websites.
