WHAT ARE THE MOST COMMON TYPES OF CYBER-ATTACKS AND WHICH VULNERABILITIES ARE EXPLOITED?
In our first article we discussed the impacts of Cyber Related crimes on our own companies. We were able to conclude that cyber-attacks are detrimental for any company in terms of Financial, Operational as well as the reputation of the company too.
In this article we would like to illustrate an overview of the most common and successful cyber-attacks and the vulnerabilities that are being exploited. These vulnerabilities must be addressed by taking appropriate measures.
We all know that Organisations fall victim to cyber-attacks every day. Cyber-attacks can take many forms, from phishing and malware to exploiting vulnerabilities and ransomware. The potential threats can be very different, but they all have one thing in common: they all represent a significant business risk.
Malware is used to force a way into users’ computers. Malware refers to many types of malicious software, such as viruses. Malware can do many things, such as take control of your computer, monitor your actions on your computer and steal data. Malware is often distributed via phishing emails, where the attacker asks you to download and open a seemingly harmless file or attachment (.docx, .pdf, etc.) that contains malicious code. The malware will then spread quickly to other computers within the same network and organisation.
Remediation: up-to-date anti-virus, advanced “endpoint protection”, user awareness training, security monitoring.
A specific type of malicious software (malware) that encrypts all your data and makes it inaccessible. When this happens, a sum (ransom) is requested to be paid to decrypt your files (which in the end does not always happen). The most famous versions of ransomware are Crypto locker and WannaCry. Just as with malware, ransomware is often distributed via phishing emails and will spread quickly to other computers.
Remediation: up-to-date anti-virus, advanced “endpoint protection”, a detailed backup plan, patch management, anti-spam and anti-phishing solutions, user awareness, security monitoring.
Vulnerabilities and unpatched software
This should be one of your top concerns, because software which is not up-to-date is one of the main cyber threats for an organisation. There are 2 types of vulnerabilities: known and unknown. Known vulnerabilities are published on the internet and there is a good chance that an attacker will know and use them. Unknown vulnerabilities, or zero-day vulnerabilities, are less likely to affect your organisation. Software suppliers periodically provide patches to disable known vulnerabilities. Patches should therefore be installed as quickly as possible in order to reduce the risk of cyber incidents.
Remediation: vulnerability assessment, patch management, penetration testing.
A technique used to mislead and manipulate users in order to gain access to, for instance, their computer, credentials and bank information. Social engineering is a type of psychological manipulation. The attacker will persuade you to undertake a number of actions or to provide information that may seem innocent to you, by pretending to be someone else. There are many forms of social engineering; phishing emails, invoice fraud, CEO fraud, fake social media profiles, etc.
Remediation: user awareness, anti-spam and anti-phishing solutions, website filtering, multi-factor authentication, password management.
Not all security incidents or data leaks are caused by attackers. In reality, many incidents are caused by human error and could have easily been avoided. A user accidentally sends information to a wrong person or email address, computers and smartphones are lost or stolen, passwords are written on post-its or shared with other colleagues – these are just a few examples. In recent years, human error has represented more than half of the data leaks. In principle, they are easy to avoid, but the reality is that human behaviour and habits are the most difficult to influence.
Remediation: user awareness, disk encryption (including disks in laptops), password management, identity and access management (IAM), network access rules, application hardening, logging, behavioural monitoring.
(distributed) Denial Of Service DDOS
A (D)DoS attack can most easily be explained as a motorway that cannot handle a massive amount of unexpected traffic, causing a traffic jam that nobody can escape from. This is what happens when a website, web shop, login page or service becomes the victim of a (D)DoS attack. If you flood a website with more traffic than it was built for, you will overload the server and make the website unavailable for the purpose for which it is intended. The difference between a DoS and a DDoS attack lies in the number of computers that simultaneously perform the attack.
Remediation: adequate network configuration, anti-DDoS service/solution, network monitoring, incident response and management