Understanding the method of delivery will help clarify the role of different security controls required to combat the common threats.
It's discomforting being aware of the threats, but not knowing where they’re coming from and how to defend yourself can be even more disconcerting.
In this article, we break down the 8 most common forms of attack and how to defend yourself and your business against them (without the excess tech-speak):
1. Phishing & Social Engineering Attacks
Phishing involves sending emails that appear to be from trusted sources. The aim is to gain your sensitive information, or to spread malware. Part confidence trick and part hacking, phishing is one of the easiest (and therefore, the most common) ways to breach a company’s security. Think of it as a way to find out your password - a highly effective password attack.
Spear phishing has the same outcome, but uses a more focused approach. These attacks require a bit more research on an individual or a target user group. For example, with a little online research, a phisher can identify your colleague’s email addresses and send what appears to be a legitimate email from a trusted source instructing your users to download a file (malware), or even hand over the login details to a key business application.
›› How to protect your business:
- Train your users on the correct protocols for password security.
- Check that links go to the URL they say they will (hover over links before clicking).
- Look at email header “Reply-to” and “Return-Path” to ensure it matches the source you believe the email is from.
2. Password Attacks & Credential Reuse
This is probably the first type of attack that springs to mind when you talk to your users about cyber security. And yet, despite the risks being well known, people fail to use strong passwords, inadvertently give them away to phishing scammers or scribble them on bits of paper.
A hacker will use an array of password hacking techniques, from using lists of common 'weak' passwords, to sophisticated 'Rainbow table' attacks, using previously hacked/cracked lists of hashed passwords.
›› Preventing password attacks:
- Educate your users on phishing methods.
- Encourage & enforce the use of strong, unique passwords.
- Implement an account lockout policy.
- Prohibit the use of default passwords.
3. Denial-of-Service Attacks
There’s a variety of DoS and DDoS (Distributed Denial of Service) attacks. Don’t be misled by the fun-sounding names. These attacks will have devastating consequences on your business. The most common are teardrop attack, smurf attack, TCP SYN flood attack, ping-of-death, and botnets.
DoS & DDos attacks hurt businesses by flooding target web servers with requests - stopping your regular users connecting. This means website downtime, disappointed customers, reputation damage and can even result in data losses & compensation payouts.
›› How to protect your business:
- If you don’t have “always-on” DoS protection, make sure you do have protocols in place to help you stop an attack, or at least minimise the impact.
- It is not enough to hope that your firewalls and ISP are able to stop the heavy loads that attackers use today. There are three main options to consider for DoS protection:
- On-premise protection to identify, filter, detect and protect your network.
- Cloud-based counteraction to deflect, absorb, reroute and scrub.
- Hybrid solution (combining on-prem and cloud DoS protection).
4. Man-in-the-Middle (MitM)
As the name suggests, a Man-in-the-Middle attack is when a hacker inserts themselves between two legitimate hosts. It’s the cyber equivalent of eavesdropping on a private conversation.
In fact, an Eavesdropping attack is a common type of attack itself. But the MitM attack goes a step further. The MitM attack has the added malevolence of disguising itself as one, or both of the people speaking.
This means it doesn’t just intercept and listen into messages between clients and servers. It can also change the messages and plant requests that appear to be from a legitimate source. These type of attacks are notoriously difficult to detect - but there are preventative measures you can take.
›› Preventing MitM attacks:
- Make sure you use SSL certificates (HTTPS, not just HTTP) to enhance security (and user trust) in your website / extranet.
- Consider an Intrusion Detection System (IDS).
- Set-up a VPN to add additional layers of protection over Wi-Fi (and other confidential networks).
5. SQL Injections
A Structured Query Language (SQL) injection is when malicious code is inserted into an SQL database. For an attacker, it can be as simple as submitting malicious code into a website’s search box.
Once the code’s been unleashed, it can read, modify or delete your data. Some SQL attacks can even shutdown your database and issue commands to your operating system.
›› How to protect against SQL injection attacks:
- Apply a least-privilege permissions model in your databases.
- Stick to stored procedures (exclude dynamic SQL) and prepared statements (parameterized queries).
- Validate SQL data inputs against a whitelist.
6. Zero-day Exploit
If a user uncovers a security risk in a program, they may well notify the software company so they can develop and issue a security patch to fix the issue. But they may also share their discovery online too.
The next thing you know, this well-meaning user (who only wanted to warn others) has just exposed a vulnerability to the world. And guess who’s scouring the internet for exactly this type of information? While the software developers rush to fix the problem, hackers get busy exploiting it.
›› How to detect and protect against Zero-day exploits:
By their nature, zero-day attacks are usually the most difficult to defend against, since the precise nature of the attack is only available after it has happened. These vulnerabilities are not only highly prized by cyber criminals, but nation states too.
- Keep your operating systems and application software up to date.
- Use virtual LANS to protect transmitted data by making use of a firewall.
- Protect against wireless malware attacks with a secure Wi-Fi system.
- Stick to websites with SSL certificates.
7. Cross-site Scripting (XSS)
This attack usually runs in conjunction with social engineering because it requires a user to visit a web page where the hacker has inserted malicious script.
›› How to prevent XXS attacks:
- Ensure your users are educated on phishing techniques.
- Sanitise the data input by users with an HTTP request.
- Run XXS vulnerability tests.
Unlike many other types of cyber attack, you don’t have to open an email attachment or download anything to become infected. A drive-by download can take advantage of an operating system, web browser or app that has vulnerabilities (due to a lack of security updates). It can be transmitted when you simply view an email, pop-up or website.
›› Preventing drive-by downloads:
- Keep your OS and browsers updated.
- Stick to trusted sites you would normally use (but even they can be hacked).
- Only keep the apps and programmes you need - the more plug-ins, the more weak spots you will have.
The importance of an on-going Cyber Security Programme
Attackers have many methods and techniques to disrupt and compromise networks and systems. By understanding the most common types of attacks, you can understand your critical vulnerabilities - whether they be passwords, unpatched systems, misconfigured hardware and more.
Regular penetration testing, sophisticated social engineering, strong passwords and in-depth user awareness training are all crucial parts of an on-going cyber security assessment programme, putting you in a far better position to create actionable steps to mitigate unwanted threats and make a real difference to your cyber security posture.
- How to create strong passwords you can remember
- What is SIEM? (Part 1): Cyber Security 101
- Is ransomware the biggest threat to your IT security?
- Type of penetration test - what's the difference?
- Pros and cons of outsourcing your cyber security: In-house of Managed SOC?
About Comtact Ltd.
Comtact Ltd. is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC).
Located at the heart of a high security, controlled-access Tier 3 data centre, Comtact's state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK's leading organisations.