10 Common Security Threats in the Enterprise
The list of potential network security threats to enterprise-level businesses is pretty long. We have training that goes in-depth in explaining the nature and characteristics of these threats and what to do about them.
In this article, we highlight just a few of them, how they've manifested themselves, and some simple strategies to deal with them. Our list is not meant to be a definitive Top 10, and we won't be able to cover each item comprehensively. It is not meant to be an authoritative list, but a sampling only.
1. Don't Give Malware a Chance
Malware is malicious software placed onto a computer system that is meant to damage, disrupt, or allow unauthorized access. This is really a category of security threats rather than a single example. Under malware we could include a large sublist of threats, all with their own particular methods and effects. Here is a brief list of malware types and what they are used for:
Spyware. Infiltrates and monitors an unsuspecting user's computer to obtain sensitive information such as passwords.
Adware. Automatically displays or downloads advertising software as a user surfs the web, and is often paired with other malware such as spyware or trojans.
Trojan virus. Gains access to a user's computer when it is disguised as legitimate software.
Worm. Automatically replicates and spreads from computer to computer as it takes advantage of vulnerabilities.
Keylogger. Tracks and records keystrokes of a user on their keyboard.
Rootkit. Gains administrator-level access to computers and may remain invisible to users.
Botnet. Attacks computer networks or systems as a coordinated group of unsuspecting computers while controlled by a third party.
Ransomware. Gains access to a computer and locks it down until the user pays a ransom.
Example: Wannacry is an example of ransomware software that was in the news in 2017. In May of that year, CNET reported: "So far, more than 200,000 computers in 150 countries have been affected, with victims including hospitals, banks, telecommunications companies and warehouses."
Mitigation: There are a variety of methods used to get malware onto your computer. It can come through email, web pages, file transfers — any possible way that a malicious piece of software can be transported and added to your device's software repository. Prevention includes taking great care when clicking links. Never click on a link in an email from an unknown user. Spam emails are filled with such links.
To guard against malware attacks, you need to have a good anti-malware (often called anti-virus) software. Make sure that it regularly downloads updated versions of the anti-malware software, including the lists that it uses to identify threats. Run regular malware scans of your system, and implement segmentation strategies for your network environment to limit the damage if an attack should occur.
2. How to Combat Phishing
Phishing is a deceptive attempt to acquire personal or sensitive information from a user. The attacker might use social engineering or computing techniques to accomplish their purposes. Just like the rhyming word fishing, someone who is phishing is putting out some bait to see what he can catch.
The most common phishing method is the use of email made to look authentic that surreptitiously attempts to collect information from its victim(s). The email may imitate the look and feel of a bank or a retailer, then ask the email reader to submit account or credit card information. It is more than technical expertise. The design and text are a social and psychological ploy to get the reader to take action.
Example: Here is a clever example of phishing that can deceive just about anyone who is not on their guard. When you go in to update your information, you are actually giving it to the attacker.
Mitigation: One dead give-away is the sender's email address. If you were actually getting an email from PayPal, for instance, it would include paypal.com/ in the email address. If you ever have a doubt about an email's origin, look closely at the email address. But of course, don't take any action on an email unless you are 100% certain of its legitimacy.
There are a number of strategies for combating phishing. You should have good protection against phishing from your email provider as well as your email client. If your email provider or application don't protect against phishing, then you should consider making some changes. Firewalls and anti-virus software can help with protection. There are also anti-phishing services available on the market. These will integrate with your browser or email application to prevent phishing.
3. Password Attacks Happen Often
When your password is stolen, it can be used or sold on the dark web for exploitation. There are a number of ways that hackers can get your password. Here are some types of password attacks:
Dictionary attack. Uses a list of common words, sometimes with numbers at the beginning or the end.
Brute force attack. Uses a program to generate likely passwords.
Man-in-the-middle attack. Impersonates an app or website to capture passwords.
Keylogger attack. Tracks the keystrokes for a user to collect their password.
Social engineering attack. Uses phishing techniques or personal interaction to get passwords.
Example: On September 16, 2008, David Kernell managed to gain access to vice presidential candidate Sarah Palin's email account. After doing some research, he was able to guess Palin's email address. It may have helped that Kernell was fairly intelligent. He was a champion high school chess player, a programmer, and an economics major. Mitigation: There are some basic things you can do to prevent your password from being compromised. First, don't use a dictionary password. If you use a common word, or any word that might come from a dictionary list, you are just asking to hacked. You should be sure to use a strong password. You have seen the password requirements that call for a capital letter, a number, a special character. Even if the software or website you are using doesn't require it, make sure to use strong passwords. You should also consider using multi-factor authentication (MFA). Access requires more than just a password.
Many email administrators set up automatic lockouts. This keeps hackers from repeatedly attempting to guess your password. Another tactic is to use authentication methods, like CAPTCHA.
4. DDoS Attacks are Getting Bigger
Distributed Denial of Service (DDoS) is the use of a large number of computers to attack a single target with the aim of preventing it from properly functioning. The participating computers are generally not doing this willingly.
They may be infected by some form of Trojan virus that tells them to attack the target at a specific time. The idea is to flood the target machine or network so that all the processing from the many requests simply becomes too overwhelming and prevents it from doing anything else.
Example: The biggest ever DDoS attack, according to The Hacker News, was a 2018 attack on GitHub's code hosting website. GitHub said: "The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. It was an amplification attack using the memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packets per second."
Mitigation: To prevent DDoS, it helps to first get a baseline of the normal traffic that passes through your computer or network. Once you have established the baseline, you will be able to set alarms and notifications to let you know when there is an abnormal amount of traffic — signifying a possible DDoS attack.
Another tactic is to have diversion techniques to send traffic that you suspect is from a DDoS attack. You can even automate this process.
5. 7 Types of Man in the Middle Attack
A man-in-the-middle attack occurs when someone impersonates a destination server, convincing the client that their transmission has been received and is being properly processed. A hacker's tools and strategies may be very clever, but 10-15 years ago such ingenuity was not really necessary.
Back then, the majority of internet traffic was sent as clear text. Anyone with a packet sniffer could see passwords and other confidential information moving through the data stream. Nowadays the man in the middle has to deal with security defenses like encryption and digital certificates. A typical attack done today involves both interception and decryption.
This type of attack is often accomplished on a local network segment. If the attacker is logged onto a user's Wi-Fi network, for instance, they may be able to use tools to present themselves as the remote network device. This could allow the hacker to divert and collect sensitive data or monitor and record traffic as it passes.
Man in the middle is a concept, but there are really many ways to do it. A phishing scam could also be considered a man-in-the-middle attack, for instance. According to Norton, there are seven types of man-in-the-middle attacks.
Stealing browser cookies
Example: Man in the middle is a kind of session hijacking. Consider a financial transaction between two parties. Using sophisticated tools, the hacker manages to impersonate both sides of the conversation. Intercepting a secret key from one side, the assailant forwards their own secret key to the other.
The trust relationship is formed — a kind of handshake — but neither side realizes that the man in the middle is present. Once the seemingly secure link is established, the hacker substitutes their own bank account information. Unknowingly, the buyer sends money directly to the hacker's account rather than the intended receiver.
Mitigation: Norton also gives us some tips to prevent man-in-the-middle attacks. First, make sure that you only conduct financial transactions over secure websites. You can tell a site is secure because it has HTTPS rather than HTTP in the URL. Sites with this protection use SSL/TLS and the public key infrastructure (PKI) to encrypt and transmit sensitive data.
One of the best ways to lock down your internet sessions is to use a virtual private network (VPN). VPNs create an encrypted tunnel through which you will send and receive all of your internet traffic. It's an added layer of protection beyond simply the use of secure websites.
Other strategies include the use of internet security software on your computer and the use of strong passwords. Anything that you do to increase the level of security for your internet traffic will serve to prevent a man-in-the-middle attack.
6. Drive-By Download
A few lines from the security solution company McAfee give us an introduction to this threat:
"Gone are the days when you had to click to 'accept' a download or install a software update in order to become infected. Now, just opening a compromised web page could allow dangerous code to install on your device."
They explain it further for us with this concise statement:
"A drive-by download will usually take advantage of (or 'exploit') a browser, app, or operating system that is out of date and has a security flaw."
Makers of browsers have to scramble to stay ahead of the hackers who are eager to take advantage of any weakness. It seems that there are clever people on both sides of the battle. The problem is that there are both known and unknown vulnerabilities — bugs that you know about and bugs that you don't. Software creators offer rewards for "white hat" hackers who discover vulnerabilities. But for those who want to do mischief, that may not be enough.
A drive-by download might show up in a web page, an email, or a pop-up. You won't even have to click on a link if the hacker has mastered his hack. The download may install any of the malware discussed at the beginning of this article. One writer, years ago, warned against promiscuous browsing — it can be like the wild west out there in cyberspace. A dated but interesting video from Watchguard Technologies tells us we can look for visual clues of a drive-by download:
Unusual apps in your program bar
Your web browser's homepage has changed
Unfamiliar toolbar appears in your web broswer
New bookmarks that you didn't make
Pop-up windows display ads
Unusual files in different directories on your computer
Example: The cybersecurity news site The Security Ledger tells us how the malware LoadPCBanker exploits Google Sites to download malicious software to users' computers. It's risky because of the trust relationship that Google has with many websites. Here is an illustration of the hacker, courtesy The Security Ledger: Mitigation: The first defense against drive-by downloads is to ensure that your computer software is fully updated with all the latest security patches. New vulnerabilities pop up every day, and software makers like Microsoft work diligently to provide solutions for the latest threats using patches and updates.
Another way to guard against a drive-by download is to be careful at all times. Promiscuous browsing in dark corners online, as in life, can lead to unwanted results. Opening emails from unknown persons is probably not a good idea.
It helps to make sure your spam filter and anti-malware software are updated and fully functional. And you might think about hardening your web browser — adjusting it to high security for instance. Do what you can to prevent this hack, because you never know what might happen.
7. The Urgency of Rogue Software
You're surfing the web, and suddenly you see an urgent security message that you have a virus on your computer. You click the link to find out more. That's just one way that rogue security software can make its way onto your computer. But, once downloaded, it doesn't do any of the things it promised. Rather than securing your machine against external threats, it may become a serious threat to your system.
The fake application might be some teenager's prank, or it could be the source of all sorts of malware. While pretending to run scans on your computer, it could be installing any of the malware discussed above. And it could even show itself as a piece of ransomware, trying to disable your system until you pay a fee. Beware these warnings that try to bait you into quick action to protect your system.
Examples: Where do we start? The list of rogue software applications that have been roaming the internet is voluminous. And they usually use names that seem like real security programs or sound similar to legitimate software applications. Here is a brief list:
Antivirus System PRO
Security Suite Platinum
Volcano Security Suite
My Security Shield
VirusProtectPro, for instance, installs itself on your system and then displays a message telling you that it is infected. And you are told to buy VirusProtectPro to take care of the problem. It's all a hoax.
Mitigation: To prevent your computer from the presence of rogue security software, you'll want to be sure to take all those standard measures that help with other issues. Get a good firewall and anti-malware (anti-virus) program and keep them operational and updated. Make sure you're getting regular software updates for your operating system so that all security patches are installed. And run regular scans to ferret out any malware.
An important thing to remember is not to be fooled by frantic warnings about your computer system unless they come from the resident programs that you know and trust. Keep calm and don't panic. And if you do find some clue that rogue software may have infected your system, go to your trusty real security software, run the necessary scans, and be sure that it's either quarantined or removed.
8. Web Application Security Threats
Complex applications have taken over the internet, providing just about any kind of service you can think of. The threat surface of web applications is very broad these days, and there are a whole host of threats targeting online apps. We wrote a lengthy article on the subject of the OWASP Top Ten List, so we won't go in-depth here. Just as a reminder, here is the OWASP list from 2017:
A2:2017. Broken Authentication
A3:2017. Sensitive Data Exposure
A4:2017. XML External Entities (XXE)
A5:2017. Broken Access Control
A6:2017. Security Misconfiguration
A7:2017. Cross-Site Scripting (XSS)
A8:2017. Insecure Deserialization
A9:2017. Using Components with Known Vulnerabilities
A10:2017. Insufficient Logging & Monitoring
Example: As Computerphile expert Tom Scott tells us, "Any time you have to enter information or retrieve information using a website, it's interacting with SQL." With SQL injection, a hacker uses an attack string to input malicious commands or query and extract data from a confidential database.
Here's an example from W3Schools:
1 txtUserId = getRequestString("UserId"); 2 3 txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
To trick the application, the hacker inputs the following:
1 105 OR 1=1
The computer sees the OR in the query and it logically forgets about the first part and just returns TRUE for the second part. Since 1=1 is always true, the computational result of the query is simply a list of all the users in the database table. With this neat trick, the computer can pass through software access controls.
Mitigation: We couldn't possibly cover all the mitigation techniques for web application hacks here in just one paragraph. The main thing is that software developers must keep security in mind as they write these programs. In the case of SQL injection, programmers — following best practices — use things like input validation, blacklisting, and whitelisting to ensure that acceptable input is received.
During the testing stages, or even after production, a penetration tester (aka, pentester) can go after a website application to identify vulnerabilities. For more on OWASP Top Ten mitigation, see the OWASP website or take a closer look at our article on the OWASP Top Ten.
9. IP Spoofing is Always in Style
When hackers want to pretend that they are sending traffic from another network device, they can send messages that contain the IP address of that other device. This is known as IP address spoofing. This is accomplished by modifying the source IP address in the header of an IP packet so that it matches the device being impersonated.
It's like sending a letter using someone else's return address. IP spoofing is a common technique for DDoS attacks, since it can either hide the identity of the attacker or make the traffic look like it's coming from somewhere else.
Example: Another example of IP spoofing is when an attacker wants to gain access to a particular network or IT resource that is limited to those in a particular IP address range. By modifying a source IP address, the attacker can fool system safeguards into thinking that it was an authorized user.
Mitigation: There are a number of ways to prevent IP address spoofing. Network administrators can limit access using access control lists. They can filter inbound and outbound traffic using specific parameters. The use of encrypted sessions using the public key exchange (PKI) can keep out IP spoofing hackers. And routers and switches can be configured to detect and reject traffic coming from outside their network.
10. Wireless Attacks and Evil Twins
Of course, you can gather the nature of this security threat from the name. But you may not know all the variations of wireless attacks. Two of the most common wireless attacks are rogue access points and evil twins. They are very similar in that they are both meant to deceive the user and entice them into connecting. You might also consider them man-in-the-middle attacks
A rogue access point is one that has been inserted into a wireless infrastructure, such as in an office environment, and set up to capture traffic from unsuspecting users. An evil twin is a wireless device, perhaps in a public place like a coffee shop, that has been given a name similar to the one people are expecting. For example, an evil twin at a Starbucks might have a name (SSID) this is spelled almost the same as the Starbucks wireless router.
Here are a few more types of wireless attacks:
Jamming. Sending interference signals to disable a legitimate access point so that users will use the attacking device.
Bluejacking. Pushing unwanted or deceptive content to a user's smartphone or computer over Bluetooth.
Bluesnarfing. Enticing a user to pair with another device in order to pull off data from the user through Bluetooth.
Social engineering. Getting a wireless access password from someone without authorization.
War driving. Driving through town looking for unsecured wireless access devices to exploit.
Example: Some years ago, an unsuspecting network engineer (who shall remain nameless) forgot to turn wireless security back on his router after fooling with the configuration. Weeks later, he was surprised to get an email from a clever, snarky hacker who revealed that he had been snooping all over his laptop through the open wireless connection.
Mitigation: By all means keep security on your wireless router, or at least a secure landing page. And if you're letting others use your wireless access point, be sure to keep good control of it.
One of the best protections against snooping and wireless attacks in a public place is to use a virtual private network (VPN). They're fairly cheap online, and you can get them for a small monthly fee. Get used to keeping your VPN on whenever you surf the web. This will give you peace of mind and an extra level of protection.
If you are responsible for the wireless network at your workplace, you need to keep tabs on it. That might mean a regular audit, or an effective monitoring tool. You need to know who's on your network, including users and devices.
There are untold security threats on the internet in the 21st century. We chose 10 (and not necessarily the top 10) to discuss, but the list could go on and on. The Security+ certification covers the vast majority of threats in detail.
Every IT professional — and every computer user — should be aware of what they are up against every time they go online. It's a dangerous cyberworld out there.
delivered to your inbox.