Over the last couple of years, businesses have seen some of the most frequent and severe cyber security attacks ever recorded against businesses across a variety of industries, with some of the largest and seemingly most secure companies being affected. As security professionals prepare for yet another record-breaking year of network breaches and data security risks, it is imperative that companies make themselves aware of the latest cyber threats to ensure their security countermeasures are up to par.
While we can’t predict the emergence of new threats, here is a list of the top eight network security threats you may expect to see in 2019 and how your company can protect itself.
1. Viruses and Worms – While they are nothing new, worms and viruses continue to be destructive and malicious programs that infect core systems, destroying essential system data and making networks inoperable. Viruses are attached to a system or host file and can lay dormant until inadvertently activated by a timer or event. Worms are more general and infect documents, spreadsheets and other files. Similar to a live virus, a computer virus or worm will immediately begin replicating itself, infecting networked systems and inadequately-protected computers. Viruses and worms form the building blocks for many more advanced cyber threats.
Installing anti-malware solutions on all networked devices and systems can significantly reduce the possibility of contracting these viruses or allowing them to spread. By recognizing the threats early and containing them, these solutions enable admins to detect malicious programs and remove them before they inflict any damage. Additionally, IT professionals must aggressively keep software up to date. With more infrastructure in the cloud, protective strategies must be extended to protect both local and cloud-resident data. And users must be trained to avoid the human engineering aspects of attacks, such as phishing attacks. This multi-faceted approach is known as defense-in-depth.
2. Drive-by Download Attacks – In the past, a simple way to ensure that you didn’t contract a computer virus was to not download files from any source you didn’t trust. Just like worms and viruses have evolved, so have cyber threats. Instead of a download, a drive-by download is a form of attack that allows malicious code to be downloaded from an internet site through a browser, app, or integrated operating system without any action on the user’s part. These URLs are designed to look and act like real, functioning websites, but in fact, they are breeding grounds for several different types of malicious code in hopes that one of them will get through your system’s security.
The best way to protect yourself is by keeping your browser up-to-date to help identify these malicious sites before you visit them. You can also use a safe search tool, designed to filter potential threats and ensure you’re not able to navigate to them.
3. Botnets – Botnets are powerful networks of compromised machines that can be remotely controlled and used to launch attacks of massive scale, sometimes including millions of Zombie computers. Botnets are controlled by Command and Control (C&C) networks, which are run by the hacker. They can be used to launch Distributed Denial of Service (DDOS) attacks, to make a target website so busy that it can’t process legitimate requests. In fact, DDOS attacks are sometimes able to completely crash the targeted site, and relief may be offered only if the target website owner pays a ransom. Botnets can also be used to attack secure systems, with each bot operating at a low attack frequency to evade detection.
The first defense against botnets is to keep your own machines from becoming botnet “Zombies,” by using techniques for preventing infection from worms and viruses, including using antivirus software and keeping operating software up to date. But even if all machines in your enterprise are kept clean, you can be attacked when outside machines are directed to attack your web server or infrastructure. Because of the scale, defense in this case requires a cooperative approach including working with your ISP, system software vendors, and law enforcement agencies.
4. Phishing Attacks – Phishing attacks are a form of a social engineering attack that is designed to steal user logins, credit card credentials and other types of personal financial information. In most cases, these attacks come from a perceived trusted source, when in fact they’re designed to impersonate reputable websites, banking institutions and personal contacts. Once you reply to these messages and use your credentials or enter your financial details, the information is then sent directly to the malicious source.
To protect yourself from phishing attacks, always be cautious when reading and opening all emails. Before clicking an external email link, you should look at the actual URL, as it may differ from the text in the email. Either enter the URL manually, or be sure of the source and delete any emails that appear to be suspicious.
5. DDoS (Distributed Denial of Service) – A very damaging form of cyber attack that is regularly being used against businesses today is DDoS (Distributed Denial of Service) attacks. The purpose of these attacks is to overwhelm the hosted servers of their targets with requests for data, making them completely inoperable. This form of attack can be disastrous for companies that sell their products and services online, causing thousands if not millions of dollars in lost revenue a day.
Early detection is key in protecting your network effectively against a DDoS attack. WAFs (Web Application Firewalls) are a great tool to use against these attacks as they give you more control over your web traffic while recognizing malicious web exploits. Using these security solutions, you can create custom rules that enable you to block common attack patterns and can deploy countermeasures within minutes of recognizing network discrepancies.
6. Ransomware – Among all of the latest cybersecurity threats that have been discovered over the years, none create as much fear and uncertainty as ransomware attacks. Hackers can literally hold your network hostage until their ransom demands are met. In fact, nearly 70 percent of businesses attacked by ransomware have permanently lost part of or all of their company data. By infecting secure database systems, encrypting data, and threatening deletion or corruption of files unless a hefty ransom is paid, ransomware is a very dangerous form of malware. The massive increase in ransomware was triggered by the creation of crypto-currencies like Bitcoin, which allow ransom demands to be paid anonymously.
As ransomware is a form of malware, the same defensive strategies are required – antivirus software, keeping software updated with the latest security patches, and training employees to recognize phishing attacks. But there is an additional protection which is essential – reducing the impact of a loss of data by having a backup and ransomware recovery strategy or by keeping data in multiple, replicated locations. This way, the business can continue uninterrupted, without needing to pay ransom.
7. Cryptojacking – With the rise in popularity of cryptocurrency mining, hackers have found ingenious ways of utilizing hardware resources from unsuspecting victims for their financial gain. By tricking their victims into loading mining codes onto their computers, hackers can use their target’s CPU processing resources to mine for cryptocurrency, significantly impacting the performance of their systems. Without understanding the cause of these performance slowdowns, companies can incur real costs trying to source performance solutions or replacing system hardware to resolve the issues.
To defend against these malicious resource attacks, IT teams should have methods to continuously monitor and diagnose CPU usage and alert to changes over time. Cryptojacking attacks are similar to worms and viruses, except that the end goal is to steal CPU resources not to corrupt data. As such, the same preventative measures are required as with other malware attacks.
8. APT Threats – APTs (Advanced Persistent Threats) are a form of cyber attack where an unauthorized attacker code enters an unsuspecting system network and remains there for an extended period undetected. Rather than inflicting damage to these systems, APTs will quietly sit, stealing financial information and other critical security information. APTs use a variety of techniques to gain initial access, including malware, exploit kits, and other sophisticated means. Once login credentials are discovered, APTs can scan and infect deeper parts of the infected system, inevitably compromising all forms of data and easily navigating between connected networks.
While these forms of attack are difficult to detect, there are some key indicators that system administrators can notice to help identify and counter APTs, including looking for unusual patterns in network activity or large amounts of data access, outside the normal range for the business.
Bottom line? Educating yourself on the latest cyber threats is the first step in improving your security processes and combating these malicious cyber attacks. By keeping all of your system hardware and software up-to-date, actively monitoring your network usage, and utilizing the internet security measures that anti-malware and anti-virus solutions provide, you can ensure that your business is ready to battle whatever cybersecurity risks the new year brings.