How Modern Cyber Attacks Work & How To Detect Them

April 26, 2019 | by Marine D. | Blog posts 0 Comments

Cyber criminals are getting smarter and breaches financial damages costlier. Are you aware of how modern cyber attacks work and how  you can detect them?

SUPPLY CHAIN ATTACKS

What are they?

Supply chain attacks, also called third-party attacks, occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data. This worsen the attack surface of the typical enterprise in the past few years as more suppliers touch sensitive data than ever before.

How to protect against them?

According to Microsoft, the best way to protect against supply chain attacks are to

• Deploy strong code integrity policies to allow only authorized apps to run.

• Use endpoint detection and response solutions that can automatically detect and remediate suspicious activities.

SPEAR PHISHING ATTACKS

What are they?

Spear-phishing attacks are essentially a more sophisticated version of phishing, with hackers impersonating an associate, friend or even a service provider like your bank or Netflix (most impersonated brand in 2019 so far).

How to prevent them?

Sometimes, employees are the weak link to cybersecurity. For this reason, it’s important to provide user awareness training and have everyone be made aware of lessons from the past.

Amongst many, some proven providers that can help train your employees to spot phishing attempts are:

• Sophos

• KnowBe4

• Vade Secure

• Rapid7

ENDPOINTS SECURITY

What is it?

The connection of more laptops, tablets, mobile phones and other wireless devices to corporate networks creates new attack paths for security threats. This is why ensuring endpoint security‌‌‌‌‌‌ is crucial.

How to ensure their security?

Endpoints are considered one of the most vulnerable part of a network and are often operated by users who are more than willing to lend a helping hand to attackers. Trustwave’s advice to perfect your endpoints security is to follow these best practices:

• Push users to use complex passwords (A mix of words, numbers, big and small letters, signs, etc.), remove administrator rights from users, patch vulnerabilities and enforce security configuration policies.

• Ensure that only approved devices are able to connect to your network, and assess their vulnerability and patching status.

• Get an endpoint detection and response (EDR) provider that can help identify behaviors and provide useful endpoint data for effective threat monitoring, analysis and hunting.

• Implement a creative security awareness program that teaches workers to recognize risky emails and avoid downloading untrusted links or attachments.

STEGANOGRAPHY

What is it?

Steganography‌‌‌‌‌ is when malicious hackers hide malicious software within a file, message, image, or even video. This is becoming a high-risk, particularly with the wide spreading and increasing popularity of memes all over the internet.

How to prevent against it?

According to Fortinet, a robust counter-steganographic plan to address the risks of steganography include:

• Use tactical Threat Intelligence to stay current with steganographic and other threat innovations.

• Observe and test suspected steganographically-obscured malware.

• Inspect applications and other code that might conceal malicious content.

• Implement next-generation firewalls to block known steganographic message traffic.

• Expedite and prioritize vulnerability patches, updates, and policy controls.

CRYPTOJACKING

What is it?

Cryptojacking is defined as the secret use of your computing device to mine cryptocurrency. Cryptojacking used to be confined to the victim unknowingly installing a program that secretly mines cryptocurrency.

How to prevent and protect against it?

Cryptojacking is on the rise. To prevent and protect against this kind of attacks, CSO Online suggest to

• Incorporate the cryptojacking threat into your security awareness training, focusing on phishing-type attempts to load scripts onto users’ computers.

• Install an ad-blocking or anti-cryptomining extension on web browsers.

• Use endpoint protection that is capable of detecting known crypto miners.

• Use a mobile device management (MDM) solution to better control what’s on users’ devices.

• Deploy a network monitoring solution.

• Monitor your own websites for crypto-mining code.

• Stay abreast of cryptojacking trends.

ADVANCED PERSISTENT THREATS (APT)

What are they?

Advanced Persistent Threat (APT) is where an attacker can breach a network and stay undetected for a long period of time. The goal of these attacks is not to cause instant damage or immediately ask for ransom, drawing attention to your breach, but rather to insidiously steal information or security data in an unobtrusive way.

How to protect against them

The focus of the defense strategy should be to pick best-in-class detection solutions that together can provide intelligence on the targets, the methods used by the attackers, the frequency of their activity, the origination of the advance persistent threat, and the risk associated with the attacker’s motives.

Based on the Verizon Data Breach Investigations Report, 95% of targeted threats and APTs using some form of spear phishing as a starting point of the attack, and hence a part of APT defense strategy for an enterprise should include a detection solution that attempts to look for targeted threats in email based on unusual patterns in traffic, rewrites the embedded URLs in suspicious emails, and then maintains a constant watch on the URL for malicious behavior in a sandbox.

INTERNET OF THINGS (IoT)

Why is it a potential threat?

Internet of Things (IoT) devices are yet to prove themselves in terms of security as they are remaining incredibly insecure and can cause enormous damage. See examples here

• Smart cars hack

• Medical devices hack

How to protect against this type of attacks

To ensure the security of your ‘smart’ devices, make sure to listen to McAfee’s advice:

• Keep all IoT device software up to date.

• Segment IoT devices from other parts of the network.

• Connect IoT devices using secure Wi-Fi.

• Power-cycle IoT devices periodically.

• Change defaults and use strong passwords.

• Restrict physical access to IoT devices.

POINT OF SALE (POS) ATTACKS

What are they?

Point-of-sale (POS) attacks happen when cybercriminals use malware to target point of sale and payment terminals with the intent to obtain credit card and debit card information. (Read more about last year’s POS attack on Tim Horton)

How to protect against them

POS protection is a weird area for most businesses and security companies because there isn’t a perfect solution that will stop all problems. However, there are some best practices that can help. According to Secure Box, these include:

• Use multi-layered protection to safeguard POS systems

• Disable remote access to POS networks

• Avoid accessing the Internet from POS stations

• Create secure passwords (it’s never said enough!)

• Use only the most up-to-date POS software

ARTIFICIAL INTELLIGENCE

What is it?

Artificial Intelligence (AI) Information Warfare attacks is when an AI-generated video (commonly referred to as “deepfakes”) use machine-learning algorithms to create highly believable forgeries that can be used to depict individuals saying or doing things that never occurred. This technique is appealing to threat actors interested in weaponizing data for influence operations.

How to protect against this type of attacks

According to a recent Forrester study, 64% of global enterprise security decision makers report that they are concerned about AI technologies. To protect your enterprise AI efforts from cybercriminals, TechRepublic suggests

• Inventory AI initiatives across the enterprise

• Uphold data integrity as essential in an AI-powered world

• Assess AI technologies as both weapons and attack vectors

FILELESS MALWARE

What is it?

Fileless Malware is a dangerous type of attack that is typically found as part of an APT. As the name suggests, a file is never created, so standard antivirus file-based detection does not work against these breaches.

How to protect against this type of attacks

To protect against fileless malware, organizations need to adopt the right solution. According to Cisco, when malware bypasses the first layers of defense, continuously monitoring your processes and applications is highly effective. That is, because fileless malware attacks at the memory level.

Learn more about protecting against the invisible threats here.

MOBILE APPLICATIONS

What are they?

Mobile applications are increasingly used by companies as part of a smoother and mobile-adapted user experience strategy. For this reason, cybercriminals are particularly interested in mobile apps as customers now upload most of their personal and financial information on them.

How to protect against this type of attacks

In a world where everything is now digital, web applications are the key mean of interaction between people and their friends, family and colleagues (social media), or even brands and customers (Salesforce, HubSpot, AirBnB, etc.). When breached, web applications can cause enormous damage to companies worldwide. For this reason, it is essential to have secure web apps. Here’s how to get started

• Implement an SSL encryption strategy to protect applications that handle sensitive data.

• Configure web servers to automatically redirect all HTTP requests to encrypted pages. This will prevent passwords or session IDs from being transmitted clearly.

• Develop a secure password reset system.

• Perform risk assessments and penetration tests as much as you can

As cyber criminals find new ways to get their hands on companies’ data, IT Security professionals must stay up to date on the latest threats and techniques. This is why we developed a MUST-HAVE training course about how to detect modern cyber attacks, effectively use IDS and SIEM solutions, analyze, handle and respond to security incidents, and much more.

Aspiring to learn how to best use modern open source IDS and SIEM solutions? Discover our newly launched Incident Handling & Response Professional (IHRP) training course and get started for free 😉

 .DISCOVER IHRP. .  .GET FREE TRIAL. |

Connect with us on Social Media:

Twitter | Facebook | LinkedIn | Instagram

Author: Marine D.

Patience, persistence, and perspiration make an unbeatable combination for success. 😉