Reducing Risk: Understanding the Five Most Common Cyber-Security Attacks and How to Combat them

In my previous blog “Fear of the Unknown: Navigating Tools of the New Digital Age”, I touched on the speed and scale of technological change. It is quite remarkable how much sensitive information travels through computers, servers, mobile devices, etc. While cybersecurity is often a priority for many companies, alongside growth and customer satisfaction, it’s important to note that these systems are far from prefect and there are everyday threats to be aware of. There are multiple passages through which this type of information travels, and contrary to popular belief the C-level executives aren’t the only targets or points of vulnerability. Naturally, the techniques our adversaries deploy and the weaknesses they target are in a state of constant evolution. That said, the best way to assure cybersecurity is to be aware and knowledgeable about the basic types of attacks companies, on all levels, are likely to confront.

The most common security breaches come from what is known as Phishing.  According to Wombat Security’s State of the Phish 2018, 76% of companies experienced phishing attacks in 2017. Increasingly, attackers are focusing their attention on people and not technical defenses. Basic phishing attacks simply involved asking the user for information – whether that be via a fake email, website or a phony phone call. These phishing attacks however have been further advancing as hackers have begun to gain access through malicious files. Those who are unaware of these types of attacks open an attached file or link and in turn then expose the vulnerabilities in the systems’ where data can be extorted.

While phishing is the umbrella term, it’s important to understand some of the more specific and technical tactics. Increasing cybersecurity also requires a basic understanding of the vulnerabilities that do exist within an organisations systems.

While cybersecurity teams are doing their best to improve their systems, there are ways individuals are able to further protect sensitive information from falling into the wrong hands. By simply staying informed and informing others of the common, yet most effective cyber-attacks, people will be able to create extra levels of security from behind their own screens.

The following is a list of the most common cyber-attacks people should be aware of:

#1 Phishing – Like actual “fishing” attackers throw bait, usually but not limited to a form of an email, and hope for a bite before reeling in information. Phishing can include fake emails from known email addresses, a fake call from IT support, or even a bogus discount offer from a well-known brand. Breaking through a security wall is difficult, it’s easier for hackers to find an unguarded back door, this is where the phishing comes in.

Emails are an essential form of communication for any organisation, regardless of size, and therefore cannot be removed all together. Instead, information security leaders’ best chance for protecting their data is to keep users well informed as well as ensuring technology safeguards are in place and up to date and. Some of the other forms of phishing are known as vishing(phishing via voice calls) or smishing (via text messages). By keeping users informed of what risks look like through various modes of communication, a stronger agency towards cyber-security will be created.

#2 Credential Theft and Reuse – Creating various complex passwords for multiple platforms and expecting people to remember them can be quite a handful. However, for cyber-attackers it’s their bread and butter. This is due to the fact that most people use the same password over and over again with little to no variation. This grants cyber-attackers access to multiple sources of information.

One tip that information security leaders can offer is the use of password managers. These managers not only help generate strong passwords making them harder to crack but are also able to store them so that users aren’t burdened with memorising a plethora of passwords. These password managers can and should also include multifactor authentication in an effort to further limit the adversaries ability to steal sensitive passwords.

#3 Web Services Exploits – Attackers also likely to take advantage of SQL by running malicious code to extract damaging information. Information such as credit card numbers, Medicare numbers, usernames and passwords become readily available to cyber-attackers simply by running malicious code. Attackers are constantly looking and challenging the system’s weak points looking for any type of entry, which can grant them access to dangerous amounts of sensitive information. This is where regular patching and application hardening come into play.

#4 Water Holing – A water hole attack targets groups who frequently visit a specific site. Once a site and a group are targeted, the site is infected with malware. Unsuspecting victims then install corrupted files giving attackers access to a larger network. This type of attack uses low security employees to gain access to high security organisations. This further demonstrates the importance to keep employees of all levels informed of the various cyber-security dangers that they are exposed to.

#5 Business E-mail Compromise – BEC is a combination of phishing and credential theft. This type of attack usually begins by gaining information through basic phishing. However, once access is gained attackers are able to gather information on a number of different corporate assets. Employees can fall into the trap of fake emails that resemble an email sent from the CEO or other high executives, with what appears to be a genuine request such as paying a supplier.  The payment is initiated and sent to an account controlled by the bad guys.

One way for organisations to protect themselves is to create a system that verifies the authenticity for all transfer requests. This system can include detection rules that would require:

• Emails with extensions that are similar to company e-mail to be flagged
• Where the “reply” email address is different from the “from” email address to be flagged
• Colour coding to distinguish emails from within the organisation to differentiate those coming from external accounts
• Require a multi factor authentication system for any vendor payments.

The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to assist organisations in protecting their systems against a range of cyber threats.

While no single mitigation strategy is guaranteed to prevent cyber security incidents, organisations are recommended to implement eight essential mitigation strategies as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems. Furthermore, implementing the Essential Eight proactively can be more cost-effective in terms of time, money and effort than having to respond to a successful large-scale cyber security incident.

The Essential Eight are:

1. application whitelisting – to control the execution of unauthorised software
2. patching applications – to remediate known security vulnerabilities
3. configuring Microsoft Office macro settings – to block untrusted macros
4. application hardening – to protect against vulnerable functionality
5. restricting administrative privileges – to limit powerful access to systems
6. patching operating systems – to remediate known security vulnerabilities
7. multi-factor authentication – to protect against risky activities
8. daily backups – to maintain the availability of critical data.

Find more information – HERE

Author: Chris Starsmeare, CEO Diversus Group