We live in an age where, unfortunately, it is essential for us all to be adequately protected from the various dangers we, and our devices and networks, may encounter online. In order to combat these cyber threats, the cyber security industry is working tirelessly to try and outpace those that may wish to do harm to us or our technologies. In this series of articles, we’ll be looking at what cyber security is overall, what the threats we face are, and how we could overcome the challenges we face using various different cutting-edge technologies currently in development.
In part one of this three-part series of articles, we introduced the concept of cyber security and detailed a basic overview of how it came about, what the purpose of cyber security is and why it is becoming increasingly important. In this article, we’ll be looking at some of the biggest threats businesses or individuals may come across, how they work, and how best to protect against them.
As was mentioned in the previous article, the need for cyber security has dramatically increased over the past 20 years as a combination of new technologies, increasing digitization, and evolving threats having reached a standard of sophistication that makes them potentially devastating.
From evermore complex and insidious worms and malware to increasingly well-resourced hackers backed by nation states, the cyber security threats faced today are capable of doing a huge amount of damage, both to network systems and physical infrastructure. As well as these types of attacks, there are also the threat of compromised employees and having inadequate network security practices in place to worry about.
What Are the Biggest Threats?
There are a multitude of different kinds of cyber-attacks businesses and individuals can become victim to, and many of them are becoming harder and harder to distinguish from regular, everyday network traffic.
As technologies become more advanced and become increasingly integrated into our business and personal lives, a vast collection of different Internet of Things (IoT) and smart devices and technologies, as well as the private and sensitive data they collect, the systems the run, the services they enable and the infrastructure they protect all become vulnerable to an equally vast number of cyber-hazards.
The best way to protect against any cyber-attack is to understand how the attack works and how it could affect you, so, let’s take a look at ten of the biggest cyber security threats businesses and organisations in a variety of different industries and sectors face today.
A phishing attack is typically defined as an attempt by hackers or fraudsters to impersonate a business and trick you into giving out sensitive or personal information. Usually, these types of attack come in the form of an email that will contain a link enclosed. When users click this link, they will be redirected to a fake site that will attempt to steal their details.
In some more advanced cases, merely clicking the link is enough to install malware on a system and give access to your data and files. Protecting yourself against phishing attacks mainly comes down to being security savvy and being able to spot potential fraudulent emails.
Malware can be viewed as a collection of different cyber-attacks including viruses and ransomware and is roughly defined as malicious code with the intent on stealing or destroying something on a computer or network. Once, ransomware, for example, is uploaded or downloaded onto a computer, it immediately encrypts the users hard drive and files and proceeds to demand a cash sum for their release.
As if that’s not bad enough, there are also no guarantees that, should the user pay the demand, they’ll get their files or computer back at all. Protecting yourself from malware uses much of the same logic as protecting yourself from phishing emails. Spam links and ads may seem tempting but, as with most things, if something sounds too good to be true, it is, and it’s probably malware too…
Cousins of the traditional computer virus, network travelling worms don’t pose as much of a threat as they once did, however, that doesn’t mean they can’t still wreak havoc on an infected network. Famous examples include Conflicker and Zeus the latter of whom was spread using phishing methods to send messages through Facebook and email.
Worms are yet another example of how being clued-up when it comes to cyber threats can help prevent exposure to this and other types of malware. Suspicious links in emails from anonymous senders are a big clue that something isn’t quite right. And if you do end up opening an email or clicking a link, report it immediately so attempts to mitigate infection can begin.
Password attacks are attempts by hackers to crack your password and they come in a number of different forms. Brute Force attacks use automated software on the hackers own system to produce huge numbers of guesses while others use software that could try to use different popular word combinations.
As you may have guessed, strong passwords are the best way to protect against these types of threat. Passwords such as “1234567890” or “Password123” are weak attempts at protection and will most likely be featured in any hackers password cracking software.
Denial-of-Service attacks attempt to disrupt and overload the service to a specific network. They usually consist of a hacker taking control of a large number of machines and using them to send vast amounts of traffic or data through the target network. This overload of connection requests causes the disruption to network services and can have huge impacts on businesses online access and services should the fall victim to one.
Regular maintenance and patch updates to a modernized, upgradeable security system are one of the best ways to avoid DOS attacks, however, most modern attacks of this kind are largely aimed at international corporations and governments, usually in protest of a civil or political issue.
Distributed Denial-of-Service attacks are a type of DOS attack where multiple systems infected with Trojans (Usually RAT Trojans, more on those later) are utilized in order to target a single system. Hackers will often have infected large numbers of computers and systems with malware that will then allow them to manipulate and control the network or device.
Once the attacker feels they have a large enough collection of infected systems (a botnet) to begin, the attack begins. The difference between a DOS attack and a DDOS attack mainly comes down to the numbers involved. DOS attacks typically use only a single computer to attack their target, whereas a DDOS attack takes advantage of large numbers of infected systems and combines them to target a single computer or network.
Man in the middle or MITM attacks look set only to increase as the Internet of Things enables further connectivity with our smart devices and vehicles as they also become more widely available. MITM attacks involve a man in the middle impersonating the endpoints in an online information exchange and intercepting information from both entities involved in the exchange.
These attacks can be particularly damaging, for example, if the MITM is impersonating your bank in an online exchange as you risk unknowingly handing over your sensitive financial information to a hacker. Using only encrypted, WPA or greater access points can ensure relative safety from these kinds of attacks.
SQL Injection Attacks
SQL stands for Structured Query Language and is a programming language used for communicating with databases and is used by many of the servers holding essential data for websites to manage the data in their databases. SQL attacks work by specifically targeting these servers in order to get them to produce information they would usually be protecting by entering or “injecting” customized code.
SQL servers that are vulnerable to injection attacks can be extremely problematic as data such as credit card information, personal details and more can all be made available to hackers for malicious purposes such as theft, defamation or blackmail.
Remote Access Trojans
Remote access trojans or RATs are types of malware that include a backdoor for remote access to an infected computer or network. As with most other types of malware, remote access trojans can come in the form of emails and links as well as being downloaded invisibly in the background along with something the user themselves has chosen to download (a game, music etc.).
Once they’re on the now infected system, the hacker could choose to try and infect other systems from the one it currently occupies in order to create a bot net that could then be used for other malicious purposes such as DOS attacks.
Logic and time bombs are malicious software that are designed to cause damage to a computer or network after certain system conditions are met or after a certain amount of times has passed. Logic bombs have been known to be used as blackmail devices in the corporate world.
An example would be an employee who sets up a logic bomb to go off in his employers network if he doesn’t log in for 21 days as he feels he may be fired, once the employee is actually fired, he used the logic bomb to financially blackmail his employer into paying him to disclose its location. In order to best deal with logic or time bombs, regular back-ups of a system can help to lessen the damage caused if one ever were to happen.
A more detailed explanation of these threats and other network security concepts can be found on our knowledgebase page here.
Real World Examples
Due to our increasing reliance on networked technologies and Big Data, examples of major cyber-security attacks are commonplace. Worms, viruses, hacktivists and rogue employees have all targeted a growing number of large and small corporations and institutions and shown that, at present, no one is safe from all the threats we face.
The following examples have showcased how powerful a weapon cyber-attacks can prove to be and how effectively they can be used when in the hands of well-resourced, automated, or determined enough minds.
In 2017, a strain of ransomware known as WannaCry wreaked havoc across hundreds of thousands of targets, including the National Health Service of the United Kingdom. The ransomware was able to cripple hospital operations, including delaying some emergency medical procedures. US officials were allegedly moderately confident that WannaCry was a North Korean government project that got out of hand.
Another strain of malware that went global shortly after the WannaCry attacks, only this time it targeted Ukraine particularly hard with services such as power companies, airports, public transit, and the central bank being affected as well as in other countries such as American pharmaceutical company Merck and Russian oil company Rosnoft. Both WannaCry and Petya/NotPetya are thought to have utilised windows exploits as part of their operating mechanism.
US Nuclear Power Plant
Recently, reports of attacks on a number of US-based nuclear station were reported by a number of major US news outlets with only the Wolf Creek Nuclear Operating Corporation, based out of Kansas, being named. It was reportedly heavily suggested that spear phishing was the technique used to gain access to otherwise restricted control systems. Email attachments that could spark major nuclear incidents are just one of many reasons why cyber security has become a top priority over the past few years.
Iranian Nuclear Power Plant (Stuxnet)
Stuxnet was a malicious computer worm responsible for targeting the supervisory control and data acquisition (SCADA) systems controlling several centrifuges at an Iranian nuclear facility in 2010. Stuxnet was a particularly virulent worm, capable of infecting the USB sticks that transmitted it so that whatever device they were then connected to would also receive the worm. Experts have suggested that Stuxnet may have been a joint project between the United States and Israel, however, the truth behind the worm’s origin is still unknown.
As has been mentioned various times throughout this article, understanding the threats we face is our best chance of being able to adequately protect ourselves from them. Without knowing how they may affect us, we’d never know how best to defend the systems and networks we have come to so depend upon.
In the 3rd and final article in this series about cyber security, we’ll be looking at how best to build bespoke cyber security systems that provide the protection you need, as and when you need it.