We live in a world where network security threats are increasing in scale and impact. The recent Mirai DDoS botnet attack, for example, caused global havoc and crippled popular sites including Netflix, PayPal and Twitter by exploiting vulnerabilities in connected IoT (Internet of Things) devices.
Consequently, it’s difficult to keep pace with and protect your business against the evolving cyber security threats that seem to accompany every new software release or piece of technology. Here are four growing security risks your IT department must be aware of and protect against:
- Business Email Compromise
Business Email Compromise (BEC) is a form of phishing that is estimated to have cost companies $5.3 billion globally, according to figures from the Federal Bureau of Investigation. Ransomware, by comparison, only cost $1 billion in 2016.
The Bureau also predicts such attacks will “continue to grow, evolve, and target businesses of all sizes,” and found a 1,300% increase in BEC attacks since the start of 2015.
A BEC attack takes place when a cyber criminal impersonates another high-profile individual in your company (usually the CEO). They then attempt to get a member of staff, vendor or a customer to relay sensitive information or transfer funds.
BEC attacks are highly focused. Unlike phishing scams, which often target a large number of people, an attacker will profile your company and staff. The attacker then gains access to the inbox of an executive and, using this information, they produce a convincing email that a user may fail to recognise as not legitimate. Alternatively, the attacker may email individuals from a lookalike domain, such as cisc0.com instead of cisco.com, if they cannot gain access to a company account.
The majority of such attacks rely on social engineering techniques, which makes them largely insusceptible to conventional antivirus software, email whitelisting or spam filters.
To protect your business from a BEC, you need to introduce user education and training to ensure your staff do not blindly send money or data. Multi-factor authentication can also make it more difficult for a cyber criminal to gain access to your corporate inboxes.
- Fileless Attacks
As malware becomes less effective, attackers are turning to fileless attacks to turn your legitimate applications and operating systems against you. They evade whitelisting of approved applications and are also estimated to be ten times more likely to succeed than file-based attacks.
Such attacks rely on untrustworthy sites or the download of malicious attachments. For example, a user could click on a link concealed in a spam message. They are then taken to a page where Flash is loaded, which is a common portal for attacks. Flash invokes the PowerShell tool, which exists on every Windows machine, and feeds in command line instructions in the memory. This enables PowerShell to find sensitive data and send it to the attacker - all without the user downloading any malware.
The entry point for these attacks are often your own vulnerabilities. So, make sure you patch and update your software and operating system regularly to boost your network security. Tools such as Cisco’s AMP for Endpoints also incorporate “exploit prevention” capabilities to protect against a range of fileless attacks including malicious sites and files. It achieves this by identifying and protecting vulnerable applications.
Such attacks don’t destroy or steal information from your computer, they just want to make money. An estimated 220 of the top 1,000 websites are making $43,000 over a three-week period using this dubious method.
- Encrypted attacks
While encryption is a force for good against eavesdropping and tampering with content as it passes between devices, hackers are also using encryption to conduct cyber attacks by weaponising SSL and TLS protocols. 39% of organisations experienced an SSL or TLS attack in 2016, and double the number of attacks were detected in the first half of 2017, compared to the entirety of 2016. Cloud-based apps and services exacerbate the threat as they rely on SSL/TLS encrypted traffic use.
Gartner found most organisations lack the formal network security policies to manage and control encrypted traffic and, hence, detect malicious content. Encrypted Traffic Analytics (ETA) is one method you could deploy to prevent such attacks. It identifies malware communications in encrypted traffic, extracts the relevant information and uses machine-based learning to optimise these techniques.
If you want to protect your business, up-to-date IT policies that boost your network security and protect against a wide range of threats is essential. If you want an easy and cost effective way optimise your network security and identify your vulnerabilities, click here to find out more about the Cisco Threat Scan Proof of Value programme.