NetworkTigers discusses how your network security failed you this year.
Did your business make it safely through another quarter without a data breach or hacking scare? Think again! New research reveals many ways that your network has been attacked this year without you even knowing it. Some of these methods may not have succeeded, while others could be stealing your information immediately without you or your incident responders realizing it. Some of the latest attack methods don’t involve endpoints, so they bypass EDR. Others don’t touch customer networks, allowing them to escape network detection entirely.
Gone phishing
Any network security warning in today’s day and age has to discuss phishing. Phishing, or posing as a reliable source to gain access to confidential or sensitive information, is far and away the most common cyberattack worldwide. Phishing is only becoming more sophisticated, as well as more prevalent, in 2023. Over 500 million phishing attacks were reported in 2022, or around double the number of reported phishing attacks in 2021. Reported losses due to phishing in 2022 skyrocketed to $52,089,159 in the United States alone.
Phishing can occur over email, text, and, more recently, via SaaS. The last of these has the most potential to remain undetected. A multi-stage cloud phishing attack combines traditional email phishing (or “smishing,” meaning SMS-hosted scam messages) with additional phases to cast a veneer of authenticity while penetrating deeper into data storage systems.
A multi-stage cloud phishing technique might look something like the following:
- A hacker (or hacking group) hosts a fake invoice, manual, or other document on cloud services. This document may seem secure and legitimate as it appears “in-app.”
- An employee downloads or enables viewing of the dangerous PDF
- The hacker gains access to a legitimate employee’s email and/or establishes a new Cloud-based account on a rogue device in their name based on the initial engagement with the fake document
- The attacker uses the legitimate user account information to send phishing emails to other contacts in the system, like employees, vendors, and clients
- The attacker comprises other employee accounts by using internal phishing and malware
Browser in the browser (BitB) attacks
Browser in the browser or BitB attacks are an almost undetectable network security threat. BitB attacks simulate pop-up windows within trusted browsers, taking advantage of websites’ popular third-party single sign-on (SSO) option. When users go to “Sign in with Google” (or other data-sharing accounts, like Apple, Microsoft, or Facebook), they are usually greeted with a pop-up window to authenticate their request. A penetration tester and security researcher who goes by mrd0x on Twitter explained how BitB attacks can be made to seem virtually indistinguishable from the real thing. “JavaScript can be easily used to make the window appear on a link or button click, on the page loading, etc.” the technical writeup shared. “Combine the window design with an iframe pointing to the malicious server hosting the phishing page, and it’s indistinguishable.”
BitB attacks erode confidence in URL authentication and may be underway at any pop-up checkpoints within your network. With a simple blend of CSS and HTML code in their arsenal, BitB attacks may have already hacked your network without you realizing it.
Credential stuffing
In 2022, Microsoft tracked 1,287 password attacks taking place every second. This adds up to more than 111 million per day. The Chief Information Security Officer for Microsoft, Bret Arsenault, sums up the situation succinctly: “Hackers don’t break in – they log in.” Insecure passwords are just one risk to your network infrastructure. One of the most potent ways hackers can get their hands on your password without you ever realizing it is through credential stuffing. Once one password has been exposed through a data leak, usernames and passwords (together known as “credentials”) can be submitted via automation to scores of other websites to gain more sensitive information. The ripple effect of credential stuffing cannot be overestimated since it stems from one possibly overlooked breach to create a larger issue.
Additionally, with the evolution of AI capability, password security is more in doubt than ever before. AI systems offer the potential to “brute force” a password leak by guessing infinite combinations of secured words and phrases based on common patterns and previously released risk factors.
SaaS to SaaS attacks
How recently have you checked your integrations? SaaS to Saas attacks are rising, as some hackers piggyback onto legitimate apps to create shadow workflows. Take Zapier, a highly trusted vendor that boasts over 5,000 integrations. An attacker who has compromised a SaaS app integrated into Zapier could leech data such as bank account numbers, email logins, and more without being detected by incident responders.
The bottom line? With so many attacks, phishing scams, and malware incidents happening every second, it’s impossible to say for certainty that your network system was not attacked this year, even if you didn’t know it. But by taking data privacy seriously, you can ensure that your network has the best chance of stability and survival, even after a serious threat attempt.