NetworkTigers discusses how hackers bypass cybersecurity and the steps you can take to ensure your defenses are not breached.
Despite increasing prioritization and budget allocation, cybersecurity risk has never been higher. From tried-and-true tactics to sophisticated new attacks leveraging AI to create convincing messaging enough to trick even savvy victims, organizations still need to work hard to build networks with robust, agile security protocols.
Here are ten ways that companies still get hacked and how IT administrators can work to avoid being victims.
1. Phishing attacks
Phishing attacks are one of the oldest tricks in the book. Yet, they remain effective because they prey on a vulnerability that can never be remedied with a software update or security patch: human gullibility.
Keeping up with the increasing public awareness of internet scams and fake messages, phishing schemes are becoming harder to spot. Attackers use language learning models and AI to generate copy in the native language of their targeted victims, making the telltale typos and improper grammar of previous efforts no longer as readily apparent.
Phishing takes many forms, from massive email blasting campaigns to highly targeted text messages designed to fool a specific individual.
Because phishing attacks take advantage of a human participant, software-based mitigation techniques such as multi-factor authentication and email filters can only go so far. The best defense against phishing is ensuring people have the training to identify red flags.
2. Zero-day exploits
A zero-day exploit exploits a software flaw before a developer can patch it. Threat actors are always probing for bugs they can use to their advantage, and they are quick to pounce on issues that slip through the cracks. The longer a developer takes to close the gap, the more opportunities there are for hackers to have their way.
Preventative measures are required to protect networks from zero-day exploits. Properly configured firewalls can identify and filter suspicious activity before the actual nature of the threat is identified. A network intrusion protection system (NIPS) should also be implemented to monitor network activity and react to any instances that deviate from expectations. Restricted network access can also help limit the damage possible should a threat actor make their way in.
3. Credential stuffing
Hackers buy and sell huge lists of usernames, passwords, and other login data that may be stolen from platforms that have nothing to do with business operations. However, login credentials that are the same across multiple accounts can give threat actors the keys they need to bypass security and wreak havoc where it’s least expected.
To prevent credential stuffing attacks, the same password should never be used on more than one account. Multifactor authentication should be implemented and passwords should be periodically changed to keep criminal databases out of date.
4. DDoS attacks
Distributed Denial of Service (DDoS) attacks seek to overwhelm a network with junk traffic from botnets. This hampers a victim’s system and prevents legitimate users from accessing it without interacting with the network itself.
DDoS mitigation tools are available to monitor network traffic and activity and respond accordingly to sudden bursts of unexpected or suspicious activity. Networks should be built with as few bottlenecks as possible, and data centers should not be on the same network. Moving to the cloud can also be beneficial, as cloud-based networks can access more bandwidth than on-premise alternatives.
5. USB dropping
Internet-facing security can be watertight and still not prevent an attack leveraged using physical media. A USB drive with malicious content can be connected to a victim’s device to bypass security measures. Users can also unwittingly transport viruses and malware from one location to another if they are regularly swapping out USB drives between home and work devices.
To prevent attacks of this nature, employees should be trained on the risks of using unknown USB drives. Media used for business networks should be limited to that end and not circulated amongst devices that are not beholden to the same degree of security.
6. Insider threats
Hackers are resourceful, sometimes grooming employees to use as a means of intrusion. Workers may be disgruntled or bitter toward their employer, and if an opportunist happens to find them saying as much on social media, they may attempt to collaborate with them in exchange for money or, in some cases, simply out of spite.
To mitigate this kind of threat, tight access controls and user activity monitoring should be implemented. Network users who are fired or laid off should have their login credentials canceled immediately.
While there is no surefire way to keep a worker from looking to sabotage or hack their employer, maintaining high employee morale and job satisfaction are key ingredients in preventing acts of vengeance.
7. Malware
Malware can come from many places and plagues individual users and major organizations. From downloading a malicious app onto a device to opening an attachment posing as a harmless document, malware delivery takes many forms. It is a constant online threat that can let hackers bypass security by installing backdoors.
Antivirus software can prevent malware infections. All apps, platforms, and operating systems should be kept up to date automatically to ensure the latest security updates are installed. Pop-up windows are not to be trusted, and email or SMS attachments should be scrutinized closely before opening. Software and apps should only be downloaded from legitimate marketplaces and websites.
8. Social engineering
Social engineering is the term used for what essentially comes down to tricking an individual into handing over otherwise protected data or login credentials. This can be performed over the phone, email, or text messaging. It is often used in concert with phishing attacks and usually involves a criminal impersonating someone else to get what they’re after.
The effectiveness of a social engineering attempt always depends on the target’s ability to identify that they are being scammed. As a result, training is essential. Protocols should be implemented to allow employees to check the legitimacy of a request. While not foolproof, multi-factor authentication can also help keep intruders at bay, even if they have the proper usernames and passwords.
9. Man-in-the-Middle (MitM) attacks
A Man-in-the-Middle attack occurs when a third party can intercept communications between two other parties without their knowledge. The attacker may eavesdrop and gather intelligence or alter and influence the conversation by stepping in and assuming the identity of one of the involved people.
Hackers commonly launch MitM attacks by creating a rogue access point that allows devices to connect to it. These can pose as public Wi-Fi access points, using the same name as a business or cafe, for example, and therefore go unnoticed by victims who log in, assuming they’re using a legitimate service.
MiTM attacks can be prevented by using a VPN. Wi-Fi connections should implement strong password hygiene, and logging in to personal and business accounts where sensitive data can be accessed should be avoided at all costs while on public Wi-Fi.
10. Supply chain attacks
Hackers have discovered they can bypass security features in otherwise impenetrable systems by hacking third-party partners that may not be quite as invested in their cybersecurity. A vulnerability in a vendor’s network may allow a criminal to access information belonging to their intended target and, therefore, avoid having to contend directly with their protections. This may come in the form of accessing email attachments and messages or hijacking the account of a third-party vendor to then pose as them for nefarious purposes.
Supply chain attacks can be prevented by carefully vetting vendors to ensure they follow strict security guidelines. Rules should be put in place to mitigate risk, and adherence to those regulations should be observed and enforced firmly.
