Common Cybersecurity Threats, their prevention, and possible Mitigation
Cybersecurity is at the forefront of technological colloquy, as information is the nucleus of the technological revolution, and the one who possesses information reigns supreme over the others. This information can be accessed and utilized against the owner of the said information by miscreants who would most likely profit from such actions. Although there are sundries of laws that prosecute such miscreants, it is the age-old saying that comes to mind that proves preventing a possible threat facilitated by a vulnerability in the system is better than mitigating its after-effects- “Prevention is better than cure”.
It is imperative to understand the distinction between a cyber-attack and a cybersecuritythreat. A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computer devices. Whereas a Cybersecurity threat is a potential negative action or event facilitated by a vulnerability that results in an undesirable impact on a computer system or application.
There are millions of cybersecurity threats that people encounter on a daily basis whilst going about their day, it is estimated by a Clark School study at the University of Maryland that there are 158,727 attacks per hour, 2,645 attacks per minute, and 44 attacks every second of every day on average across the global spectrum. In fact, there would have been 189 attacks across the world by the time you read this sentence. These attacks are caused by exploiting vulnerabilities in the system and these weaknesses are termed threats. By the end of this article, you will have an introductory ode to the world of Cybersecurity threats, their inhibition, and mitigation.
The following are the main cybersecurity threats faced by individuals and organizations:
Malware- intrusive software that is designed to damage systems it finds itself in.
Phishing- a technique for attempting to acquire sensitive data through fraudulent solicitation.
Password Attacks- refers to any of the various methods used to maliciously authenticate into password-protected accounts.
DDoS- is a category of malicious cyber-attacks that are employed in order to make an online service, network resource, or host machine unavailable to its intended users on the Internet.
Man in the Middle- An attack in which an attacker is positioned between two communicating parties in order to intercept and/or alter data traveling between them.
Drive-by download-Unintentional download of malicious code to your computer or mobile device that leaves one susceptible to a cyberattack.
Malvertising- attack in which perpetrators inject malicious code into legitimate online advertising networks.
Rogue Software- is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that installs malware on their computer.
Malware is an all-encompassing term for a variety of cyber-attacks including Trojans, viruses, and worms. Malware is simply defined as code with malicious intent that steals data or destroys something on the system it is hosted on. The purpose of malware is to intrude on a machine for a variety of reasons. From the theft of financial details to sensitive corporate or personal information, malware is best avoided, for even if it has no malicious purpose at present, it could well have so at some point in the future. Downloading infected files as email attachments, from websites, or through filesharing activities and OS vulnerabilities. Clicking on links to malicious websites in emails, messaging apps, or social network posts are popular proliferation method.
Use secure authentication methods
Use administrative accounts only when necessary
Update software consistently
Adhere to the least-privilege model. Adopt and enforce the principle of least privilege: Grant users in your organization the minimum access to system capabilities, services, and data they need to complete their work.
Implement email security and spam protection
Steps for mitigation of malware once the system is affected as stated by ncsc.gov.uk :
Immediately disconnect the infected computers, laptops, or tablets from all network connections, whether wired, wireless, or mobile phone-based.
In a very serious case, consider whether turning off your Wi-Fi, disabling any core network connections (including switches), and disconnecting from the internet might be necessary.
Reset credentials including passwords (especially for administrator and other system accounts) - but verify that you are not locking yourself out of systems that are needed for recovery.
Safely wipe the infected devices and reinstall the OS.
Before you restore from a backup, verify that it is free from any malware. You should only restore from a backup if you are very confident that the backup and the device you're connecting it to are clean.
Connect devices to a clean network in order to download, install and update the OS and all other software.
Install, update, and run antivirus software.
Reconnect to your network.
Monitor network traffic and run antivirus scans to identify if any infection remains.
Phishing is when attackers send malicious emails, communications, or messages designed to trick people into falling for a scam. Typically, the intent is to get users to reveal financial information, system credentials, or other sensitive data.
Types of phishing attacks:
Spear Phishing -A Spear Phishing attack occurs when a phishing attempt is crafted to trick a specific person rather than a group of people. The attackers either already know some information about the target, or they aim to gather that information to advance their objectives.
Whaling- Whaling is targeted to specific individuals such as business executives, celebrities, and high-net-worth individuals.
Smishing- Phishing is done by dint of SMS messages.
Vishing – Phishing is done by dint of phone calls and verbal solicitation under falsified pretenses.
Regular Security Awareness & Phishing Training
Internal Phishing Campaigns and Phishing Simulations
Using anti-phishing software
Follow safe Internet practices and protocols and exercise general caution
A password attack refers to any of the various methods used to maliciously authenticate into password-protected accounts. These attacks are typically facilitated through the use of software that expedites cracking or guessing passwords.
There are three common methods employed to authenticate passwords:
Brute force attacks- A script/ computer program is used where the most possible password combination is surmised based on trends and known information.
Dictionary attacks- A script is used to cycle through the combination of common words used in passwords, and the most likely combinations are preferred here, unlike brute force attacks where a large repository of combinations is tried.
Key Logger attacks- A program tracks all of the user’s keystrokes and the passwords and login IDs are stored, involves installing malware onto the system that tracks the user’s keystrokes.
Updating passwords according to the latest password policies.
Using Alpha-numeric characters, and using security questions.
Using multi-factor authentication for logins.
DDoS- Distributed Denial of Service
DDoS Attack, also known as a "Distributed Denial-of-Service (DDoS) Attack," is a type of cybercrime where the perpetrator overwhelms a server with internet traffic in an effort to prohibit users from accessing linked websites and online services. This attack preliminarily focuses on disrupting the service of a network, and usually involves sending a high volume of data through the network until it gets overloaded and no longer functions.
Keep up with regular software updates, online security monitoring, and data flow monitoring, to monitor unusual traffic.
DoS attacks can be perpetrated by simply cutting a table/dislodging a plug that connects your website to the internet, hence physical monitoring is encouraged as well.
Man in the Middle
An attack in which an attacker is positioned between two communicating parties in order to intercept and/or alter data traveling between them. One major occurrence of Man in the Middle attacks is active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
Methods involved in Man in middle attacks:
Attack on encryption: Bypassing SSL/TSL protocols between client and server.
HTTPS Spoofing: Creating fake HTTPS by spoofing the address of a legitimate website
SSL Hijacking: Hijacking a user’s legitimate session and feigning to be the user
SSL Stripping: Involves reducing the security of a website’s connection so as to access client and server communication
Interception: The communication protocol layers are used to intercept the conversation between two nodes on the internet.
IP spoofing: When a cybercriminal spoofs the IP headers of the TCP packets transferred between two devices that trust each other, they can redirect the traffic to their chosen location.
ARP Spoofing: ARP spoofing allows an attacker to send a phony address resolution protocol (ARP) message via a local area network (LAN) to deceive the server into trusting it, ultimately misdirecting all the traffic to their device.
Automatic Proxy Discovery Attack: A web proxy is established in enterprises where security is a primary concern. All the web traffic passes through the proxy server after a thorough inspection of all the application layers for possible threats. WPAD (web proxy auto-discovery) is a protocol designed to assist clients in discovering the proxy automatically.
DNS Spoofing: Replacing a legitimate IP address in a DNS server’s records. By doing this, the attacker can misdirect site visitors’ clients to a fake website instead of the real one.
BGP Misdirection: BGP misdirection is an attack where a cybercriminal redirects internet traffic to a malicious route by spoofing the IP prefixes.
Use of VPN
Use only secure connections
Opt for endpoint security
A drive-by download is when malicious code is unintentionally downloaded into a computer or mobile device, exposing users to various hazards. The malicious code is designed to download malicious files onto the victim’s PC without the user being aware that anything untoward has happened. A drive-by download abuses insecure, vulnerable, or outdated apps, browsers, or even operating systems.
Website owners can prevent drive-by downloads by doing the following:
Keep all website components up to date. This includes any themes, addons, plugins, or any other infrastructure. Each update likely has new security fixes to keep hackers out.
Remove any outdated or unsupported components of your website. Without regular security patches, old software is perfect for frauds to study and exploit.
Use strong passwords and usernames for your admin accounts. Brute force attacks give hackers an almost instant break-in for default passwords or weak ones like “password1234.” Use a password generator alongside a password manager to stay safe.
Install protective web security software on your site. Monitoring software will help keep watch for any malicious changes to your site’s backend code.
Consider how your advertisement use might affect users. Advertisements are a popular vector for drive-by downloads. Be sure your users aren’t getting recommended suspect advertisements.
Endpoint users can prevent drive-by downloads by doing the following:
Only use your computer’s admin account for program installations. Admin privileges are necessary for drive-by downloads to install without your consent. Since this setting comes default on your main account, use a secondary non-admin account for daily use.
Keep your web browser and operating system up to date. New patches help seal gaps in their defenses where drive-by-download code could burrow in. Do not wait or delay — install these updates as soon as they release.
Be wary of keeping too many unnecessary programs and apps. The more plug-ins you have on your device, the more susceptible you are to infection. Only keep the software you trust and use often. Also, remove any older apps that no longer receive updates.
Use an internet security software solution on all your devices. Products like Kaspersky Security Cloud automatically keep your malware definitions up-to-date to spot the latest threats. They also can scan websites proactively to block known compromised sites.
Always avoid websites that may contain malicious code. Sites that offer file-sharing or mature content are common points of infection. Only visit mainstream sites you normally use or at least well-established sites to improve your chances of staying clean.
Carefully read and examine security popups on the web before clicking. Scammers use deceptive popup ads on desktop and mobile browsers that look like legitimate alerts. To avoid being linked to an attack site, watch for typos, odd grammar, and grainy images.
Use an ad-blocker. Drive-by download attacks often use online ads to upload infections. Using an ad blocker can help reduce your exposure to this type of attack.
Malvertising, often known as malicious advertising, is a relatively recent cyberattack method that involves embedding malicious code in online advertisements. These infected ads are typically delivered to customers through reliable advertising networks, making them difficult for both internet users and publishers to detect.
In a malvertising attack, harmful code is injected into networks of trustworthy internet advertising. Users are often redirected to fraudulent websites using the code.
Malvertising is typically confused with ad malware or adware—another form of malware affecting online advertisements.
Malvertising involves malicious code which is initially deployed on a publisher’s web page. Adware, however, is only used to target individual users.
Malvertising only affects users viewing an infected webpage. Adware, once installed, operates continuously on a user’s computer.
How can end-users help mitigate malvertising?
Antivirus software can protect against some drive-by downloads or malicious code executed by malvertising.
Ad blockers offer good protection against malvertising, because they block all ads, together with their malicious elements.
Avoiding the use of Flash and Java can protect users from many vulnerabilities that are commonly exploited by malvertising.
Updating browsers and plugins can prevent many malvertising attacks, in particular those which operate before the user clicks the ad.
How can publishers help mitigate malvertising
Carefully vet ad networks and inquire about ad delivery paths and security practices.
Scan ad creative intended for display to discover malware or unwanted code.
Web Application firewalls can help protect against some malvertising threats, by using a signature, behavioural, and reputation analysis to block malicious code execution or requests arriving from non-trusted sources, along the ad delivery chain.
Rogue security software is a type of malicious software and online fraud that tricks consumers into thinking their computer has a virus and tries to persuade them to pay for a phony malware removal program that in fact installs malware on their computer. Mobile applications known as "rogue apps" are created to spoof well-known businesses in order to obtain illegal access to data that may be used to carry out fraudulent operations.
Practice online skepticism. Be aware that rogue security software does exist on the Web, and be vigilant about avoiding it. These programs are designed to appear genuine – meaning they may mimic legitimate programs, use false awards and reviews to rope you in, or employ other deceptive tactics. It’s also a good idea to familiarize yourself with common phishing scams and to be cautious of links in e-mail messages and on social networking sites.