My August column dealt with defining different types of malicious software (malware). This month we’ll look at some of the different types of attacks that can be directed at your computer system.
A typical conversation between an email end user and the helpdesk might go something like this:
End user: Hi, I just received an email. It looks as if it is from UPS. They want to confirm my address information. However, I do not remember ordering or shipping anything. What should I do?
Helpdesk: Someone is “phishing.” Ignore the email and delete it.
End user: Ok thanks. (Hangs up and thinks, what is “fishing”? Should I be worried?)
Understandably, the user is now confused. Although the helpdesk person is correct, he or she did not take the time to explain what “phishing” is and why it is important to take the suggested steps. The helpdesk person also did not ask the user to forward the email to them for analysis.
Lately, there has been an increase in the number attacks directed at networks. There are also many different ways that a computer system can be attacked.
Most people probably know that any system connected to a network is vulnerable to various types of attacks. Surprisingly, though, even systems that are not connected can come under attack.
This article will discuss some of the most common attack methods.
Attack Types Defined
DoS – Denial of service is an attack that prevents a system from doing the work it was designed to do or communicating to other systems within its network. There are two common types of DoS attacks. The first will take advantage of a flaw or weakness in a vulnerable feature within the software. The attack can consume all the system’s resources and cause the system to hang up or freeze, rendering it incapable of performing its intended function. The second type takes control of a system’s communications resources, filling them up with bogus traffic. As a result, the system is unable to send or receive normal network communications. Both of these DoS attacks prevent systems from performing normal operations. These attacks typically come in the form of Trojans and Botnets. The best way to counteract DoS attacks is to harden your perimeter defenses with the use of firewalls, routers, and third-party services that can automatically block ports or filter a network by source or destination address.
Spoofing – This is the act of falsifying data. Falsifying data normally involves hiding the attacker’s network address (source address) and showing a legitimate address in its place. This makes it difficult to identify an attacker. By spoofing a source address, an attacker can redirect a response or replies to some other location. Spoofing can be used to redirect traffic, steal data, and falsify websites. Spoofing commonly comes in the form of unsolicited email. To protect yourself from spoofing, you can use spam filters and program firewalls to drop inbound traffic that has your internal addressing or any local area network (LAN) addressing in its scheme. Explanation: Every computer network has its own range of Internet Protocol addresses. Networks communicate with each other internally using internal addresses. When traffic comes in from the outside, they will have an external Internet Protocol address that enables the network to know it is dealing with traffic that is not internal.
Replay – With this sort of attack, an attacker tries to capture internal network traffic and then resend it to the network to gain unauthorized access. Usually, an attacker concentrates on authentication traffic. This is how login credentials are captured. If this occurs when an attacker replays a captured transmission back to the network, the attacker may be able to gain access to the network. As a result, the attacker has all the privileges of the attacked user. Fortunately, most of the newer operating systems have built-in protection and mechanisms to prevent this type of attack.
Phishing – This is trying to obtain personal data by masquerading as a reputable and trustworthy entity (a merchant, insurance provider or a bank, for example) in an electronic communication. Although this can be done over the phones or using websites, email is the most common method of attack. Phishing takes advantage of a person’s willingness to trust what might seem like a legitimate third-party communication. The best countermeasures are to never open unexpected email attachments and never share confidential information through communications you did not initiate.
Spear Phishing – This is the same as phishing except that it is aimed at a specific person or group of people.
Pharming – This is the act of redirecting a valid website’s address to a fake website. The attack occurs when malware changes the attacked computer’s Domain Name System settings. As a result, even typing in a correct website address will cause a victim to go to the wrong website. It is important to note that it can be difficult to tell if you are on a legitimate site or not. Many of today’s attackers are very sophisticated and may have built nearly exact replicas of targeted sites. The targeted sites are those normally operated by financial institutions. Some of the countermeasures that can be taken entail being sure not to open links within unsolicited emails and reviewing website addresses within a search before clicking on a link. Tip: With most browsers, you can hover your cursor over a link to see where it will take you.
Privilege Escalation – This occurs when users are able to get greater access than they are assigned. This can happen by accident or administrative oversight. The term, however, usually refers to intentional abuse to gain access to a system. An attacker can use hacker tools to take advantage of a flaw in an operating system. This sort of attack can also take place using credentials that have been compromised. The bottom line is that privilege escalation is a major security violation. If left unchecked, it could compromise your entire network. To prevent privilege escalation, operating systems should be kept current using patches provided by the vendor of the system. Terminated staff should lose access to the system and their passwords should be disabled or changed.
The Firm’s Staff – Probably the greatest risk in any organization is its own staff. Attackers work hard to gain access that your staff already has. When staff members act maliciously, the threat could be devastating. Because staff already has access inside the organization, they can easily compromise security before you know it has happened. Staff can bring in viruses from home using various types of external storage devices, including cellphones, flash drives and discs. These same storage devices can be used to store confidential information that can be distributed to outside organizations. Because staff could be your greatest source of vulnerability, it is a good idea to have strong policies in place. There should also be penalties if those policies are violated. You should have the ability to monitor and audit user activity on your network. Having training throughout the year will also help keep security top of mind.
The U.S. Department of Defense has said that some of the biggest battles of the future will be fought in cyberspace. To combat the known threats, it has established various teams that have been given the mission of cyberattacks.
This is a path private organizations will need to follow, as well. Cybersecurity is essential for any business, especially those that deal with confidential data.