It is no secret that hackers use a variety of tools to penetrate a network or device, but with so many different names and methods reported, it can become unclear exactly what we need to know.
As an IT Security business, we are made aware, on a daily basis, to threats that both our Security Vendors are discovering, and sadly, our customers.
To create a little more clarity, we have listed the most common threats a business faces today.
Number one for a reason. Ransomware is BIG business, both consumers and businesses have been heavily effected, some with devastating consequences and the threat continues to grow, rapidly.
Ransomware encrypts data on either a device or network with the threat to either keep it permanently encrypted or publish it until a “ransom” is paid.
Ransomware can enter a network in different forms but typically will be received using a Trojan from either a link in an email or social media message or from a compromised website.
Ransomware continues to evolve and ransomware kits can be now purchased on the dark web to allow criminals without programming skills to extort payments.
2.Trojan (Trojan Horse)
A Trojan is a type of malware often disguised as a legitimate piece of software or file. Trojans survive by going unnoticed and can sit quietly collecting information or setting up holes in your security defences.
Trojans are classified according to the action they are set out to perform: Below are some of the most common:
Backdoor – A backdoor Trojan gives malicious users remote control over the infected device. They enable the criminal full access which could include sending, receiving, launching and deleting files, stealing sensitive data and/or to modify documents.
Rootkit – Rootkits are designed to conceal the fact that a device has been infected. Rootkits are designed to “hide in plain sight” by disguising as a necessary file that your security software may overlook.
Downloader – A Trojan-Downloader is a type of Trojan that installs itself to the system and waits until an Internet connection becomes
available to connect to a remote server or website in order to download additional programs (usually malware) onto the infected computer. Content downloaded can be configuration/command information, additional threats, misleading applications and upgrades to existing attacks.
Banker – Trojan-Banker programs are designed to steal your account data for online banking systems, e-payment systems and credit or debit cards.
Exploit – Exploits are programs that contain data or code that takes advantage of a vulnerability within application software that’s running
on your computer.
DDoS – These programs conduct DoS (Denial of Service) attacks against a targeted web address. By sending multiple requests – from your
computer and several other infected computers – the attack can overwhelm the target address, leading to a denial of service.
Dropper – These programs are used by hackers in order to install Trojans and/or viruses – or to prevent the detection of malicious programs. Not all antivirus programs are capable of scanning all of the components inside this type of Trojan.
Remote Access – Remote Access Trojans (RAT’s) allow the hacker covert surveillance or the ability to gain unauthorised access to a victim’s device.
Phishing is becoming more and more common and targets your weakest defence, staff!
Phishing is a type of cybercrime in which a target is contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking details and passwords.
The information is then used to access important accounts and can result in identity theft and major financial loss.
We have seen different types of Phishing in recent times that include:
Spear phishing is rapidly becoming the most significant security threat today. Countless individuals and organizations have unwittingly wired money, sent tax information or emailed credentials to criminals who were impersonating their boss, colleague, or a trusted customer.
Generally, an email will arrive, apparently from a trustworthy source but instead leading the individual to a bogus website full of malware. Simple and effective!
A fairly new source of phishing. Essentially the attacker will target an individual impersonating an executive of the company (Finance Director) and fool them into wiring money or sending confidential information.
In its simplest form, Social engineering is a non-technical strategy cyber attackers use that relies heavily on human interaction and often involves tricking people into breaking standard security practices. Today, social engineering is recognized as one of the greatest security threats facing organizations.
It is common for social engineers to rely on the natural helpfulness of people or to attempt to exploit their perceived personality weaknesses. For example, they may call with an urgent problem that requires immediate network access.
Social engineers have been known to appeal to vanity, authority, greed, or other information gleaned from eavesdropping or online sleuthing, often via social media.
Before we look at exploit kits we first need to explain what an exploit actually is. Essentially an exploit is an object that causes a program to behave in an unexpected way. When this happens, the attacker can take advantage or exploit the disruption.
An exploit kit is basically a utility program or toolkit that will deliver an exploit to its target program. If successful, the kit can then deliver a
Most exploit kits are hosted on a website – Either malicious or legitimate, that has been compromised.
Exploit kits can be regularly updated giving them a longer shelf life for attackers than a single focused attack.
Exploit kits have been developed as a way to automatically and silently exploit vulnerabilities making them highly popular methods of distributing mass malware.
Often when we talk about IT Security we automatically think about keeping people out, the external threat. But increasingly, the biggest threat to a company is coming from an internal approach.
The first step in addressing a problem is understanding it. Internal Threats come in different forms.
Malicious User – The Malicious user is generally a disgruntled employee or an employee that has a motive for wanting to steal data or
sabotage internal systems. Accidental Loss – This can come in the form of a USB or Laptop loss, an email sent to the wrong person, or an unencrypted hard drive not being disposed of properly and being sold on.
Malfunction – This could be a system malfunctioning and sending out automated emails containing sensitive information.
Duped User – A duped User is one that is tricked into disclosing sensitive company information. This can be done through a Spear-Phishing Attack or CEO Fraud which we are seeing a lot more of recently.
- When we look at the above list it is important to understand there is no silver bullet to eradicate these threats. In today’s world and with the advancement of technology and hacker intelligence, focus should not be on the almost impossible task of being 100% secure, but on working to reduce your risk.