- MALWARE
As pointed out earlier, new malware is being created all the time. However, while the statistic of 360,000 new malware files a day sounds daunting, it’s important to know one thing: Many of these “new” malware files are simply rehashes of older malware programs that have been altered just enough to make them unrecognizable to anti-virus programs.
Over the years, however, many different kinds of malware have been created, each one affecting the target’s systems in a different way:
Ransom-ware. This malicious software is designed to encrypt the victim’s data storage drives, rendering them inaccessible to the owner. An ultimatum is then delivered, demanding payment in return for the encryption key. If the ransom demand isn’t met, the key will be deleted and the data lost forever with it.
Trojans. This references a kind of delivery system for malware. A Trojan is any piece of malware that masquerades as a legitimate program to trick victims into installing it on their systems. Trojans can do a lot of damage because they slip behind your outermost network security defenses by posing as something harmless while carrying a major threat inside like a certain infamous horse did to the city of Troy in Homer’s “Iliad.”
Worms. Worms are programs that can self-replicate and spread through a variety of means, such as emails. Once on a system, the worm will search for some form of contacts database or file sharing system and send itself out as an attachment. When in email form, the attachment is part of an email that looks like it’s from the person whose computer was compromised.
The goal of many malware programs is to access sensitive data and copy it. Some highly-advanced malware can autonomously copy data and send it to a specific port or server that an attacker can then use to discreetly steal information.
Basic anti-virus can protect against some malware, but a multi-layered security solution that uses anti-virus, deep-packet inspection firewalls, intrusion detection systems (IDSs), email virus scanners, and employee awareness training is needed to provide optimal protection.
- UNPATCHED SECURITY VULNERABILITIES
While there are countless new threats being developed daily, many of them rely on old security vulnerabilities to work. With so many malware looking to exploit the same few vulnerabilities time and time again, one of the biggest risks that an organization can take is failing to patch those vulnerabilities once they’re discovered.
It’s all too common for an organization or even just the individual users on a network to dismiss the “update available” reminders that pop up in certain programs because they don’t want to lose the 5-10 minutes of productive time that running the update would take. Updating is a nuisance to most users. However, it’s a “nuisance” that could save an organization untold amounts of time, money, and lost data later. The easy fix is to maintain a regular update schedule a day of the week where your IT team checks for the latest security patches for your organization’s software and ensures that they’re applied to all of your organization’s systems.
- HIDDEN BACK-DOOR PROGRAMS
This is an example of an intentionally-created computer security vulnerability. When a manufacturer of computer components, software, or whole computers installs a program or bit of code designed to allow a computer to be remotely accessed (typically for diagnostic, configuration, or technical support purposes), that access program is called a back-door.
When the back-door is installed into computers without the user’s knowledge, it can be called a hidden back-door program. Hidden back-doors are an enormous software vulnerability because they make it all too easy for someone with knowledge of the back-door to illicitly access the affected computer system and any network it is connected to.
- SUPERUSER OR ADMIN ACCOUNT PRIVILEGES
One of the most basic tenets of managing software vulnerabilities is to limit the access privileges of software users. The less information/resources a user can access, the less damage that user account can do if compromised.
However, many organizations fail to control user account access privileges allowing virtually every user in the network to have so-called “Superuser” or administrator-level access. Some computer security configurations are flawed enough to allow unprivileged users to create admin-level user accounts. Verifying that user account access is restricted to only what each user needs to do their job is crucial for managing computer security vulnerabilities. Also, ensuring that newly-created accounts cannot have admin-level access is important for preventing less-privileged users from simply creating more privileged accounts.
- AUTOMATED RUNNING OF SCRIPTS WITHOUT MALWARE/VIRUS CHECKS
One common network security vulnerability that some attackers learned to exploit is the use of certain web browsers’ (such as Safari) tendencies to automatically run “trusted” or “safe” scripts. By mimicking a trusted piece of code and tricking the browser, cybercriminals could get the browser software to run malware without the knowledge or input of the user who often wouldn’t know to disable this “feature.”While keeping employees from visiting untrustworthy websites that would run malware is a start, disabling the automatic running of “safe” files is much more reliable and necessary for compliance with the Center for Internet Security’s (CIS’) AppleOS benchmark.
- UNKNOWN SECURITY BUGS IN SOFTWARE OF PROGRAMMING INTERFACES
Computer software is incredibly complicated. When two or more programs are made to interface with one another, the complexity can only increase. The issue with this is that within a single piece of software, there may be programming issues and conflicts that can create security vulnerabilities. When two programs are interfaced, the risk of conflicts that create software vulnerabilities rises. Programming bugs and unanticipated code interactions rank among the most common computer security vulnerabilities and cybercriminals work daily to discover and abuse them. Unfortunately, predicting the creation of these computer system vulnerabilities is nearly impossible because there are virtually no limits to the combinations of software that might be found on a single computer, let alone an entire network.
- PHISHING (SOCIAL ENGINEERING) ATTACKS
In a phishing attack, the attacker attempts to trick an employee in the victim organization into giving away sensitive data and account credentials or into downloading malware. The most common form of this attack comes as an email mimicking the identity of one of your organization’s vendors or someone who has a lot of authority in the organization.
For example, the attacker may say something like: “This is Mark from IT, your user account shows suspicious activity, please click this link to reset and secure your password.” The link in such an email often leads to a website that will download malware to a user’s computer, compromising their system. Other phishing attacks may ask users to give the attacker their user account credentials so they can solve an issue.
The basic goal of this strategy is to exploit an organization’s employees to bypass one or more security layers so they can access data more easily.
There are several ways to defend against this attack strategy, including: Email Virus Detection Tools. To check email attachments for malware that could harm your network. Multi-factor Authentication (MFA). Using multiple authentication methods (such as biometrics, one-use text codes, and physical tokens) for giving users access to your network makes it harder for attackers to hijack user accounts with just the username and password.
Employee Cybersecurity Awareness Training. An educated employee is less likely to fall for phishing schemes than one who doesn’t know basic cybersecurity protocols. Cybersecurity awareness training helps to provide employees with the basic knowledge they need to identify and avoid phishing attacks. Defense in Depth. Using a defense-in-depth approach to network security adds extra layers of protection between each of the individual assets on the network. This way, if attackers bypass the outermost defenses of the network, there will still be other layers of protection between the compromised asset and the rest of the network. Policy of Least Privilege. Enacting a policy of least privilege means restricting a user’s access to the minimum amount needed to perform their job duties. This way, if that user’s account privileges are misused, the damage will be limited.
- INSIDERS
The biggest security vulnerability in any organization is its own employees. Whether it’s the result of intentional malfeasance or an accident, most data breaches can be traced back to a person within the organization that was breached. For example, employees may abuse their access privileges for personal gain. Or, an employee may click on the wrong link in an email, download the wrong file from an Online site, or give the wrong person their user account credentials allowing attackers easy access to your systems. Some of the same prevention techniques mentioned in the anti-phishing bullets can be applied to prevent data breaches caused by employees. For example, using a policy of least privilege keeps users from having access to too much data at once, making it harder for them to steal information. Additionally, cybersecurity awareness training helps employees spot phishing attempts and other social engineering-style attacks so they won’t fall for them.
Related
