MANILA, Philippines - Security is no longer an afterthought. It’s a major component to the success of a business. This means that the Chief Information Security Officers (CISOs) need a spot at the executive table to ensure the IT security plans align with the business goals and objectives.
We are all connected to the Internet which is great; however being connected also means that we are all in a very large ecosystem.
It’s important to realize that anything happens with one company will often affect many other companies. Direct business partners will be affected and even the most remote company can be affected.
Many of the attack techniques used today are similar to the attack few years ago. However, there are some mounting cyber problems that are enabling the attackers to deliver their exploit more effectively and stealthier.
One of them being social media and on-line services. Everyone today is using some form of social media such as Facebook and LinkedIn, as well as online dating sites.
Because of this, attackers are shifting their entry points into user’s devices via these sites via social engineering, preying on the human emotions side. Social Engineering concepts are the same, but the attack vector or surface has changed. Next is the evasion techniques used by the attackers. The ability for the attacker to conceal themselves continues to advance. Because of this often times just having traditional anti-virus is not enough.
Below are techniques used by hackers, according to Anthony Giandomenico, Senior Security Strategist, FortiGuard Labs, Fortinet
Phishing Attack
Amongst the new hacking techniques, phishing attack is most likely the number one way to gain unauthorized access to company networks. A phishing email will attach a piece of malware or a malicious link, and is created to look legitimate and enticing for users to click the link.
Drive-by Attack
Another technique used by the hackers is the drive-by attack. The attackers will compromise a website and install a malicious java script that will redirect an unsuspecting user to another website containing malicious payload (malware) that will then be downloaded in the background to the user’s device. In a targeted attack, the attackers will spend many months researching websites that companies or industries will frequent and infect those websites.
Malvertising
The next technique used is malvertising. This attack is similar to the drive-by attacks except for the attacker will focus on infecting the advertising sites. An attacker can infect one ad site which in turn could infect 1000s of other websites. More bang for your buck!
Mobile Attack
Last but not least, the mobile attack. Many attacks against mobile devices are similar to the above listed attacks; they are just targeting the mobile device. In addition, malware can be delivered through SMS messages or they mask themselves as other fun applications such as games or even pornography.
Once the attacker has successfully breached a network and is sitting on a user’s device such as a laptop/desktop or mobile devices, the attacker now needs to download more malware and tools to complete their missions. Usually the data they are looking for is not on the workstations; it’s in the servers/databases and such.
As mentioned above, the usual entry point into the network is through users clicking on malicious links. Once the user device is compromised, the attackers will start moving about the network to find the data they are looking for. This is where network segmentation becomes extremely important. One, it helps reduce the impact of the breach since a company can isolate the breach to a specific location while not affecting the rest of the network. Also, it allows for sensitive data to be zoned in a higher security area which will give the bad guys a tougher time to exfiltrate data. Lastly, “You can’t protect and monitor everything within your networks”. The networks are too large and complex; so find the critical data, isolate it and put more granular focus on monitoring the avenues of approach to that data.