By Todd Whaley, Director of Consultancy Services at Pulsant
Cyber security has worked its way to the top of the business agenda over the last few years. The reason is easy to understand; just consider that cyber criminals managed to steal £124 million via the internet in 2016. Add to that, it’s estimated that in the first quarter of 2017 alone, UK businesses suffered 43,000 attacks…each. It is not, however, all doom and gloom as far as cyber security is concerned. There are many ways to combat attacks and keep organisations protected, which I’ve summarised in my blog below:
1. Zero Day Vulnerabilities
A zero-day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it — this exploit is called a zero-day attack.
There is little that you can do to combat a zero-day vulnerability. A typical enterprise uses firewalls, intrusion-detection systems and antivirus software to secure its mission-critical IT infrastructure. These systems offer good first-level protection, but despite the best efforts of security teams, they can’t protect enterprises against zero-day exploits. By definition, detailed information about zero-day exploits is available only after the exploit is identified.
A good security team will have reliable, preventative security practices in place. These include:
- Real-time protection software deployed like intrusion-prevention systems (IPS) that offer comprehensive protection
- Well planned incident response to immediately combat a security breach
- Mechanisms architected into the network and infrastructure to quickly prevent the spread of the security breach
How to prevent zero-day vulnerabilities
Patch your systems. The most common unpatched and exploited programs are Java, Adobe Reader, and Adobe Flash. It’s been this way for a few years now. But strangely, not a single company that has ever been audited has ever had programs perfectly patched.
The following are key signs you would see when attacked with a zero-day exploit:
- Unexpected potentially legitimate traffic or substantial scanning activity originating from a client or a server
- Unexpected traffic on a legitimate port
- Similar behaviour from the compromised client or server even after the latest patches have been applied
2. Phishing Scams
Phishing is the attempt to obtain sensitive information, such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons. Scammers send seemingly legitimate emails from trustworthy sources.
Most phishing scams are fairly transparent, and sophisticated users rarely fall for pop-ups asking for a password. However, attacks could soon include a password text box cloned over a legitimate one to trick users into delivering their passwords to an attacker. Google is now developing a special password-alert feature to help protect against future phishing attacks.
A good example and the biggest phishing scam was the Nigerian scam, also known as 419.
In every variation of the scam, the email sender is promising obscenely large payments for small unskilled tasks. This scam, like most, is too good to be true. Yet people still fall for this money transfer con game.
Many organisations have software that filter out unsolicited emails. However, this software is not 100% reliable and emails that are dangerous do get through. Therefore, it is essential that you train your user community to identify unsolicited emails.
How to prevent phishing scams
Preventing these scams is about learning to identify suspected phishing emails – there are some qualities that identify an attack through an email. The email may duplicate the image of a real company, the email is usually promoting gifts or the loss of an existing account.
- Check the source of information from incoming mails — your bank will never ask you to send your passwords or personal information by mail
- Never go to your bank’s website by clicking on links included in emails
- Do not click on hyperlinks or links attached in the email — they might direct you to a fraudulent website
- Enhance the security of your computer (e.g. antivirus software)
- Always have the most recent updates on your operating system and web browsers
- Enter your sensitive data in secure websites only
- Train your staff — if they have the slightest doubt, do not risk it
Ransomware is a type of malware that encrypts your data, freezes it so that you can’t access it, and then demands money for the decryption key.
It usually can’t be reversed, unfortunately, so the only way to save yourself is to keep a backup of your files so you can avoid being blackmailed. If you don’t have a clean, separate backup of your files then avoid giving in to their demands if you can; like any bully, it only encourages them.
The combating of ransomware is the same as phishing.
Malware refers to a whole mess of malicious software threats, from Trojan horses to adware, scareware, spyware…you get the idea. It can come in a whole bunch of different forms too, so make sure you’re updating your security software regularly, monitoring and scanning systems, and not accessing suspicious sites which could increase the risk of picking up something undesirable.
The combating of malware is the same as phishing.
A denial of service (DoS) or distributed denial of service (DDoS) attack is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the internet. Denial of service is typically achieved by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. A DoS attack is comparable to a group of people crowding the entrance to a shop or business, and not letting legitimate parties into the shop or business, disrupting normal operations.
In a distributed denial-of-service (DDoS) attack, the incoming traffic flooding the victim originates from many different sources –— potentially hundreds of thousands or more. This effectively makes it impossible to stop the attack simply by blocking a single IP address; plus, it is very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin. There are two general forms of DDoS attacks: those that crash services and those that flood services. The most serious attacks are distributed. Many attacks involve forging of IP sender addresses (IP address spoofing) so that the location of the attacking machines cannot easily be identified and so that the attack cannot be easily defeated using ingress filtering.
How to prevent DDoS attacks
Combating DDoS attacks is an IT nightmare. By combining high-volume traffic clogging with application-targeted techniques, these stealthy attacks disrupt service for legitimate users, or take down entire networks.
Proper DDoS protection is about reducing the impact of an attack because no security solution is 100% effective. As a result, working with a provider that has the capacity to guide you through an attack and help you mitigate the risk is essential. Providing an automated approach — using techniques like scrubbing and blackholing — that removes “bad” traffic or re-routes all of it, can be an effective solution.
There is extremely good software that detects DDoS attacks and offers protection and can automatically mitigate large-scale, SSL, or application-targeted attacks in real time — defending your business from even the largest attacks, over hundreds of gigabits per second.
To find out more about how Pulsant can help your organisation, join us at our upcoming industry events:
- On 04 July we’re supporting the Legal Practice Management (LPM) conference in Birmingham, where I will also be delivering a talk on cyber security, compliance and GDPR.
- On 12 July, we’re delivering a breakfast briefing on GDPR in partnership with the NECC in Durham