Understanding the main attack methods and areas of vulnerability help organisations to improve levels of protection and business continuity. The nine main attack techniques are …
In one form or another, phishing is used in over 80% of successful cyber-attacks. Users are tricked into revealing sensitive information or unwittingly downloading malicious software which then permeates the corporate infrastructure. Tempting emails (and texts) encourage the clicking on weblinks or the downloading of attachments that contain the harmful malware. Phishing attacks are often speculative and involve the sending of mass emails and messages to large numbers of users. More focused attacks, known as spearphishing, target specific individuals, organisations, and industries. Phishing thrives on the vulnerabilities of human nature, taking advantage of our curiosity, greed, complacency and lack of awareness.
Spoofing / Identity Theft
Attackers will try to gain access to systems by using valid but stolen usernames and passwords. This often leads to password spraying, where the information is used across a variety of platforms and applications in the hope that the same login credentials are valid. If robust password and authentication policies are not in place, attackers gain easy access to corporate systems and information.
Supply Chain Compromise
This attack method relies on targeting less secure elements in partner companies and the supply chain - by manipulating hardware, software, and delivery mechanisms. Compromise can happen at various points in the eco system, including development tools, source codes, and software distribution. Malware, delivered through software updates attacks numerous accounts.
This happens when an attacker introduces additional hardware, computers, accessories, or networking equipment into a system or environment through physical access to the organisation. A ‘back door’ with remote, unauthorised access to the infrastructure is created. Various commercial and open-source products and tactics can then further compromise an organisation, including passive network tapping and man-in-the-middle encryption breaking where an attacker intercepts communications between two parties.
Removable USBs & plug-in devices
Removable storage devices like USB memory sticks, when inserted into networked devices, are simple methods by which malware can be downloaded and introduced to systems through auto-run features. In common with downloaded dangerous attachments and weblinks - criminals load disguised malware onto the devices to manipulate data and modify systems. A tactic is to randomly place these USB devices around the perimeter of an organisation in the hope that curious employees plug them in and unknowingly facilitate the attack.
This attack changes and manipulates a user’s browser to unknowingly force them to visit a website or location where malicious content is waiting to be downloaded to their device for onward infection across the enterprise. It’s hidden from the user and happens behind the scenes so they have no idea it’s happening. Typically, attackers compromise a website with malicious code, using attractive ads and other techniques to redirect users to a compromised part of a site.
External Remote Services
Exploitation of remote services such as VPNs, Citrix, and other access services that manage connections and user authentication credentials are targeted. Users connecting remotely to internal network services are rapidly increasing as our workstyle changes. Remote service gateways manage connection and authentication processes, and are targets for access hacking. There’s a direct overlap between this attack method and spoofing style identity theft techniques.
Exploiting Public-Facing Applications
In this example cyber criminals seek to maliciously exploit a bug, glitch, or design vulnerability in an internet-facing computer or application. Such platforms typically provide services to the public and allow access to internal networks. Access points are usually websites and attackers also target databases, network management systems, and web servers. In-house systems and cloud-based infrastructures with weak security are sought out by an increasing army of hackers.
Granting third party access to internal systems is an obvious point of weakness that can be exploited by criminals. Third parties might include IT service providers, product suppliers, partner organisations and electrical contractors - including heating, ventilation and air conditioning systems. Network connectivity and security arrangements between partners and third parties are natural focus area for criminals seeking to exploit vulnerabilities.
Security experts like Sure, with an end to end portfolio of logical security services protect organisations of all sizes from malicious attacks. Cybersecurity is complex, multi-layered, and continuously evolving - and a company’s very existence can be threatened by an attack.
Contact us to find out how we can help you
and your business today