Have you been hit by a serious cyber attack and are quickly looking for solutions or are you just getting to know about cyber security threats? Well, this latest blog post would inform and education you on the growing trend of cyber-attacks in Africa and the technology business solutions available to mitigate against these threats
As we use and rely heavily on technology, the internet and smart phones growth in Africa exposes business and individuals to cyber threats attacks and opportunity for hackers to hold us to ransoms. South Africa saw a spike in cyberattacks on all fronts—banks, Internet service providers (ISPs), utilities and ecommerce platforms were hit, as were consumers as well.
This blog seeks to highlight the following:
- What is a cyber attack?
- What are the most common types of cyber attacks and how to prevent them within your organisation?
- How Cyber attacks work and why do hackers launch them?
- What you can do to keep our company or organisation from such attacks
- What technology solutions are available in the event of a cyber attack?
- The significance of an on-going Cyber Security Programme
What is a Cyber Attack?
A cyber attack is an assault launched by cybercriminals using one or more computers against a single or multiple computers or networks. A cyber attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks. Cybercriminals use a variety of methods to launch a cyber attack, including:
- Ransomware and
- Denial Of Service.
What are the most common types of cyber attacks?
It’s known that businesses and individuals can’t defend yourself from threats you don’t understand. But understanding the method of delivery will help clarify the role of different security controls required to combat the common cyber-attacks and threats – we face in modern times.
We would highlight the 8 types of cyber attacks and how to defend your business against them
- Phishing & Social Engineering Attacks
- Man-in-the-Middle (MitM)
- Denial-of-service attack
- SQL Injections
- Zero-day exploit
- DNS Tunneling
- Password Attacksand Credential Reuse
In this article, we break down the 8 most common forms of attack and how to defend yourself and your business against them (without the excess tech-speak)
Malware, or malicious software, is any program or file that is harmful to a computer user. Types of malware can include computer viruses, worms, Trojan horses and spyware. These malicious programs can perform a variety of functions such as stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users’ computer activity. Malware can do the following once inside your system:
- Blocks access to key components of the network (ransomware)
- Installs malware or additional harmful software
- Covertly obtains information by transmitting data from the hard drive (spyware)
- Disrupts certain components and renders the system inoperable
Here are some top tips for individual/small and medium scale businesses to protect your Computer from Viruses and Malware
- Regularly Update Your Systems, Software, and Applications (Keep your software up to date)
- Don’t click on links within emails
- Install Antivirus, Anti-Malware, and Anti-Ransomware Software
- Back up your computer and Secure Your Network
- Use a strong password
- Use a firewall
- Minimize downloads
- Use a pop-up blocker
Phishing and Social Engineering Attacks
Phishing involves sending emails that appear to be from trusted sources. The aim is to gain your sensitive information, or to spread malware. Part confidence trick and part hacking, phishing is one of the easiest (and therefore, the most common) ways to breach a company’s security. The goal is to steal sensitive data like credit card and login information or to install malware on the victim’s machine. Phishing is an increasingly common cyber threat now.
How individuals and Small scale businesses can protect themselves against Phishing and Social Engineering Attacks?
- Train your users/employees on the correct protocols for password security.
- Check that links go to the Uniform Resource Locator (URL) they say they will (by hovering over links before clicking the link).
- Look at email header “Reply-to” and “Return-Path” to ensure it matches the source you believe the email is coming from.
Man-in-the-middle (MitM) attacks, also known as eavesdropping attacks, occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data from your network.
The Two common points of entry for MitM attacks:
- On unsecure public Wi-Fi, attackers can insert themselves between a visitor’s device and the network. Without knowing, the visitor passes all information through the attacker.
- Once malware has breached a device, an attacker can install software to process all of the victim’s information.
The MitM attack has the added malevolence of disguising itself as one, or both of the people speaking. This means it doesn’t just intercept and listen into messages between clients and servers. It can also change the messages and plant requests that appear to be from a legitimate source. These type of attacks are notoriously difficult to detect – but there are preventative measures you can take.
How individuals and Small scale businesses can proactively prevent MitM attacks?
- Make sure you use SSL certificates (HTTPS, not just HTTP) to enhance security (and user trust) in your website / extranet.
- Consider an Intrusion Detection System (IDS).
- Set-up a VPN to add additional layers of protection over Wi-Fi (and other confidential networks)
A denial-of-service attack floods systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate requests. Attackers can also use multiple compromised devices to launch this attack. This is known as a distributed-denial-of-service (DDoS) attack.
These attacks have devastating consequences on businesses. The most common are teardrop attack, smurf attack, TCP SYN flood attack, ping-of-death, and botnets. DoS & DDos attacks hurt businesses by flooding target web servers with requests – stopping your regular users connecting. This means website downtime, disappointed customers, reputation damage and can even result in data losses and compensation payouts sometimes.
What SMEs can do to protect themselves from Denial-Of-Service Attacks
It is not enough to hope that your
firewalls and ISP are able to stop the heavy loads that attackers use today.
There are three main options to consider for DoS protection:
· On-premise protection to identify, filter, detect and protect your network.
· Cloud-based counteraction to deflect, absorb, reroute and scrub.
· Hybrid solution (combining on-prem and cloud DoS protection).
If you don’t have “always-on” DoS
protection, make sure you do have protocols in place to help you stop an
attack, or at least minimize the impact.
5. SQL Injections
A Structured Query Language (SQL) injection occurs when an attacker inserts malicious code into a server that uses SQL and forces the server to reveal information it normally would not. An attacker could carry out a SQL injection simply by submitting malicious code into a vulnerable website search box.
What SMEs/businesses can do to protect themselves against SQL injection attacks?
· Apply a least-privilege permissions model in your databases.
· Stick to stored procedures (exclude dynamic SQL) and prepared statements (parameterized queries).
· Validate SQL data inputs against a whitelist.
A zero-day exploit hits after a network vulnerability is announced but before a patch or solution is implemented.
Attackers target the disclosed vulnerability during this window of time. Zero-day vulnerability threat detection requires constant awareness.
How Small and Medium Scale Businesses (SMEs) can detect and protect against Zero-day exploits attacks?
Zero-day attacks are usually the most difficult to defend against attacks, since the precise nature of the attack is
only available after it has happened. These weaknesses are not only highly valued by cyber criminals, but some nation states too. Here is how to get protected:
· Keep your operating systems and application software up to date.
· Use virtual LANS to protect transmitted data by making use of a firewall.
· Protect against wireless malware attacks with a secure Wi-Fi system.
· Stick to websites with SSL certificates at all times
DNS Tunneling is a method of cyber attack that encodes the data of other programs or protocols in DNS queries and responses. DNS tunneling often includes data payloads that can be added to an attacked DNS server and used to control a remote server and applications.
How to Protect Against DNS Tunneling Attacks
Protecting against DNS tunneling requires an advanced network threat prevention system capable of detecting and blocking this attempted data exfiltration. Such a system needs to perform inspection of network traffic and have access to robust threat intelligence to support identification of traffic directed toward malicious domains and malicious content that may be embedded within DNS traffic.
Password Attacks and Credential Reuse
This is the first type of attacks that comes to mind when you talk to business and individuals about cyber attacks. Despite the risks of being well known, small and medium scale (SME’s) businesses fail to routinely use strong passwords, inadvertently give them away to phishing scammers or scribble them on bits of paper. A hacker exploits weak or common passwords to gain unauthorized access to a network. They will use an array of password hacking techniques, from using lists of common ‘weak’ passwords, to sophisticated ‘Rainbow table’ attacks, using previously hacked/cracked lists of hashed passwords.
How Small and Medium Scale Businesses (SME’s) can prevent password attacks
· Educate your employees or users on phishing methods
· Encourage and enforce the use of strong, unique passwords or applications
· Implement an account lockout policy
· Prohibit the use of default passwords with your organization
You don’t have to open an email attachment or download anything to become infected. A drive-by download can take advantage of an operating system, web browser or app that has vulnerabilities (due to a lack of security updates). It can be transmitted when you simply view an email, pop-up or website.
What measures can Small and Medium Scale Businesses (SMEs) undertake to prevent Drive-By Download attacks?
· Always keep your OS and browsers updated.
· Stick to trusted sites you would normally use (although they can be hacked sometimes).
· Only keep the apps and programs you need – the more plug-ins, the weaker spots you will have
How Cyber-attacks work and why do hackers launch them?
Every business, regardless of its size, is a potential target of cyber attack. That is because every business has key assets criminals may seek to exploit. Sometimes that is money or financial information.
By identifying the common motives behind cyber attacks, you can build a better understanding of the risks your business faces, and find out how best to confront them.
Why Businesses get targeted by Cyber Criminals?
Most often, cyber attacks happen because criminals want your:
· Business Financial Details
· Customer’ Financial Details (E.g. Credit Card Data)
· Sensitive Personal Data
· Customers or Staff Email Addresses and Login Credentials
· Customer Databases
· Clients Lists
· IT infrastructure
· IT Services (e.g. the ability to accept online payments)
· Intellectual Property (e.g. trade secrets or product designs)
Cyber attacks against businesses are often deliberate and motivated by financial gain.
Cyberattacks are happening right now; can your outdated security tools stop them?
You need security tools that can…
· Simplify network segmentation
· Control who gets on your network
· Stop threats at the edge
· Find and contain problems fast
· Protect users wherever they are
Is a Cyber Attack Preventable?
Despite the frequency of cyber attacks, it is estimated 99% of organizations or companies are not adequately protected. A cyberattack is preventable – as the key to cyber defense is an end-to-end cyber security architecture that is multi-layered and spans all networks, endpoint and mobile devices and cloud.
With the right architecture, organizations or firms can consolidate management of multiple security layers, control policy through a single pane of glass. This allows you to correlate events across all network environments, cloud services, and mobile infrastructures.
In addition to architecture, CITSYS recommends these key measures to avert cyber attacks:
· Maintain security hygiene
· Choose prevention over detection
· Cover all attack vectors
· Implement the most advanced technologies
· Keep your threat intelligence up to date.
Attackers have many methods and techniques to disrupt and compromise your network and systems. By understanding the most
common types of attacks as highlighted in this blog, SME’s or businesses can understand their critical vulnerabilities – whether passwords, unpatched systems, misconfigured hardware and more to help them defend themselves better.
In conclusion, regular penetration testing, sophisticated social engineering, strong passwords management and in-depth user awareness training are all crucial parts of an on-going cyber security assessment program small and medium scale businesses should adopt, putting them in a far better position to create actionable steps to mitigate unwanted threats and make a real difference to your cyber security posture.