Orchestrating Network Security to Handle Cyberthreats

Unfortunately for companies, cybercriminals don’t need to invent the wheel when choosing a way to hack corporate networks. Black hat hackers have a choice of cyberthreats and attack methods on a silver platter.

Nevertheless, certain types of cybercrime techniques deserve close attention due to their popularity among hackers and the difficulties they pose to companies operating in various business areas and applying different protection levels. We’ve found the most prevalent cyberthreats that may put the companies at the greatest risk and defined the best combination of cybersecurity measures to combat them.

DDoS Attacks

Heading an army of computers, a cybercriminal tries to flood a corporate network by simultaneously sending a large number of requests to it. The volume of network traffic increases badly, which leads to system overloads. These are known as distributed denial-of-service, or DDoS, attacks.

Successful DDoS attacks may slow down or completely shut down network systems, preventing legitimate users from accessing the network. Attackers then gain control and may use it for their malicious purposes (e.g., sending spam messages to the customers’ email addresses).

Certain key cybersecurity measures can help a company reduce the probability of this cyberthreat:

• Monitor, analyze and alert on unusual increases in network traffic.
• Install firewalls within a company’s network and configure them properly, e.g., they may not permit potentially harmful network traffic incoming from the unknown external sources.
• Have defense techniques in place, e.g., intrusion detection (IDS) and prevention (IPS) systems, to stop the attacks with known signatures, upstream filtering to separate legitimate and malicious traffic and prevent the latter from reaching the corporate network.

Malware

Malware refers to various kinds of malicious software that can damage corporate networks. Most often this cyberthreat is spread via email, and can be spyware, ransomware, viruses, worms, Trojan horses or others.

Clicking unknown links or downloading attachments from unreliable email addresses may lead to harmful consequences for a network. Malicious software may alter or delete internal corporate information, customers’ data (bank account details, clients’ personal addresses, credentials) and encrypt databases.

Not only does a company risk losing the important data they store and manage, but its reputation is damaged and the company is seen as less reliable as a business partner or services provider.

To keep malicious software away, a company should put the focus on the following:

• Apply access control to the systems inside the corporate network by using firewalls, IPS and IDS software.
• Regularly back up the data to avoid complete data loss in case the stored information becomes unretrievable after being infected.
• Use reliable antiviruses to monitor and prevent potentially malicious software from being installed as well as detect and remove already existing malware in the systems. Keep the antiviruses’ databases updated.
• Regularly perform vulnerability assessment and penetration testing (once a year, as a minimum) to detect known security weaknesses or misconfigurations in corporate services or apps.
• Train the personnel to neither download attachments in the suspicious emails they receive nor click on potentially harmful links at the websites they visit.

Phishing and Spoofing Attacks

To conduct a phishing attack, hackers may send malicious emails containing a link to a spoofed website. Here, unwitting users enter their login information or payment details, unintentionally giving attackers their passwords or financial data. Successful phishing and spoofing attacks may result in sensitive or confidential data leakage, cause damage to critical applications and more.

To prevent phishing attacks, a company must pay attention to the following cybersecurity measures:

• Continuously train and educate users to look at the emails they receive and the websites they visit suspiciously, e.g. hover over all the links before clicking on them, be cautious of impersonal greetings in the emails requiring some personal information, etc.
• Apply antiviruses to remove and quarantine incoming attachments that are known to be malicious and may cause harm to corporate networks.
• Use two-factor authentication (2FA) instead of a single level of authentication among users to prevent the occurrence of vulnerabilities related to a standard password-only approach.

SQL Injection

SQL vulnerabilities allow attackers to inject malicious pieces of code into a search box of a website reached via the corporate network and trick the network systems into providing hackers with access to the databases with usernames and passwords. SQL injection attacks may lead to users’ data exfiltration or a complete data loss. Also, they may give attackers root access to the systems.

If applied properly and promptly, the following network security measures may help to prevent this cyberthreat from becoming a headache:

• Apply strong encryption of the sensitive or confidential data stored in databases to avoid data leakage.
• Ensure that a web application firewall is applied for web apps that have access to the databases to avoid sensitive or proprietary data theft.
• Regularly perform penetration testing of the web applications to detect possible SQL vulnerabilities and mitigate them before black hat hackers find and exploit them.
• Patch the databases on a regular basis to ensure their high protection level.

Cross-Site Scripting (XSS) Attacks

With the use of vulnerable web apps or websites, hackers may carry out code injection attacks to trick users into executing malicious client-side scripts. If XSS attacks are successful, a company may lose sensitive data, their users’ accounts may be compromised, users’ session cookies may be disclosed and more.

To safeguard the corporate network from this cyberthreat, a company should ensure several cybersecurity measures:

• Validate the input data to detect malicious users’ input.
• Apply additional security layers, such as a content security policy, to improve the corporate network protection against XSS (and SQL injection) attacks.
• Regularly perform vulnerability assessment to detect security weaknesses in the web applications or the entire corporate network.

Session Hijacking and Man-in-the-Middle Attacks

Black hat hackers can capture a user’s session ID and use it to make requests to the web server located within a corporate network with malicious purposes. What’s more, if an attacker manages to hijack a session, they can stand between an authorized user and the web server in the network and make the communication between them follow their scenario, thus performing a man-in-the-middle attack.

Successfully conducted, these attacks may lead to users’ credentials theft, email accounts being hijacked and the loss of users’ financial data (bank account details, as an example). To reduce the probability of this occurring, companies should ensure:

• The wireless access points in the corporate network are strongly encrypted to prevent any unauthorized user from connecting to the network.
• VPNs are used within a company’s network with key-based encryption applied to provide a strongly protected environment for storing and transmitting the sensitive data.
• No HTTP, only HTTPS is used to secure communication over the network, as the latter protocol version is much more secure.

Credential Reuse

Employees may access corporate systems, work email, etc., with the same credentials they use on various websites. Thus, there’s a chance that attackers breach a website, get access to its database of usernames and passwords and probably succeed in trying to use the same credentials on other websites or corporate systems. This may result in data breaches, frauds with credit cards, banking account details theft and more.

To reduce the probability that customers’ or employees’ credentials will be used with malicious intent, a company must ensure the application of the following cybersecurity measures:

• Regularly train employees to prevent them from reusing passwords and avoid the cases of using weak passwords (password managers may help there) within and outside your corporate network.
• Apply two-factor authentication for employees in the corporate network to ensure a better protection of the users’ credentials and the resources they access.

In Summary

Regular personnel training and strict password policies are the main measures that may help to prevent such types of cyberthreats as credential reuse or phishing and spoofing attacks. To address other cybersecurity threats such as DDoS or malware attacks, a company needs to ensure firewall and antivirus protection, as well as regularly monitor the corporate network’s state to detect malicious activities and perform vulnerability assessment and penetration testing.

Orchestrating the primary network security measures once and consequently maintaining an appropriate protection level may significantly help a company to improve the efficiency of coping with major cyberthreats.

— Uladzislau Murashka