Common security threats related to Information Technology inside a corporate environment ranging from insider threats to advanced persistent threats, and they can bring an organization to its knees unless its in-house security team remains proactively aware of such threats and can efficiently deal with them in a proactive manner. It is to be noted that in the realm of cyber-security, the terms Security Threat, Security Incident and Security Event, although related and inter-connected, have different meanings that need to be understood properly for dealing with the various issues that might arise at any point of time. A Security Threat is a malicious act that aims to corrupt or steal data or disrupt an organization's systems or the entire organization. A Security Event refers to an occurrence during which company data or its network may have been exposed. And an event that results in a data or network breach is called a Security Incident. As cyber-security threats continue to evolve and become more sophisticated, enterprise IT must remain vigilant when it comes to protecting their data and networks. To do that, they first have to understand the types of security threats they're up against.
Virus: Perhaps the most well-known computer security threat, a computer virus is a program written to alter the way a computer operates, without the permission or knowledge of the user. A virus replicates and executes itself, usually doing damage to your computer in the process. Viruses are also known to send spam, disable your security settings, corrupt and steal data from your computer including personal information such as passwords, even going as far as to delete everything on your hard drive.
Worms: Computer worms are pieces of malware programs that replicate quickly and spread from one computer to another. A worm spreads from an infected computer by sending itself to all of the computer's contacts, then immediately to the contacts of the other computers.
Bots: can be seen as an advanced form of worms. They are automated processes that are designed to interact over the internet without the need for human interaction. They can be good or bad. A malicious bot can infect one host and after infecting will create a connection to the central server which will provide commands to all infected hosts attached to that network called Botnet.
Adware: By "adware" we consider any software that is designed to track data of your browsing habits and, based on that, show you advertisements and pop-ups. Adware collects data with your consent - and is even a legitimate source of income for companies that allow users to try their software for free, but with advertisements showing while using the software. The adware clause is often hidden in related User Agreement docs, but it can be checked by carefully reading anything you accept while installing the software. The presence of adware on your computer is noticeable only in those pop-ups, and sometimes it can slow down your computer's processor and internet connection speed. When the adware is downloaded without consent, it is considered malicious.
Spyware: Spyware works similarly to adware, but is installed on your computer without your knowledge. It can contain key-loggers that record personal information including email addresses, passwords, even credit card numbers, making it dangerous because of the high risk of identity theft.
Trojan: The Concept of Trojan is completely different from viruses and worms. The name Trojan derived from the 'Trojan Horse' tale in Greek mythology, which explains how the Greeks were able to enter the fortified city of Troy by hiding their soldiers in a big wooden horse given to the Trojans as a gift. The Trojans were very fond of horses and trusted the gift blindly. In the night, the soldiers emerged and attacked the city from the inside. Their purpose is to conceal themselves inside the software that seems legitimate and when that software is executed they will do their task of either stealing information or any other purpose for which they are designed for. They often provide the backdoor gateway for malicious programs or malevolent users to enter your system and steal your valuable data without your knowledge and permission. Examples include FTP Trojans, Proxy Trojans, Remote Access Trojans, etc.
Ransomware: In a ransomware attack, the victim's computer is locked, typically by encryption, which keeps the victim from using the device or data that's stored on it. To regain access to the device or data, the victim has to pay the hacker a ransom, typically in a virtual currency such as Bitcoin. Ransomware can be spread via malicious email attachments, infected software apps, infected external storage devices, and compromised websites.
Scareware: It masquerades as a tool to help fix your system but when the software is executed it will infect your system or completely destroy it. The software will display a message to frighten you and force to take some action like pay them to fix your system.
Rootkits: are designed to gain root access or we can say administrative privileges in the user system. Once gained the root access, the exploiter can do anything from stealing private files to private data.
Zombies: They work similarly to Spyware. The infection mechanism is the same but they don't spy and steal information rather they wait for the command from hackers.
Malvertising: Malvertising is a technique that cybercriminals use to inject malicious code into legitimate online advertising networks and web pages. This code typically redirects users to malicious websites or installs malware on their computers or mobile devices. Users' machines may get infected even if they don't click on anything to start the download. Cybercriminals may use malvertising to deploy a variety of moneymaking malware, including crypto-mining scripts, ransomware and banking Trojans.
2. Lack of Encryption
Protecting sensitive business data in transit and at rest is a measure few industries have yet to embrace, despite its effectiveness. The health care industry handles extremely sensitive data and understands the gravity of losing it - which is why HIPAA compliance requires every computer to be encrypted.
People, not computers, create computer security threats and malware. Hackers and predators are programmers who victimize others for their own gain by breaking into computer systems to steal, change, or destroy information as a form of cyber-terrorism. These online predators can compromise credit card information, lock you out of your data, and steal your identity.
Masquerading as a trustworthy person or business, phishers attempt to steal sensitive financial or personal information through fraudulent email or instant messages. Phishing attacks are some of the most successful methods for cybercriminals looking to pull off a data breach. Antivirus solutions with identity theft protection can be "taught" to recognize phishing threats in fractions of a second.
5. Exploit kits
An exploit kit is a programming tool that enables a person without any experience writing software code to create, customize and distribute malware. Exploit kits are known by a variety of names, including infection kit, crimeware kit, DIY attack kit, and malware toolkit. Cybercriminals use these toolkits to attack system vulnerabilities to distribute malware or engage in other malicious activities, such as stealing corporate data, launching denial of service attacks or building botnets.
6. Cyber Attacks
Drive-by download attacks: In a drive-by download attack, malicious code is downloaded from a website via a browser, application or integrated operating system without a user's permission or knowledge. A user doesn't have to click on anything to activate the download. Just accessing or browsing a website can start a download. Cybercriminals can use drive-by downloads to inject banking Trojans, steal and collect personal information as well as introduce exploit kits or other malware to endpoints.
DoS (Denial of Service) & Distributed denial-of-service (DDoS) attacks: A DoS attack is performed by one machine and its internet connection, by flooding a website with packets and making it impossible for legitimate users to access the content of a flooded website. Fortunately, you can't really overload a server with a single other server or a PC anymore. In the past years, it hasn't been that common if anything, then by flaws in the protocol. In a distributed denial-of-service (DDoS) attack multiple compromised machines attack a target, such as a server, website or other network resources, making the target totally inoperable. The flood of connection requests, incoming messages or malformed packets forces the target system to slow down or to crash and shut down, denying service to legitimate users or systems.
SQL Injection attack: We know today that many servers storing data for websites use SQL. As technology has progressed, network security threats have advanced, leading us to the threat of SQL injection attacks. SQL injection attacks are designed to target data-driven applications by exploiting security vulnerabilities in the applications software. They use malicious code to obtain private data, change and even destroy that data, and can go as far as to void transactions on websites. It has quickly become one of the most dangerous privacy issues for data confidentiality. You can read more on the history of SQL injection attacks to better understand the threat it poses to cybersecurity.
Advanced persistent threat attacks: An advanced persistent threat (APT) is a targeted cyberattack in which an unauthorized intruder penetrates a network and remains undetected for an extended period of time. Rather than causing damage to a system or network, the goal of an APT attack is to monitor network activity and steal information to gain access, including exploit kits and malware. Cybercriminals typically use APT attacks to target high-value targets, such as large enterprises and nation-states, stealing data over a long period.
CYBERSECURITY THREATS - WHAT WE CAN DO?
Prevention is the best way to mitigate cyber threats. An organization should figure out what the risks are and put a plan in place. Obviously, an organization's assets can't be protected if their value and loss are not well understood. The question that needs be asked is "What does cybersecurity mean for this organization?" Organizations need to question whether their data is secure, in the event of malicious or inadvertent damage, from malware or hacking or some other disruption that takes their systems offline. An in-depth analysis as to whether the information is only available to those who have the authority to access it needs to perform along with a check on the threat individuals who could possibly target the organization and whether they could be insiders or outsiders, or both. It would also be worthwhile to check whether the agency or organization has been targeted in the past by evaluating corporate logs or entries of past similar incidents. Organizations need to work out not only the risks but also how those risks impact vital infrastructure. Even more, you also need to have an effective system or process in place for reviewing and updating cybersecurity policies and communicating those to your staff as well as to advise your employees and brief them about what to do in the event of an attack. You need to implement employee awareness and training seminars within your organization.
To conclude, Cybersecurity, is more than just an IT issue. It affects the entire organization and requires a response from the whole organization.