- Table of contents
Opportunities and Vulnerabilities: Coming to Grips with Today’s Many Attack Vectors
Digitalization has spread wide – BYOD, business-oriented apps, ordering from and paying vendors, and SaaS platforms all connect suppliers and customers in real-time. Collaboration platforms like Trello, Confluence, and Slack are standard for corporate teams. Firewalls, antivirus, and spam filters are no longer enough to keep your business secure.
With attack vectors constantly evolving, the attacks are insidious. If you are a digital-based organization or undergoing a digital transformation, the following attack vectors should be your company’s go-to list in order to secure your operations.
Supply Chain – Supply chains have become the conveyor belt of cyberattacks. Attackers use impersonation tactics to compromise suppliers, executing devastating attacks such as last year’s NotPetya ransomware attack. The delivery of digital goods has increased the exposure to malware delivery via compromising a vendor. Reducing risk of compromise via their supply chain requires businesses to perform supplier security audits, and encourage vendors to adopt cybersecurity best practices while scrutinizing integration points with them.
Social Media – Phishing is no longer just for email. Links on Facebook, Twitter comments, and private messages on LinkedIn lure victims to spoofed websites and to downloading malware. More sophisticated with fraudulent profiles on platforms like LinkedIn, posing as recruiters, attackers are linked to use phony profiles to boost their credibility. These profiles are utilized to launch attacks by placing malicious links in instant messages, comments, or the content shared on their profile. Distinguishing legitimate channels is not as simple as it seems; it’s well worth your time to train your teams.
Malicious Apps – Mobile apps containing malware are a threat in plain sight. Avoiding shady third-party app stores decreases your risk of getting infected, although sticking to official app stores like Google Play doesn’t guarantee protection. From rootkit-powered clickfraud malware to children’s games that display pornographic ads, apps continue to be an attack vector heavily utilized by cybercriminals.
To protect your organization from mobile application attacks, instruct your staff to:
- Install apps from official app stores, namely Google Play and Apple’s App Store and even then, to look out for signs of dodgy looking apps.
- Install apps which are required for work on company-issued devices. The widespread practice of BYOD means employee diligence and compliance must be strict.
- Read through app reviews for any red flags and then check ratings. Apps tied to a media brands must match the app developer.
- Consider implementing controls that will validate the security state of your employees mobile devices.
Denial of Service – DoS/DDoS attacks force publicly facing assets and web applications to crash due to an instant overload of traffic or data requests. When systems become overwhelmed with incoming traffic they effectively shut down and fail to respond to legitimate requests – this tactic is commonly used as decoy tactic to hide a real attack for data extraction or other malicious intents – allowing attackers to bypass controls and response teams’ attention.
Examine the configuration of your externally facing assets. Specifically, businesses should examine two types of protection on two different levels: first, infrastructure by using a content delivery network (CDN), and second, on the application level by implementing anti-numeration controls and WAFs.
Crimeware – Ransomware, the overwhelming attack vector reflecting close to half of the crimeware incidents, is the most significant malware threat. In addition to other commoditized attacks such as ransomware as a service (RaaS), phishing kits for sale and attackers “renting” a botnet to perform a DDoS attack. One such botnet available for rent offered 100,000 compromised computers for $7,500. RaaS can be thwarted with precautionary measures that secure your company’s online posture, including the right controls and people’s awareness.
Social Engineering – Increasingly sophisticated, social engineering attacks use psychological manipulation to gain access to sensitive data. Here the human factor allows for a more unpredictable outcome and therefore preventing attacks is less straightforward. Kevin Mitnick, explains, “Only about 3% of the malware they run into tries to exploit a technical flaw. The other 97% is trying to trick a user through some type of social engineering scheme.”
Fileless Attacks – Known as fileless, zero-footprint, macro, or non-malware attacks, fileless attacks are highly effective and avoid standard detection controls due to the absent payload file infecting the system. Comprising 77% of the attacks in 2017 by leveraging operating systems and applications on a user’s computer, fileless attacks are typically written directly onto a computer’s RAM using the systems and commands to run a set scripts when executing the attack even after a system restarts.
The rapid growth of these attack vectors reflects the broadening spectrum of attack surface. Attack vectors and threats are pervasive. With 51% of cyber attacks resulting from a lack of security awareness, Cyberint continually monitors their clients to protect companies.