Another post on network security for my students.
Security threats are constantly evolving, and it is important to be aware of the different types of threats, how they work, and how to protect against them. Cyberattacks are becoming more frequent and sophisticated, and they target everything from large cloud computing servers to small Internet of Things (IoT) sensors. The number of new malware releases each month exceeds million. In 2019, four out of five organizations experienced at least one successful cyberattack, and more than one-third suffered six or more successful attacks. It is estimated that a business will fall victim to a ransomware attack once every 11 seconds by 2021.
Threat Actors
A threat actor (also called a malicious actor) is an individual or entity responsible for cyber incidents against the technology equipment of enterprises and users4. Different threat actors have different motivations and levels of sophistication5. Some categories of threat actors include:
• Script kiddies are attackers who download automated attack software from websites and use it to break into computers/
• Hacktivists are strongly motivated by ideology and often attack to make a political statement.
• State actors are employed by governments as state-sponsored attackers for launching computer attacks against foes.
• Insiders are employees, contractors, and business partners who may manipulate data from within the organization.
Other threat actors include competitors, criminal syndicates, shadow IT, brokers, and cyberterrorists.
Vulnerabilities and Attacks
A vulnerability is a weakness that can be exploited by a threat actor. Vulnerabilities can exist in different areas, such as platforms, configurations, third parties, patches, and zero-day vulnerabilities. Some vulnerabilities are the result of the platform being used. Legacy or outdated platforms that have not been updated are prime targets for attacks. Other vulnerabilities can result from misconfigurations, weak configurations, and unsecure protocols. Many enterprises use IT-related third parties, which can also introduce vulnerabilities. A security patch is an officially released software security update intended to repair a vulnerability, but patches can create new vulnerabilities. A zero-day vulnerability has no advance warning because there has been no previous knowledge of it.
An attack is an attempt to exploit a vulnerability4. Attacks can be categorized into several types, such as:
•Social Engineering Attacks: These attacks manipulate individuals to gain access to information or systems. Social engineering relies on human weaknesses to persuade victims to take actions give up information rather than exploiting technology vulnerabilities. Common techniques include phishing, vishing, impersonation, and tailgating. Psychological approaches to social engineering manipulate a victim’s emotions or mental state through tactics such as authority, intimidation, and trust. Physical procedures involve physical actions, like dumpster diving and shoulder surfing, to compromise security.
• Malware Attacks: These attacks use malicious software to infect computer systems. Types of malware include ransomware, Trojans, worms, and spyware. Ransomware is a type of malware that blocks users from accessing their computer or encrypts all the files on the device so that none of them can be opened until a ransom is paid. Cryptomalware is a more malicious form of ransomware that encrypts files.
• Application Attacks: These attacks target vulnerabilities in software applications, such as privilege escalation, cross-site scripting, and injections.
• Network Attacks: These attacks target vulnerabilities in network infrastructure, such as interception attacks, Layer 2 attacks, DNS attacks, and distributed denial-of-service (DDoS) attacks.
Impacts of Attacks
Attacks can have a wide range of impacts. These can include:
• Data loss
• Data breaches
• Data exfiltration
• Identity theft
• Financial loss
• Reputational damage
• Availability lost
Threat Intelligence
Threat intelligence is information about potential threats and attacks. It is important to access threat intelligence sources in order to be aware of the latest types of attacks and how to defend against them. Sources of threat intelligence include:
• Vulnerability databases
• Cybersecurity threat maps
• File and code repositories
• The dark web
• Open source intelligence (OSINT)
• Closed/proprietary
• Public/private information sharing centers
• Indicators of compromise
Security Measures
To protect against security threats, organizations and users should implement various security measures. These may include:
• Endpoint security solutions, such as boot integrity, endpoint protection, and endpoint hardening.
• Network security measures, such as firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).
• Secure protocols.
• Physical security controls, such as barriers, personnel, and sensors.
• Security policies.
• User training and awareness programs.
• Risk management.
It is important to stay informed about the latest security threats and to take proactive steps to protect against them. By implementing a combination of security measures, organizations and users can reduce their risk of falling victim to cyberattacks/