These days, hardly a month goes by when there isn’t some news of a cyber attack on a huge global organization that at one time seemed impenetrable. As perpetrators become more sophisticated, they are finding new ways to break down protective barriers, launch attacks, steal data and company secrets, and essentially wreak havoc on organizations around the world. This white paper will not only detail the different types of security threats organizations face today, but it will also help you understand how network behavior intelligence can work in conjunction with other tools to combat them. It will cover:
Organizations need to understand the reasoning and strategy behind an attack, and how and where they are vulnerable. Only then can they effectively protect themselves.
The cybercrime landscape is not only vast, it’s constantly evolving. Looking at the landscape overall, there are three major areas of attack — availability, confidentiality and integrity. Sometimes organizations are vulnerable to all three kinds of attacks, sometimes, just one or two. Regardless, it’s important to understand the different types of threats.
This class of attack focuses on making an organization’s service unavailable for a period of time. The more significant the attack, the longer the downtime. For instance, perpetrators might target an online retailer to bring its website down on Black Friday, or a bank so it can’t dispense money to its customers, or a post office so it’s unable to sell stamps or perform transactions. While almost every organization is dependent on the Internet in some way, those with a heavy Web services component or that rely on internal network services are the most vulnerable. DDoS attacks tend to be the most common threat when it comes to availability attacks.
These types of attacks can be very damaging because they are all about stealing confidential information — customer credit card numbers, company secrets, sensitive data — that organizations protect for a reason. Espionage and data breaches are the result of confidentiality attacks because they are focused on stealing private information. Even organizations like the NSA, Staples, the U.S. Postal Service, Morgan Stanley and Sony have been victims of these types of attacks. Social engineering, malicious insiders, compromised credentials and other vectors are the “weapons” that are often used in confidentiality attacks.
Integrity attacks focus on tarnishing an organization’s reputation by modifying data that publicly humiliates them. The idea is to rewrite existing copy about an organization so it can no longer be trusted. News organizations are particularly vulnerable to integrity attacks because their business depends on honest reporting. Similarly, government organizations such as the Centers for Disease Control are susceptible as well since a perpetrator might want to cause panic by creating false information about a deadly disease, for example. Any organization’s integrity can be compromised using social engineering, malware or website defacement where the trust in an organization is damaged because it becomes unclear which information can still be trusted, and which cannot.
In order to defend yourself from a network attack, you first need to understand what assets you have, what your vulnerabilities are, and why someone might attack you.
What do you own that others want to get their hands on? Customer data? Product formulas? Security codes? Intellectual property? Company secrets? Trusted access to third-party resources? You need to take a hard look at what you own that someone else may want, and protect it as if it’s in Fort Knox.
Attackers always look for a weakness they can exploit. If you’re an online retailer like Amazon.com or Zappos.com, and you can’t do business without your website, you are most vulnerable to an availability attack. If you are an intelligence agency, government contractor or financial institution with top-secret information, you’re most susceptible to a confidentiality attack. If you’re a news or government organization with high credibility, you’re most vulnerable to an integrity attack. Assess your organization’s situation and determine what your most desirable assets are and where your vulnerabilities lie. Understanding this is your first step toward a strong defense.
Once you’ve figured out what’s at risk, you need to determine why an attacker would target your organization. This can be looked at three different ways: means, motive and opportunity.
In the end, you can narrow down what type of perpetrator(s) you’re looking at by analyzing their approach. But defending your assets is the next step. You can’t just invest in network monitoring software and then set it and forget it. Your network defenses are like battle tanks and airplanes; someone must choose which one is going to be most effective against a threat, and that someone needs to make decisions on the fly, and use his or her intuition and experience to determine the true nature of the attack.
In order to defend your organization, it’s important to understand the different types of threats out there so you can build up defenses against them.
The goal of DDoS attacks is downtime — essentially bringing down an organization’s website to halt business by creating a surge of unauthorized traffic that chokes the system. To stage a DDoS attack you need thousands of computers that overwhelm a website and cause it to crash. One way to acquire multiple computers is through phishing scams where perpetrators try to get innocent people to click without realizing that malware is being launched in the background, compromising their systems.
Rather than exploit weaknesses in software, these attacks are much simpler — they focus on breaking down barriers by trying to decipher a login and password. Computers usually try up to 15,000 passwords before they give up and move onto another machine. If you’re monitoring your network and you see this kind of activity, it’s likely that you’re the target of an attempted attack.
Worms, Trojan horses, viruses, spyware and other malicious software are all considered types of malware. These hostile programs all are a means to an end — that end being data theft, espionage or sabotage. While malware is very damaging to systems and networks, the number of attacks has steadily decreased over the past few years because systems are being built better, and are harder to penetrate; but it is still a threat.
When cybercriminals exploit human weaknesses by psychologically manipulating them into providing system access or divulging confidential information, this is called social engineering. Phishing is a common form of social engineering since it is used to infect computers and exploits the notion that people are naturally trusting, clicking on emails they shouldn’t, and unknowingly infecting their computers.
Data leakage occurs when confidential data gets leaked out, either with malicious intent or not. It could be that someone purposefully leaks the data or that someone inadvertently leaks it. Detecting data breaches and exfiltration transmission is critical because sensitive data, such as financial, patient and credit card data, intellectual property and company information can cripple an organization if it gets out.
Once you understand where your organization might be vulnerable, why someone might want to attack you, and what approach they will likely use, how do you defend yourself?
Network visibility is more than just a window into your network, it’s insight. It allows you to see what normal activity looks like so you can detect anomalies when they occur. For example, on average, individuals write about 30-50 emails a day. Visibility into your network means you can see when someone sends 1,000 emails, which serves as a warning sign, because it is out of the norm. Similarly, desktop computers typically talk to about 400 other computers every day — a significant increase beyond the typical is considered an anomaly and should be flagged. These days, attackers have become smarter and commonly encrypt their communications, which is harder to detect and defend against; but visibility into behavior — specifically behavior that is unusual — gives you insight into what is happening.
Any type of defense is better than nothing at all, but understanding why you might be a target will help you customize your defense strategy most effectively.
Computers today have millions more files than they used to, making it easier and easier for attackers to hide on your computer. When it comes to defending your network in a cost-effective way, you may have to lure the attacker out. The moment the attacker starts communicating over the network is the only time they emerge from cover, and you stand a much better chance of catching him or her. With network visibility you’re able to catch hackers in the act. Still, there are some really helpful tools that can help you defend your organization before it even gets to this point.
But in order to keep your network secure, firewalls and patches are not enough. You need to make additional investments.
While the real intelligence starts with human beings who can recognize anomalies, network behavioral intelligence tools are also essential for fending off attackers. These high-speed visibility tools can handle significant volumes of information that would be difficult to digest by even a super human.
To successfully fend off cyber attacks, your organization needs both network analysis tools and a dedicated individual who can make actionable and intelligent decisions on the fly. It will make all the difference in the end.
FlowTraq can help you identify today’s security threats quickly. Try it for yourself – request a free 14-day trial.