By Christopher Holtham, Conosco Remote Operations Manager
Increased internet connectivity and increased business reliance on it has naturally led to a rise in online security vulnerabilities and the risk of cyber attacks. In a constant power-struggle, businesses need to remain vigilant to prevent cyber crime from costing them time, money, their reputation, and even their existence. Here are some of the most common cyber attacks and ways of preventing or handling them.
What is malware?
Malware is a code with malicious intent – typically destroying something on the computer or stealing data. Malware threats include various viruses, worms and Trojans and is generally introduced to a system through operating system vulnerabilities, email attachments or software downloads.
What you can do to prevent malware
- Don’t download attachments from unknown senders
- Don’t click on links from unknown sender
- Don’t install unknown free applications without reviewing the bundled offerings – often these can come with adware or other bundled malicious content, toolbars, search helpers, and the likes.
- Read any software prompts before just clicking ‘OK’.
- Avoid sites and software known to distribute malicious content (some free software sites, torrents, any pirated software/cracks, etc)
Your IT provider should:
- Deploy robust and updated firewalls that prevent the transfer of large data files over the network (to filter out attachment which may contain malware)
- Secure the operating system of all PCs by using the most up-to-date security updates
- Use a comprehensive backup solution protected from open network communication.
2. Denial-of-Service (DoS) attacks
What is a DoS attack?
An attacker disrupts the service to a network by making lots of connection requests until the network becomes overloaded. The most common way of doing this is a distributed-denial-of-service (DDoS) attack, in which the attacker uses multiple computers to send the data that causes a system overload. The attack is normally in effect over a varying time period, and is intended to disrupt the functionality of a business, preventing clients from accessing services or information, or disrupting sales, and affecting network communication.
What you can do to prevent a DoS attack
- Physically monitor your connections, as a DoS attack can also be perpetrated by simply dislodging a plug or cutting a cable that connects your website’s server to the internet
Your IT provider should:
- Keep your system as secure as possible with:
- regular software updates
- data monitoring (to identify spikes in traffic)
- online security monitoring
- Ensure network equipment is updated and secure
- Implement a rate-limiting filter or Intrusion Protection Systems (IPS) on your firewalls
- Block traffic from unknown sources
With large online retailer Moonpig, Conosco helped to resist such approaches by reinforcing the firewalls to handle high loads and using sophisticated techniques such as IPS appliances to control denial-of-service attacks and to prevent and detect security breaches.
3. Password attacks
What is a password attack?
When a third party manages to gain access to a system by cracking a user’s password, this is known as a password attack.
What you can do to prevent a password attack
- Use strong passwords – eight or more characters, with a combination of upper- and lower- case letters, symbols and numbers.
- Avoid generic accounts where possible – username strength is equally important as password strength.
- Generic usernames (ie ‘user’, ‘admin’, ‘printer’, etc.) are common targets for brute force password attacks.
- Usernames comprising of the firstname and surname in various combinations are less susceptible to a brute force password attack (ie John.Smith, JSmith)
- Change your passwords at regular intervals
Your IT provider should:
- Restrict RDP access only to accounts that need it to reduce risk.
- Secure any RDP connections behind a secure encrypted VPN connection
- Where possible, the user’s username and email address should use a different format (ie John Smith – firstname.lastname@example.org / COMPANYJohnS)
In July 2016, a Conosco client was affected when an external attacker managed to gain access to the network via a combination of brute force attempts to an open Remote Desktop Protocol (RDP) connection to an internal PC, and a weak domain password for a generic account.
The attacker scanned through the network to gain access to any network shared files, and proceeded to encrypt them and transmit the encryption key to an external server. Encrypted files are not decryptable without this key, and the attackers demand a ransom to provide the decryption key and application to allow users to restore the affected data (over 500,000 files)
Conosco removed the affected from the network and investigated, but the system was damaged beyond the point of a feasible repair, and it had to be reloaded. Conosco managed to restore all the files, re-enable backups and disable the compromised account to prevent further access.
To prevent a recurrence, Conosco insisted that all generic-named accounts susceptible to brute-force type attacks were disabled; and closed RDP connections, implementing cloud-based file-sharing software (Egnyte) for collaborative remote working instead. We also implemented account lockout policies and two-factor authentication.
What is phishing?
Phishing attacks are sent via email and often pose as a request for data from a trusted third party. The emails often ask users to click on a link and enter their personal data, which can then be used for malicious purposes.
Phishing attacks can also present as a spoofed email, where an external party modifies their email headers to appear to be coming from a high-powered internal staff member (MD/CEO/CFO), and places a request for a fund transfer to a specified recipient, or to send confidential information about the company or other clients. This is known as Whale-Phishing.
What you can do to prevent becoming a phishing victim
- Verify any requests for information – phone the ‘trusted third party’ asking for your data to confirm that it’s a legitimate request
- Don’t click on any unsolicited links
- Double-check the reply address when responding to emails asking for sensitive information – ensure the reply address is the same as the address you received the email from.
- Be suspicious of any unexpected requests for details or financial assistance from someone who normally should have access to these themselves.
Results of a survey conducted by Conosco challenged respondents to spot fake emails used for phishing. The results indicated that 94% of respondents (including a number of IT professionals) failed to recognise email phishing attempts. The survey targeted a select group of senior individuals across a range of SME companies to gauge how well this ‘IT savvy’ group could identify increasingly sophisticated hacking attempts.
The ‘Real or Steal’ challenge involved participants judging a series of emails and trying to decide whether or not each email was genuine. Out of the examples, most people (93%) correctly identified a PayPal email as being fake. On the other hand, most participants were fooled by a phony LinkedIn message, with 63% getting it wrong.
Phishing is an increasingly worrisome problem, particularly in the UK, as the annual Internet Security Report from Symantec (April 2016) points out. In the report, the UK was ranked as ‘the most targeted nation for spear phishing attacks and ransomware in 2015’.
If you are ever uncertain about an email asking for sensitive or financial information, even if it is from a Director or Senior Management, it is always better to consult your IT team to validate the authenticity of the email, than to unknowingly divulge information or transfer money to the malicious external party.
SMEs and security
Max Mlinaric, Managing Director of Conosco says, ‘When there is a security breach in blue chip companies you tend to hear of it, and can wrongly assume large companies are most commonly targeted.
‘SMEs often present easier pickings for the hackers, as IT skills, security levels, awareness and sometimes personnel training are sometimes lower than in large companies which have deeper pockets. It is crucial that SMEs ensure their IT is as secure as possible, that complacency is battled and their staff are regularly trained in resisting phishing attempts.’
What you can do to prevent an attack on your business:
- Educate your employees – provide them with clear instructions on what to do if they encounter a potential ransomware lure
- Maintain clear inventories of your company’s digital assets and their locations, so cyber criminals do not attack a system you are unaware of.
If your business needs to improve its network security, Conosco can help. Schedule a free security consultation: Contact Conosco