By Wana Tun
Companies today face challenges securing their networks from both sophisticated malware and external threat actors. It is also a struggle internally with IT misconfiguration and lack of security education among employees. In this article, I aim to illustrate the common network threats faced by most organizations today:
Advanced Persistent Threats (APTs)
There is much hype and confusion over the buzzword, Advanced Persistent Threat (APT), and it has become associated with nation-state cyberattacks and advanced malware and hacking techniques. According to a Ponemon Institute study last year, 68 percent of IT managers do not know what the term APT refers to.
The truth is, APTs are attackers who are prepared to persistently and slowly penetrate networks and steal data. Unlike traditional malware, APTs leverage social engineering and zero-day vulnerabilities, and extensive understanding of target environment.
An APT starts by gathering intelligence on its targets such as a company?s profile and its employees through the Internet and social networking sites. The attackers then find a point of entry within the target?s network and upon breach the network, it calls home to a command-and-control (C&C) server and reports its location.
They then search the network for data and assets and may also infect other clients in order to get to their target, or introduce more attacks to access the systems at a faster rate. Upon finding the data they are looking for, the APT starts communicating frequently with the C&C host and is likely to extract data in small, encrypted pieces to prevent detection.
When it comes to security against adversaries, most organizations think about viruses and their endpoints but often neglect their websites. According to SophosLabs, an average of 30,000 new malicious URLs are generated daily, of which 80 percent are compromised, legitimate websites. 85 percent of malware including viruses, worms, spyware, adware and Trojans are also from the Web.
An attacker first uses the drive-by download technique to penetrate from an entry point, such as a hijacked website or email with a malicious link. Attackers leverage existing vulnerabilities within web servers such as Apache and IIS, injecting malicious code into web pages.
Once it reaches the browser, the user is redirected to download an exploit kit through elaborate traffic distribution system (TDS) which are hard to track. The kits execute exploits against web browser vulnerabilities and plugins such as Java and PDF readers. After that, the attacker downloads a malware or virus to infect the system.
Many know it is important to protect their wireless network with a strong password. However, a Sophos survey found 8 percent of respondents using no encryption at all and 19 percent using obsolete encryption. These are some mistakes made by companies, especially remote offices:
1. Basic errors such as having poor encryption, passwords that are not complex enough, not using VPNs, poor employee education and published policies
2. Uncontrolled access to wireless networks, giving customers, suppliers and other office visitors IDs and passwords to internal networks. This has given rise to contractors whose passwords remain valid for weeks and months even after moving on to other employers.
3. Deployment and management of wireless access points can be time-consuming, complex and expensive. It also increases the chances of accidental misconfiguration which leads to security vulnerabilities.
Companies should be aware that cybercriminals increasingly target wireless traffic to penetrate enterprise networks. They are leveraging the rise of mobile workers, workstations that lack endpoint protection and BYOD policies that limit companies from controlling and configuring mobile devices.
Security experts have warned about IPv4?s limited address pool but its successor, IPv6 has the features needed by the modern Internet: larger connectivity, integrity and security, while supporting various web-capable devices.
However, IPv6 is not without its limitations. The following are some risks companies may face with the latest internet protocol:
1. Malware with IPv6-based command-and-control capabilities are rampant so if a server enables IPv6 by default but its firewall does not, there will be higher cases of malware infections.
2. IT managers must learn how to deploy IPv6 in a completely new manner, including processes such as troubleshooting, firewall configuration and monitoring security logs. This could give rise to deployment mistakes.
3. It is not possible to instantly switch from IPv4 to IPv6 so partial adoption through the use of tunnelling technologies to transport the latter over to IPv4 is needed. This could give rise to misconfiguration and security loopholes.
To conclude, we need to combine technologies and add layered defences to safeguard against network threats. By increasing the number of safety nets, the security vulnerabilities and loopholes become smaller. This can be done in a cost-effective manner by utilizing a simple solution with Web security capabilities, such as a unified threat management device.
The author is the regional technical evangelist at Sophos