In our increasingly digital world, cyber-attacks pose a significant threat to both individuals and organisations. Understanding these threats and learning how to protect yourself is essential. This blog post will delve into some of the most common cyber-attacks, providing detailed insights and practical prevention tips.
1. Phishing Attacks
Phishing attacks are deceptive attempts to obtain sensitive information such as usernames, passwords, and credit card details. These attacks often come in the form of emails, text messages, or websites that mimic legitimate communications from trusted sources.
How it works:
- The attacker sends a message that appears to be from a reputable entity, such as a bank, telecommunications, cloud provider, courier / postal service or other well-known company.
- The message contains a link or attachment that prompts the victim to enter personal information such as logon credentials or download malware.
Prevention Tips:
- Verify the Source: Always check the senders email address and look for signs of spoofing. If unsure, contact the organisation directly using a known, legitimate contact method.
- Think Before You Click/React: Hover over the links to see where they lead before clicking. Be cautious with unexpected attachments, even from known contacts. Services like Microsoft 365 and Google Workspace can place additional warnings into external e-mails to help users spot phishing attempts which try to make out they are internal from a colleague.
- Use Security Services/Software: Implement email filters and anti-phishing tools to detect and block malicious messages. Alongside the standard security controls provided by email providers, third party vendors such as Heimdal offer additional layers of security.
- Education: Regularly train employees on how to recognise and respond to phishing attempts. Simulated phishing attacks can be occasionally run to ensure user awareness is checked and maintained.
2. Ransomware & Malware
Ransomware is a type of malware that encrypts a victims files to prevent access and demands a ransom for the decryption key. Attackers may also exfiltrate the data and threaten to publicly release sensitive business information if a ransom is not paid. This attack can cripple businesses, plus cause significant financial losses and reputational damage.
How It Works:
- Ransomware typically spreads through phishing emails, malicious ads, or by exploiting vulnerabilities in software. Once executed, it encrypts files and displays a ransom note demanding payment, often in cryptocurrency. It will also try to move laterally across a network to maximise the disruption.
Prevention Tips:
- Regular Backups: Again, maintain regular backups of critical data and ensure they are stored offline or in a secure cloud environment. Immutable backups can protect critical restore points from ransomware. Backup procedures need to be tested on a regular basis to ensure they are working as expected – do not just trust log reports!
- Install Antivirus / EDR Software: Ensure you have reliable antivirus and anti-malware software installed and regularly updated. That said, the recent CrowdStrike outage has shown regular updated can be a double-edge sword!
- Patch Vulnerabilities: Keep your software and systems updated to protect against exploits. A vulnerability scanner / solution such as Qualys. Tenable Nessus or Rapid7 InsightVM can help automate this process to avoid blind-spots when dealing with a large IT estate. Any vulnerabilities with a CVE score of 9 or more should generally be treated as a priority and either be patched or mitigated.
- Network Segmentation: Segment your network to limit the spread of ransomware and contain potential damage. Zero Trust Network Access (ZTNA) solutions like Appgate can ensure users only have access to the applications they need, restricting the ability of ransomware to move laterally to other devices on the network.
- Consider Fire-Break Solutions: Ransomware containment solutions such as BullWall RC can provide a last line of defence against encryption. These solutions aim to stop a ransomware attack as quickly as possible, isolating or shutting down the infected PC(s) to minimise the impact of the attack.
- Examine your full supply chain and technology stack: A number of enterprises impacted by the ransomware groups which targeted the MOVEit vulnerabilities were actually affected due to the use of MOVEit by their payroll / HR software provider (TechCrunch).
3. EOS/EOL and Unpatched Network Equipment
Patching operating systems and applications is a regular task for most businesses, with tools such as Heimdal Patch & Asset Management used to automate much of the repetitive work. However, it is also critically important to update network equipment, especially routers and firewalls which are internet facing.
Research published this week by Vedere Labs, the cybersecurity research arm of our partner Forescout, identified 14 new security vulnerabilities in 24 models of the popular DrayTek Vigor network routers/firewalls. Around 785,000 impacted devices have been identified globally, with 20% of these considered to be End of Life (EOL) and 43% End of Support (EOS).
Thankfully, DrayTek have provided firmware updates for EOS/EOL routers.
How It Works:
- Attackers use automated tools such as Shodan to scan the Internet for exposed devices with out-of-date firmware.
- One located, attackers will have scripts ready to exploit the security bugs.
- The attackers may use the device launch DDoS attacks as part of a botnet, intercept traffic or penetrate the private network behind the firewall/router to deploy ransomware.
Prevention Tips:
- Patch Firmware: Where possible, subscribe to vendor email notifications to automatically receive alerts for new firmware release. More importantly, arrange appropriate maintenance windows to install the updates, especially where they contain security fixes.
- Replace End of Life (EOL) Equipment: Critical network infrastructure which is EOS/EOL and thus unsupported should be replaced. Even though the equipment may continue to work fine without support by the vendor, the lack of updates means rushing to replace a device when an exploit is found and widely abused. Not all vendors will product patches for old equipment like DrayTek!
- Remove or secure public management access: Although convenient for remote support, exposing router, firewall or other management interfaces directly to the Internet should be avoided wherever possible. The DrayTek research found over 704,00 devices with the management UI exposed to the Internet.
Conclusion
Understanding these common cyber-attacks and implementing robust security measures can significantly reduce your risk. Stay informed, stay vigilant, and prioritize cybersecurity to protect yourself and your organisation from these pervasive threats.
As an independent specialist consultancy working with leading cyber-security vendors, KedronUK can assist enterprises in addressing gaps within their security tooling from EOL device management through to ransomware containment solutions.
For more information on our full product portfolio, please contact us, or email our sales team at sales@kedronuk.com.
Kirsty Jones
Marketing Executive
Spreads the word further and wider about how we can help connect and visualise your IT Ops and Sec Ops data
Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL