We've all seen a movie where the hero skillfully uses his hacking skills to gain access to protected computer systems to save the day. Of course, you probably know it's not nearly as glamourous as Hollywood makes it look.
But what are these hackers doing when you hear things like 'denial of service attack'? Does your security software protect against it? Is 'malware' just another term for 'malicious software'? You may have heard of a 'rootkit', but what does it mean, and how can you protect your business from it?
Malware
The first step to any successful hacking attempt is getting into your network. A malware attack is the most commonly used way to exploit your network's vulnerabilities.
Malware is defined as any unwanted software specifically designed to infect a target system. Depending on the programmer's intent, malware can do any of a number of unfortunate things to an infected computer system, such as open security vulnerabilities or grant root access to unspecified users. Other malware types can destroy system files, cause system crashes, overwhelm local network traffic, or encrypt hard drives with an unbreakable passphrase. Basically, if you can imagine it, it's possible with malware.
Malware On The Internet
While legitimate websites can sometimes be compromised by malware, a malware attack is more likely to happen as a result of a user opening a file from an email or by visiting an infected website. Infected websites often offer illegal downloads of software, illicit online gambling, or other unsavory content, and are not connected with known business entities.
These websites often hide installable software in confusing and repetitive popups, and you might accidentally install something you didn't even mean to. A good rule of thumb is that if your boss wouldn't want you there during work hours, it might not be safe to visit!
Once a malware infection has invaded a compromised system, the affected computer can do anything - from hosting malicious software components, opening up remote access on affected ports to grant access to the infected machine, or interrupting system processes to compromise the device's operations. The more dangerous types of malware attacks can also avoid detection and operate in kernel mode - enabling the virus to bypass the operating system and interface with the hardware directly.
How To Protect Your Company From Malware
An important way to ensure your business has the best protection against online threats is by installing anti-malware software, such as Endpoint Detection and Response software. Not only does this type of software actively work to prevent unwanted remote access to your operating systems and stop malware attacks before they happen, but it also facilitates recovery if you discover an infected computer in your network. If the worst happens, you'll have the tools to remove the threat and repair any damage.
Another way to protect your business is blocking suspicious websites. Malware authors generally count on a user exposing their computer systems to attack by clicking on executable files and accidentally installing software components they didn't realize they were doing. Sites infected with malware often hide installing software within popups or with misleading or confusing banner advertisements. If you're not paying attention, it's easy to click on a banner advertisement designed to look like a legitimate website link, and you might even reflexively click 'Yes' when your system asks if you really want to install it! It's safer to block these websites to begin with.
Phishing
Phishing is when a hacker, or group of hackers, sends a false email, or a link to a false web site, that looks legitimate. The end result is that the victim divulges sensitive information to the hacker without knowing it, such as account passwords or personal data. Besides giving up this sensitive information, the user is also at increased risk of further attacks, as users often reuse passwords or other data between sites.
Phishing is a form of social engineering that uses the familiarity of a legitimate brand to trick the recipient into providing sensitive information so that the hacker can steal data. After all, a phishing attempt doesn't have to count on sophisticated programming in order to evade detection - it just has to fool a live human being. And unfortunately, it's easy to be fooled no matter how clever you are, if they catch you on a day that you're tired, or busy, or stressed out.
A Different Kind Of Attack
That means that unlike other types of network security, knowing how scammers think is important to protecting your business against phishing attacks and protecting your network against unauthorized access. For example, scammers often introduce stress into a situation by being rude or pretending to panic, and needing resolution on the matter in question immediately or very soon. A common scammer tactic is to convince the user that money has been deposited into their account accidentally, and then pretends to be frightened about losing their job for their mistake.
By understanding the psychology behind phishing, you can protect yourself against it. There are many videos on YouTube demonstrating live scamming attempts in action (foiled by the intrepid heroes, of course!) There are many content creators devoting their channel to pretending to be hopeless victims, and turning the tables on scammers. These videos can be very instructive to your employees! (Just be sure to watch them first before sharing them with your team, as a frustrated scammer often resorts to making his feelings known by expressing some serious - and hilarious - profanity!)
Denial of Service Attacks
You might have noticed that Netflix, or Youtube, or another website you need to access, might not be accessible at a particular given time. While there are plenty of reasons that a website might be down on any particular time, one potential reason is a Denial of Service attack.
Denial of Service (DoS) attacks are a way of preventing legitimate users from accessing their resources. A DoS attack is launched when a hacker floods servers, or internet infrastructure, with so much traffic that they are unable to handle it all.
How Does a Denial of Service Attack Work?
A DoS attack could happen one of several ways. One way that a DoS attack could be carried out is for an automated process to exploit a flaw in a website to continually query for data in ways that utilize extensive amounts of system processes. Another is by sending enormous amounts of data to the site by an automated process, such as a botnet - an army of compromised computers with unwilling victims - with malicious software installed.
By bogging down the server hosting the webpage itself, or the traffic to that site, a DoS attack can slow or stop service for a webpage without really compromising security software itself. Good security can prevent this from happening, but it is something to be concerned about nonetheless.
Why Would Anyone Use Such An Attack?
The goal of a DoS attack is not to gain access to the network, but to disrupt the network for a predetermined period of time. This type of attack could be levied against a company's website to disrupt service to customers, for example. However, any type of website could be compromised by this type of attack.
DoS attacks are serious business. While it may seem trivial to worry about Youtube being down for a little while, in reality these types of attacks are more than just temporary irritations to end users. A seriously compromised website might end up with considerable lost business to a company, particularly a company that does most of its business online. But it gets worse - a denial of service attack against a government's infrastructure by foreign government agencies is considered an act of war.
Rootkits
A rootkit is a type of software designed to provide unauthorized access and privilege escalation. It's a little different from ordinary malware, as a rootkit comprises of infectious code injected into corrupted versions of legitimate software. Two of the most well known rootkit examples are Stuxnet, which may have been designed to target Iranian nuclear development infrastructure, and NTRootkit, one of the earliest known rootkit examples.
Most rootkits have the ability to attack your computer's core files and cause them to hide themselves during normal operation so that they can't be easily detected. It's not always easy to remove malware and trojan horses from Windows systems, but software that masquerades as other software is even harder to detect, even with advanced detection methods.
Hackers will often leverage rootkits to gain access to the machine in a more stealthy way than they could normally. A rootkit can hide a wide range of information, including all processes, events and even the fact that a rootkit is installed.
Stop Rootkits Before They Stop You
The best way to prevent a rootkit from infiltrating your system is to use the best possible anti-malware protection you can find. A good anti-malware system will use signature scanning on incoming files to detect potential malware infections before they occur. Signature scanning looks for snippets of code that could execute banned or dangerous processes on a victim's computer system, and prevents them from executing.
Rootkits are incredibly tricky to remove, and the best way to protect against them is to avoid them altogether by keeping your machine updated and secured. It's also important to only download drivers and software from official sources. If you can download a driver for your Hewlett-Packard printer from hp.com, or an app from the Google Play Store, why would you try to download it from anywhere else?
Zero-day Exploits
A zero-day exploit is a hacker's dream. A zero-day exploit is when a hacker exploits recently discovered vulnerabilities before they are known to the public, and is able to exploit it for their own gain. Rather than banking on users installing malicious software, a hacker utilizing a zero-day exploit only has to hope that a user is running a certain version of software.
A zero-day exploit is called that because the software flaw is discovered on or soon after a software patch is rolled out to the public - on the 'zeroth day', as it were. Security bugs that are often discovered during new software updates and software rollouts, such as operating system updates. These include the annoying notifications that Windows OS will often give you reminding you to update your system - as it turns out, while these notifications are annoying and time consuming, they are nonetheless very important!
Often, the vendor doesn't even realize there is a problem until after it is widely exploited. After a zero-day exploit is discovered and publicized, however, the window of opportunity for hackers quickly closes as developers hurry to correct the problem on the next security update - or if the problem is serious, before that.
How Can You Prevent Them?
Attackers will take advantage of zero-day exploits by leveraging them to gain access to your server and then use that access to download malware that can further infect your network. Unfortunately, there's not much you can do to stop a zero-day exploit - after all, if there's no fix to it yet, then you can't fix it.
However, the good news is that zero-day exploits are often fixed soon after they are discovered and made public. Because of this, it is vital to keep your computers and networks up-to-date. Outdated software is a huge security risk, so plan regular software updates to protect yourself from zero-day exploits as soon as they are fixed.
It's important not only to use the latest security updates for your operating systems, but also the latest versions also. Old builds of Microsoft Windows XP or even older versions of Windows OS or Linux systems will not be updated by the manufacturer, leaving undiscovered security flaws intact forever. An infected system would be infected forever unless a third party figured out how to correct the problem after the fact.
Finally, zero-day exploits can't be exploited on a system that can't be reached in the first place. Having strong network security, including a firewall that prevents traffic on unexpected network ports, can often prevent these exploits from being utilized until they are fixed by the vendor.
A Suite Of Protection
You might have noticed that each of these types of attack are very different from each other. The strongest network security in the world won't prevent a phishing attack from taking place if a user is deceived by a phishing attempt. Similarly, even your most well-trained end user won't be able to prevent a DoS attack if the security infrastructure is lacking.
A good place to begin is by using Endpoint Detection and Response software in your business. Endpoint Detection and Response software proactively address most of the concerns listed here by combining a suite of protection methods, including antivirus and virus detection, process monitoring, data backup, and a host of other solutions that will keep your company safe - and your data!
Concerned about the security provided by your managed service provider (MSP)? Discover the key factors to consider and ensure your MSP is effectively protecting your business. Click here!
Curious about the role of artificial intelligence (AI) in network security? Discover how AI-powered applications are revolutionizing threat detection and network protection. Click here!