The increasing threat of cyber attacks and the costs associated with data breaches are making enterprises across the world rethink their security strategy. According to the Ponemon Institute 2017 State of Endpoint Security Risk Report, 54% of companies experienced one or more successful attacks that compromised data and/or IT infrastructure. And it’s not just SMBs who are at risk. High-profile breaches like those of Target, Neiman Marcus, and Uber have proved that even large enterprises are not doing enough to secure their networks and data centers.
To implement a security strategy which can secure data and make endpoints tamper-proof, a detailed understanding of attack vectors is essential. This helps security teams to choose the right security products and create a security architecture specific to their security needs. Here are five of the top attack vectors used by a majority of cybercriminals.
Malware is designed in a way that it can easily infect the target system. There are numerous ways through which the malware might spread. One of the most popular models is spreading through an email attachment. Attackers also hijack the network communication protocols to spread the malware in the network. Modern-day attackers also use fileless malware for attacks because of their high success rates. In the case of ransomware, the malicious code encrypts files on the endpoint while demanding a ransom notice for the decryption key.
Phishing is carried out through emails with the intention of tricking the recipient into disclosing sensitive information such as usernames, passwords, or credit card details. Recent phishing attacks also use attachments like PDF, ZIP file, Word documents containing malicious code as attachments. These emails appear to be from a trusted source like your bank, insurance provider, or colleague but are aimed at installing malware on the host systems. Advanced malware strains can also spread to other systems on the network. While phishing uses a generic email format, spearphishing campaigns use emails that are customized to target key executives or decision makers.
3. Potentially Unwanted Programs (PUPs)
As the name suggests, PUPs are unwanted programs that you might have unknowingly consented to when installing a program or downloading files. PUPs usually include spyware, adware, and dialers which keep running in the background. PUPs can log keystrokes to find out your passwords (spyware), monitor browser cookies to serve unwanted ads (adware), or dial telephone lines at other locations (dialers). Most PUPs are downloaded from untrusted sites as well as the app stores.
4. Account Hijacking
Also known as brute-force attacks, these types of attacks are accomplished with the help of raw computing power coupled with automation, in order to guess login credentials. Automated software is used to generate many consecutive guesses of a probable password or pin. Such attacks can be prevented by creating an account lockout after a specific number of failed login attempts. Database admins can also use quick challenge-response test like a CAPTCHA to prevent automated password submissions.
5. Unpatched/Outdated Software
Endpoints and special-purpose systems like POS terminals, check-in kiosks, vending machines, and ATMs running on legacy or unpatched software are easy targets for hackers. Many high profile attacks like the WannaCry attack on National Health Services, UK and the Equifax breach were successful because of endpoints that were running on unsupported/unpatched operating systems. In such cases, attackers use the systems inherent vulnerabilities like Windows Server Messaging Block to take access and move laterally within the network.
Securing Endpoints Against Cyberattacks
Cybercriminals attack endpoints because most enterprises have no visibility or control of processes running on their endpoints. Endpoints are usually protected by signature-based antivirus software which can easily be circumvented by sophisticated modern-day malware strains. Also, most antivirus software is reactive which gives the malware enough time to exploit system vulnerabilities before being discovered.
By switching to a signature-less approach that works at the kernel level, enterprises can detect, alert and prevent unauthorized processes running on your end-points and critical servers. When enterprises have complete visibility and process control, even legacy and unpatched systems can be secured by allowing only known whitelisted processes to run, while ‘not-allowing’ all other unwanted/malicious processes and child processes. This eliminates the need for disparate anti-virus tools, signature updates, patch management software, and SIEM products.
The Ponemon Institute 2017 State of Endpoint Security Risk Report estimates that the cost of a single successful attack on a large organization could go over $5 million or an average of $301 per employee. By effectively locking down all endpoints and making them tamper-resistant, enterprises can simplify their security journey while drastically reducing the attack surface of the data center.
Here’s more information on how ColorTokens can help protect your company from cyber threats