Author: EC-Council

When your business is connected to the Internet, LAN, or other methods, then the most crucial aspect for your business success and security is network security. A stable and secure network security system helps businesses from falling victim to data theft. It can protect your workstations from harmful spyware. No network is immune to attacks, but multiple layers of security in a network make it less prone to cyber-attacks. 

The last couple of years were crucial for every industry where severe security attacks targeted most business giants preparing cybersecurity professionals for another record-breaking year of network breaches. Thanks to the awareness raised on cyber-attacks, organizations are taking necessary measures to ensure that their security countermeasures are strong.  

Here are the most common threats impacting the network system of many enterprises to a large extent, and that will most likely remain potential threats in the future: 

• Viruses and Worms 

A virus on a computer is a nightmare for everyone who works on computers and is connected to the Internet. According to Internet World Stats, 56.8% of the population is connected to the Internet in 2019, all of whom are exposed to virus threat [1]. While few viruses may seem practically harmless, viruses, such as Klez, have stolen confidential emails and spread them around the web via emails, causing millions of dollars in damages due to an insecure network. The virus also cost Target US$148 million to recover data of 40 million credit card numbers [2].  

Viruses can send spam, corrupt and steal your data (including confidential information, such as passwords), disturb your security settings, and can also delete data from your hard drive.  

• Botnets

Botnets are a network of compromised systems that are controlled remotely and are used to launch massive malware attacks. Botnets can be used to launch a distributed denial–of-service (DDoS) attack, which engages the network of the website with fake requests that cannot process any legitimate request.  

The latest botnet, Emotet, accounted for two-thirds of payloads delivered by email at the beginning of this year, plaguing businesses and individual networks across the world. During its initial days, it appeared like a banking Trojan, and now it has evolved into a full-fledged botnet because it is leased out to cyber attackers to deliver their malware as a secondary payload. 

Emotet accounted for 61% of all malicious payloads spread via phishing messages during the first quarter of 2019 [9]. 

The first defence against botnets is to keep your systems clean with no malicious content, your antivirus updated, patches installed and updated, as well as a joint approach from all the team members in the team to adhere to security policy.  

• Phishing Attacks 

Phishing attacks are one of the most common forms of cyber-attacks and are still a critical network breach. It is a type of social engineering attack. The Phishing Trends and Intelligence Report of 2019 revealed that 83.9% of phishing attacks target credentials for financial, email, payment, cloud, and SaaS services [5].  

Recently, the Oregon Department of Human Services (DHS) became a target of a phishing attack where nine Oregon DHS employees fell victim to emails compromising the data of an estimated 350,000 patients [6]. 

Phishing attacks are said to be the most significant challenge for cybersecurity in 2019. To spread awareness on it, Alphabet (Google) launched an interactive phishing quiz website aimed at raising awareness on the dangerous impacts of phishing emails and identifying the various types of phishing attacks. Unfortunately, phishing attacks are hard to avoid, and to combat them vigilance is critical. 

• Exploit Kits

Exploit kit is an automated type of attack that is self-contained and sold on the dark web. When the exploit kits navigate to a landing page, it scans the user’s system, and on reaching the vulnerabilities, the compromised website will divert the web traffic to a malicious website. Exploit kits are discreet and are detectable with antivirus and intrusion prevention systems.  

Malwarebytes report of 2018 suggested that exploit kit developers are taking advantage of a recent surge in zero-day vulnerabilities [7]. The report also addressed that more attacks like this are likely to occur in the future. Researches detected a zero-day flaw that involved Flash Player’s ActionScript language and used in two consecutive exploit kit attacks. The security leaders should adopt antivirus protection and implementation of patch-management policies to reduce the risk of exploit kit attacks.  

• Ransomware

A ransomware attack is one of the most dreaded among all cyber-attacks. The attackers execute the attack by infecting database, encrypting data, and then demanding a ransom, threatening to delete the files if the demanded ransom is not paid. About 67% of businesses attacked by ransomware have lost their company data permanently [8]. 

Ryuk, a ransomware attack that targeted networks of large infrastructures, including Florida City and Georgia courts, is among the latest ransomware attacks. It disables the Windows system restore setting, making it difficult to retrieve encrypted data. This ransomware attack alone has already resulted in Florida City paying US$600,000 to retrieve encrypted data. 

Maintaining a backup of the data and implementing a ransomware recovery strategy to continue providing uninterrupted service even in the case of an attack is one of the most basic ways to bypass a ransomware attack.  

• DistributedDenial-of-Service 

DDoS is an attempt to make an online service unavailable by flooding it with traffic from different sources. DDoS attacks target websites of banks, news, and important websites used to publish and access important information. By doing so, a genuine user will not be able to access the data. It is a very damaging form of a cyber-attack, which is disastrous for businesses that sell their products or services online.  

“Major DDoS attacks increased 967% during the first half of 2019,” according to the Tech Republic [3]. The Annual Cybersecurity Report of 2019 stated that a bulletproof DoS or DDoS attack could cost an enterprise more than US$2 million or up to US$120,000 [4]. 

Web application firewalls serve as a great tool to defend your network from a DDoS attack. An early detection is a vital tool in defending your network. By applying multiple security solutions, you can create custom rules that can help you to block common attack patterns and deploy countermeasures immediately after identifying network discrepancies. If your site is hosted in the cloud, there should be additional protection measures in your cloud service.  

• Adware and Spyware

Adware collects data from your browser, many times with your consent. It is also a legitimate source of income to many companies who offer a free version of their software or product to the users. Very often, this software is accompanied by a display of various advertisements. This is becoming more popular with smartphone apps where app developers offer the app service for free, taking your consent to advertising within the app. The presence of these apps may sometimes affect the performance of your Internet speed or slow down your processor too. Adware, when downloaded in your computer or smartphone without your consent, is considered to be malicious.  

Spyware also accesses your browser information but is installed on your computer without your consent. It may have keylogger functionality that can track your personal information, including email addresses, credit card details, passwords, and other crucial data.  

SimBad is a mobile adware campaign that was identified in the first quarter of 2019. The adware has received 147 million downloads across 210 infected apps on Google Play Store until Google removed the app. Among its many notorious activities, such as hiding the icon to prevent the app from being uninstalled, SimBad can perform spear phishing attacks on the user [10].  

Spyware and adware, when installed, can quickly spread across the network, making all connected devices vulnerable. Though it is not easy to protect your system from such attacks, dual verification of the authenticity of any software or app should be ensured.  

Network security is critical with the growing complexity of the attacks. Though most organizations hire network or system administrators who are made responsible for network maintenance, they often lack proficiency in dealing with network threats. For effective network security, a diligent network security person who is competent in dealing with security threats and vulnerabilities is required. EC-Council’s Certified Network Defender (C|ND) program encompasses the skills and knowledge that are crucial to defending any network. Through this program, the candidate will learn the techniques to protect, detect, and respond to the network attacks. It covers 14 of the most current network security domains, and the various aspects of network defense fundamentals, application of network security protocols, secure IDS, VPN, and firewall configuration.  

Sources 

1. https://www.internetworldstats.com/emarketing.htm 
2. https://www.whoishostingthis.com/blog/2015/06/01/8-worst-viruses/ 
3. https://www.techrepublic.com/article/major-ddos-attacks-increased-967-this-year/ 
4. https://www.bulletproof.co.uk/industry-reports/Bulletproof%20-%20Annual%20Cyber%20Security%20Report%202019.pdf 
5. https://info.phishlabs.com/blog/2019-phishing-trends-intelligence-report-the-evolving-threat 
6. https://www.cshub.com/attacks/articles/incident-of-the-week-oregon-dhs-target-of-phishing-attack 
7. https://securityintelligence.com/news/exploit-kit-creators-target-oft-forgotten-vulnerabilities/ 
8. https://www.csoonline.com/article/3212260/ransomware/the-5-biggest-ransomware-attacks-of-the-last-5-years.html 
9. https://www.zdnet.com/article/malware-and-botnets-why-emotet-is-dominating-the-malicious-threat-landscape-in-2019/