Awareness of cyberattacks is necessary for all users on the Internet. Cyberattacks can lead to great damage to the computer system, personal life, finances and other consequences. Those behind modern cyberattacks are often experts, highly qualified professionals and well-funded, which is why there is so much news. However, understanding cyberattacks will help counter cyber threats.
- What is a Cyberattack?
- What are the Targets of Cyberattack?
- Types of Cyberattacks
- Latest Cyberattack
- CyberAttack Trends
- Cyberattacks Prevention
- How Vulners Can Help Prevent Cyberattacks
What is a Cyberattack?
Cyberattacks are unwanted destructive attempts to disable or take complete control over a target system, steal data, disclose, modify, disable or destroy information through unauthorized access to computer systems. A cyberattack can be launched from anywhere. An attack can be carried out by an individual or a group using a bunch of different tactics, techniques and procedures (TTP). Most often, cybercriminals use various methods to launch cyberattacks, the most common are phishing, malware, exploiting vulnerabilities or insiders (access bought or obtained by fraud)
What are the Targets of Cyberattack?
There are a number of main targets of adversaries in cyberattacks:
- Control Systems: Control systems that actuate and monitor industrial or mechanical controls such as control valves and valves on a physical infrastructure.
- Energy: Cybercriminals can target electricity or natural gas lines that power cities, regions, or households.
- Finance: Financial infrastructure is often targeted by cybercrime due to the growing interconnection of computer systems and financial systems.
- Telecommunications: Denial of Service (DoS) attacks often target telecommunications to disrupt normal operations and cause outages.
- Transport: Successful cyberattacks on transport infrastructure have a similar impact on telecommunications attacks, affecting transport schedules and availability.
- Water: Water supply infrastructure is often controlled by automated systems and microcontrollers, making it a big target for cybercriminals and one of the most dangerous if hacked.
Types of Cyberattacks
Research and reports show modern attacks are a complex activity. The description of most cyberattacks can be described by kill-chains: NIST and Loсkheed Martin. At each stage of a cyberattack, various attacking tactics can be used, which in fact are only part of the attacking activity. Note that next we will look at the basic attack tactics that are often used in cyberattacks at different stages.
Malware is part of most cyberattacks. Malware developers can be either highly qualified professionals or vice versa, script kiddies who try their hand at new activities. Modern malware trends show that attackers are actively monitoring and using the latest attacking techniques. For example, LemonDuck malware, after hitting the targeted one, scans it to detect other malware and, if successful, removes the competitor's photos. Or another example, malware as a service is becoming popular. This is when groups of people develop the appropriate software, sell it on the dark web for other attackers.
Ransomware is one of the type of malware families. Their main goal is to distribute and encrypt user data on available hosts in order to demand a ransom. Ransomware is often used by advanced persistent threat (APT) groups, whose goals are to make money, completely stop the work of the organization, or hide their fingerprints after the network assets are completely compromised.
Phishing and Social Engineering
Phishing is malicious emails with links to a malicious resource, or malware attached to the email. Such letters often work with the psychological side of employees. For example, in 2020 there were very popular letters with the subject of coronavirus, which misled victims and forced them to open such letters. Accordingly, social engineering is part of phishing attacks. But also, it can be used separately. For example, someone may introduce himself as an employee from IT support in the company and ask you about account password. These methods are very popular with attackers for the initial access stage of the attack.
Denial-of-service (DoS and DDoS) attack
We have already mentioned DoS and DDoS in the article about database security. This is the simplest and easiest to understand type of attack, the main purpose of which is denial of service. Botnet malware based on a huge number of infected devices can be used in such attacks. Also, attackers can make any demands to stop DDoS. Also, there are vulnerabilities that lead to DDoS attacks.
SQLi is a vulnerability in web applications and their database. The web application database can store critical information that an attacker can use for further actions. Sql is a vulnerability in which a web application incorrectly processes database queries.
Measures to counter such vulnerabilities: a secure development lifecycle and a regular vulnerability management process are sufficient.
Zero-day vulnerabilities are among the most dangerous threats. 0-day vulnerability means that no public fix has been released for it yet and no one was previously aware of it. Since there is no information from this vulnerability, it means that it will not be detected by accurate detection, and it will be able to bypass most of the security measures.
DNS tunneling is most often the final stage of a cyberattack and is designed to exfiltrate information through DNS records. The second purpose of this technique is to use DNS as a communication protocol for payload. This is especially useful for attackers in a DMZ or other secure network.
Let's take a look at the most recent cyberattacks up to the time this article was written.
In September, Uber announced the hacking of the infrastructure and the start of an official investigation involving intelligence agencies and law enforcement. The incident immediately hit the headlines of the world media. As a result of an attack, the company was forced to turn off its internal communications and engineering systems to establish extent of the incident and minimize impact. The culprit of the attack turned out to be an ordinary 17-year-old boy from Oxfordshire, as reported by London law enforcement agencies. It is worth noting that it is assumed that the same attacker is behind the Rockstar Games break.
The leak from Rockstar amusingly coincided with the hacking of her brother: the 2K Games support service was hacked and sent malware through it to steal RedLine information. The players received letters allegedly in response to tickets they had opened with links to download the malware archive. It is not yet clear if the hacks are related to each other, but it is known that the attackers hijacked the account to access the platform.
Cloud service Heroku confirmed the theft of users' personal data after being hacked using OAuth tokens in April this year. The stolen OAuth tokens gave the attacker access to Heroku's internal database of accounts. And, accordingly, user passwords were leaked. The attacker also downloaded several private GitHub repositories with Heroku sources.
Global cyberattack trends change every year. For example, Supply Chain attacks have become more frequent recently, when a supplier or vendor of software used by other organizations is compromised. Also, it is becoming popular to hack mobile devices through well-known messengers for the purpose of spying and stealing information. Next, we will consider these and other most significant trends.
Software supply chain attacks on the rise
Supply chain attacks have become a top cybersecurity trend in recent years. The most famous of these are SolarWinds and Kaseya, it was these attacks that made such a threat known. Also, attacks on open source software supply chains pose a significant risk to organizations today. Attacks on third-party providers allow an attacker to dramatically scale and amplify the effects of their attacks, as evidenced by the alleged attack on Okta in March 2022.
Ransomware attacks are not going away
A type of malicious software or malware designed to deny access to a computer system or data until a ransom is paid. Ransomware gangs do not stand still and the optimization of activities associated with updating their ecosystems and technological infrastructures is already an established practice. Ransomware-as-a-service (RaaS), which is a business model in which malware developers rent out ransomware and its management infrastructure to other cybercriminals, is gaining popularity.
Crypto miners waste corporate resources
There are more and more automated and simple malware that scans the Internet for known vulnerabilities, hacks them and installs mining software. This is one of the cheapest attacks for attackers. To implement this attack, the most important thing is to gain access to the target system and install the miner. The most advanced gangs can combine the work of miners with the work of a cryptographer, for example, Wannamine.
Mobile device attacks
As companies increasingly rely on mobile communications, cyberattacks are increasingly targeting mobile devices. For most top managers, mobiles are the main means of communication with employees. Pegasus by NSO Group is the most well-known threat to mobile devices, it is far from the only mobile malware. Modern mobile malware uses the most trending vulnerabilities and exploits to bypass the security mechanisms of modern devices. To minimize risks, first of all, digital hygiene is necessary on all devices and the use of all built-in protection mechanisms.
Threat intelligence tools collect data from a wide range of feeds and sources of information, and allow an organization to quickly identify Indicators of Compromise (IOC), use them to identify attacks, understand the motivation and behavior of a threat actor, and plan an appropriate response.
WAF protects web applications by analyzing HTTP requests and detecting suspicious traffic. This can be incoming traffic, like an attacker trying to carry out a code injection attack, or outgoing traffic, like malware deployed on a local server interacting with the Command and Control Center (C&C).
DDoS protection solutions can protect a network or server from denial of service attacks. This is done using dedicated network equipment deployed by the organization locally or as a cloud service. Only cloud services are capable of repelling large-scale DDoS attacks involving millions of bots, because they are able to scale on demand.
Bots account for a large percentage of Internet traffic. Bots create a large load on Websites by taking up system resources. While some bots are useful (e.g., bots that index Websites for search engines), others can perform malicious actions. Bots can also be used for DDoS attacks as part of a botnet to remove content from Websites, automatically perform attacks on Web applications, distribute spam and malicious, adware, and more.
Today, more and more organizations are incorporating new cloud solutions into their infrastructure and sometimes even implementing their entire infrastructure on the cloud. Cloud service providers take responsibility for the security of their infrastructure and offer built-in security tools that can help cloud users protect their data and workloads. However, the capabilities of third-party cloud security tools are limited, and there is no guarantee that they are used properly and that all cloud resources are truly protected. Also, there are risks of misconfiguration such systems: insecure configurations, passwords in plaintext, test accesses, etc.
We have already released a separate article on this topic (link). Databases are present in almost all information systems and contain confidential, critical information and are its one of the main targets of attackers. Database protection should be part of the company's cybersecurity processes, including proper configuration to ensure access and monitoring of malicious activities. Database security solutions can help prevent problems such as excessive privileges, unpatched server vulnerabilities, etc.
How Vulners Can Help Prevent Cyberattacks
Vulners is the largest database of vulnerabilities, where you can always find the most up-to-date information on vulnerabilities: in the wild or not, social media mentions, exploits or news. Also, you can use Vulners database to build your own vulnerability management process or improve current one. Additionally, you can subscribe to news about the software that you use in the company and receive timely notifications with actual information, because Vulners database is continuously updated and each record correlates with each other.
Many companies believe that there is no need to pay enough attention to information security and do not finance this area properly. Unfortunately, practice shows that the company begins to invest in information security after major incidents or complete compromise of the network. Attackers are often high-skilled guys and know about described problems in a lot of companies. Cyberattacks happen in different companies every day and are often successful.
What are the consequences of a cyberattack?
With a successful attack, the company incurs huge reputation, financial and other losses. To be sure of the security of a computer system or an entire network, it is necessary to regularly improve the cybersecurity of the organization: conduct trainings for employees about phishing, use antivirus and other security systems, as well as perform vulnerability management processes in the infrastructure.
What is a Cyberattack?
Cyberattack is an attack on a computer network or a separate host with destructive purposes.
How does a Cyberattack happen?
Cyberattacks happen for a variety of reasons. Often, attacks occur due to common user’s mistakes such as weak passwords, misconfigurations, and so on.
How should companies respond to a Cyberattack?
Companies should take information security seriously and create plans to respond to cyberattacks, as statistically this is the cause of increased damage.
What is the difference between cyberattacks and cyber threats?
Companies should take a comprehensive approach to information security issues and create incident response plan to cyberattacks, as statistically this is the cause of increased damage.
How can you protect cybersecurity?
The user should observe digital hygiene (do not open suspicious emails, use strong passwords, etc.) and use cybersecurity products and tools: antivirus, password managers, two-factor authentication and other means.