The Anatomy of a Cybersecurity Attack

As technology becomes more sophisticated, so do hackers and the tools they use to get their hands on sensitive data. In the past several years, we’ve seen a rise in cybersecurity attacks and data breaches as cybercriminals successfully infiltrate companies using everything in their toolkits from malware and ransomware to social engineering tactics.

Why you should know what you’re up against

More than 50% of U.S. businesses experienced a cyberattack during the past year. In what could be considered the most publicized example, cybercriminals penetrated one of the world’s largest credit bureaus in July 2017, affecting 145 million people. While it was considered among the worst breaches of all time due to the vast amount of sensitive information exposed, it’s certainly not the first or the last of its kind.

In the first quarter of 2018 alone, Identity Theft Resource Center (ITRC) reported 8,815 breaches that collectively exposed more than one trillion records across sectors ranging from business and government to healthcare, education and finance.

When it comes to your business being targeted, it’s more a matter of “when,” not “if” – regardless of the size of your organization – and the effects can be catastrophic. It pays to know what you’re up against, and how you can protect yourself with a robust security program. Let’s take a quick look at some of the most common types of attacks wreaking havoc on organizations:

The starting line-up includes…

Malware comes in many forms, including ransomware and viruses, and can infiltrate a system with a simple click on a seemingly harmless email link or attachment. Depending on the strain of malware, the repercussions can vary from taking control of a machine and monitoring a user’s actions and keystrokes to silently stealing or corrupting confidential data from a computer or network.

A Distributed Denial of Service attack (DDoS) is just what it sounds like – a denial of service to one or more websites or networks originating from a multitude of different attackers. During a DDoS attack, the threat actor floods targeted services with an overwhelming amount of traffic to make them inaccessible for users. The ‘distributed’ nature of the attack means that it comes from many different IP addresses simultaneously, making it difficult to mitigate using traditional methods. One of the most notable sources for DDoS attacks, the Mirai botnet, was used in October 2016 to disrupt some of the internet’s biggest websites including Spotify, Netflix, Twitter and PayPal.

A phishing email is an unsolicited email that frequently appears to be from a reliable and trusted source. The subject line typically appears urgent and legitimate, but within the email lies a malicious attachment or a link sending the unsuspecting recipient to a seemingly authentic website, requesting them to log in for important information. However, the website is actually a trap set to capture the individual’s credentials.

Typically, internet communication happens between a sender and receiver. A man-in-the-middle attack occurs when a hacker can insert themselves between a user’s device and the website or app he or she is communicating with. This gives the hacker the capability to access an individual’s inbound and outbound traffic and can provide visibility on everything they do on the internet, including password submissions, browsing histories, credit card details, email accounts – you name it. This could be especially detrimental if an employee’s device is intercepted, as the cybercriminal now has access to both personal and enterprise data.

A brute force attack is a password-guessing attack in which hackers use technology to identify weak passwords and use them to gain control of accounts. This attack type can typically identify a weak password (usually eight characters or less) in a matter of hours. These attacks demonstrate the need for either a key-based authentication or traditional passwords with multi-factor authentication implemented to mitigate the possibility of an attacker gaining entry with a lucky guess or predictable passwords.

Social engineering is a masquerading strategy in which a hacker poses as a seemingly trustworthy individual, such as the CFO or HR representative, then tricks unwitting employees into willingly sharing confidential information or performing some other unauthorized action, such as wiring money to an illegitimate bank account. Social engineering can occur either in person or via email, phone, or text message. In one recent example, hackers masked their true phone number with one from the Washington, D.C. area and called their targeted victims, claiming to be IRS agents that needed to verify tax return information – including, of course, the victims’ social security numbers.

Business Email Compromise (BEC) scams are often carried out using social engineering tactics and are aimed at gaining access to the email accounts of employees or top business executives to embezzle money or steal information. Often, they begin with an email urging a password-reset for security reasons. In one example, after a CEO’s email was compromised, the attacker impersonated the CEO and sent an email to the Head of Finance, saying, “I’m heading out of town and will be out of reach for the next several hours, but we need to make a wire transfer asap to bank account #XXXXXXX.” According to the FBI, more than $5.3 million in global losses between 2013 – 2016 were due to BEC scams.

Playing defense

With so many different attack types, a breach these days almost seems unavoidable. However, that doesn’t mean enterprises should give up and roll out the welcome mat. Instead, understanding what you’re up against should be further justification for implementing effective and robust security controls.

There are many things executives and IT departments can do to improve a company’s ability to avoid and detect breach incidents, including implementing layered security measures.

Additionally, employee education is one of the most critical components of a strong security environment. More than 70% of employees reuse personal passwords at work, use weak passwords that are easy to remember (and decode), and store passwords insecurely – all of which are not best practice.

While passwords with 10 or more characters including numbers, letters, symbols or a phrase can dramatically increase security, the use of password managers and multi-factor authentication whenever possible are highly encouraged and more effective controls. Employees should also be aware of what to look out for – phishing emails, BEC scams, etc. – and know the proper response protocol if they notice something out of the ordinary. Employees can be the strongest or weakest line of defense for your organization; take the time upfront in educating your employees to ensure it’s the former.

The reality is, cyberattacks are going to remain a constant struggle for organizations — and continue to increase in their number and severity — until businesses can commit to, prioritize and implement security tools and policies across their entire organization. From employee awareness training to diligent cybersecurity protocols, the time is now to take control and protect your company, your employees and your customers from an inevitable breach attempt.

Resource Center

More security resources at your fingertips.

Practical Content for Security, DevOps, & IT Professionals