As technology advances, more businesses are relying on the internet for various business transactions, sharing of data, and many other purposes. Though the internet has the power to connect and network the world at a large scale, it also puts companies and its users at potential risk of exploitation. According to Gartner, privacy concerns and risk management within digital transformation initiatives will most likely drive additional security services spending through 2020 for more than 40% of organizations.
In the wake of various existing network attacks and the threat of new future attacks, network security has become a prominent concern for most organizations. From password cracking to botnets to security automation - let’s take a quick look at the top 7 types of network attacks that are likely to impact the cybersecurity landscape in 2020.
Phishing is one of the most common network attacks that is specifically designed to trick a victim into surrendering sensitive information such as passwords for online accounts, login credentials for work, credit card info, etc. In a phishing attack, the attacker sends emails that appear to be from trusted sources with the intention of gaining personal or sensitive information.
A phishing attack combines technical trickery and social engineering. A phishing email might contain a link to an illegitimate website that can trick you into downloading malware or entering your sensitive information such as user credentials. It could also include an attachment that loads malware onto your computer system.
Once the attacker has access to a user’s credentials, they can abuse those privileges to cause severe damage to your business’ systems.
Here are some actionable steps that you can take to prevent phishing scams:
- Employ a least privilege policy for users to limit the access of each user to the bare minimum required for them to fulfill their job
- Educate your employees about phishing emails so that they can recognize a phishing email
- Use anti-phishing solutions to identify fake emails that may contain dangerous links or requests for information from attackers.
Another type of network attack you should watch out for is a malware attack. This type of attack is designed to gain unauthorized access over a targeted system. In a malware attack, the malware often attaches itself to legitimate code and propagates; it can infect a particular system or lurk in useful applications and replicate itself across the entire network.
Malware is an exceptionally fast cybersecurity network attack that spreads itself across the host network and systems attached to it.
Worms are a popular type of malware attacks that are self-replicating and infectious, often causing catastrophic destruction. Unlike viruses, worms don’t need end-user action and are capable of simply self-replicating itself across networks and connected infrastructure. They use a network to spread, relying on its security failures on the target computer to access it, modify or delete it.
A worm spreading across a network can cause overloading of service requests which might subsequently result in denial-of-service attacks against particular nodes on the network.
To combat against malware attacks, ensure that you regularly update your browsers, plugins, and operating systems. Use anti-ransomware, anti-malware, and firewall technologies that help detect malware quickly and control the damage.
Eavesdropping attacks take place when an attacker intercepts the network traffic. By eavesdropping, a hacker can gain access to credit card numbers, obtain passwords, and other sensitive information that a user might be sending over a network.
Eavesdropping can be of two types:
- Active eavesdropping: An attacker actively grabs the information by impersonating a friendly unit and sending queries to transmitters. This process is called scanning, tampering, or probing.
- Passive eavesdropping: An attacker captures information by intercepting the transmission in the network between two or more parties.
How can you protect your network from eavesdropping attacks?
The best countermeasure for eavesdropping attacks is network segmentation and data encryption. In network segmentation, the computer network is split into different segments, allowing only certain key personnel and teams to connect to the network.
By limiting network access, you can ensure only authorized users have access to the network and prevent unwanted connectivity.
Denial-of-Service (DoS) Attacks
A denial-of-service (DoS) attack overwhelms the resources of a network so that it cannot respond properly to service requests. It often destroys the victim user’s network or entire IT infrastructure partially or fully, making it unavailable to legitimate users.
A DoS attack can be categorized as:
- Connection flooding: The attacker floods the network by establishing a large number of TCP connections at the targeted host. Such fake connections clog the network and hinder its capability to respond and handle service requests, thus making it unavailable for legit users.
- Vulnerability attack: The attacker sends several messages to the vulnerable application or operating system running on the targeted host, stops the service, and pushes it so far that the host might crash completely.
- Bandwidth flooding: The attacker sends a deluge of packets and prevents legitimate service requests from reaching the server. The packets sent by the attacker are usually large in number so that they can block the target’s link.
A DoS attack can cause a system crash which can lead to temporary or permanent damage to a network.
There are several ways you can combat a DoS attack. You can maximize bandwidth allocation or implement network isolation based on the incoming traffic. Additionally, implement limiting user access roles and privileges to define who can access the network.
Man-in-the-Middle (MitM) Attack
Another popular network attack is a man-in-the-middle attack where an attacker inserts themself between the communications of a server and a client. By placing themself in the middle, the hacker can capture, monitor, and control the communication taking place.
A common type of MitM attack is session hijacking, in which an attacker hijacks a session between a network server and a trusted client. The attacker substitutes the IP address of the trusted client while the server continues to run the session, trusting that it is communicating with the client.
Another common MitM attack is a replay, in which the attacker intercepts and saves old data and then attempts to send them later, trying to impersonate one of the participants. Such an attack can be easily dealt with by session timestamps or a random number or string that changes with time, known as a nonce.
Can you eliminate MitM attacks to secure your network?
Currently, there is no single configuration or technology to completely prevent all MitM attacks. However, digital certificates and encryption are effective safeguards against MitM attacks, ensuring both the integrity and confidentiality of the communications.
Brute-Force and Dictionary Attacks
Brute force attacks aim to knock down the front door of a network by attempting to discover the password of a service or system.
The most basic type of brute-force attack is an exhaustive key search in which the attacker attempts to log in to the system by trying every single possible password solution until the correct password is discovered.
However, an exhaustive key search can be a time-consuming process.
So hackers narrow down the field of possible passwords by using a heavily modified dictionary of terms, or rules based on usernames or other features that are known about the target account. A dictionary may contain popular names, movie or television characters, pet names, or any other characteristic that is common to the target user.
Dictionary attacks are much quicker with fewer possible combinations and a higher probability of success compared to the traditional exhaustive key search method. This doesn’t mean that a dictionary network attack does not have randomness at all, but it certainly reduces the number of trials and saves time.
How can you protect your network against brute-force and dictionary attacks?
To prevent brute-force and dictionary network attacks, here are a few simple measures that you can take:
- Lock an account after several failed login attempts.
- Add an extra layer of authentication and prompt the user to use a method like a captcha or secondary verification.
- Use multiple-factor authentication so that more information than a password is needed to log in.
Distributed Denial-of-Service (DDoS) Attacks
A distributed denial-of-service (DDoS) attack is a complex version of a DoS attack and is more difficult to trace and defend than a DoS attack. The attacker uses multiple systems that are already infected by malicious software to target a single DoS attack targeted system.
One of the most common types of DDoS attacks leverages botnets.
Botnets are a large number of compromised systems that are infected with malware and controlled by the hacker to carry out DDoS attacks. These bots often deluge the network’s processing capabilities and bandwidth leading to a DDoS.
This type of attack is hard to detect as these botnets are located in different geographic locations.
DDoS attacks can be prevented by RFC3704 filtering, which denies traffic from unauthorized or fake addresses and helps ensure that the traffic can be traced back to its original source network. Combine this with black hole filtering which dumps unwanted or unauthorized traffic before it enters the protected host network.
Lastly, make use of content distribution networks and leverage other common DDoS defense toolsets.
Attackers have many options, such as malware infections, DDoS assaults, brute-force password cracking, and man-in-the-middle interception, to attempt to gain unauthorized access to sensitive information and critical infrastructures. Nevertheless, there are ways you can protect your business against these potential threats.
Follow security basics like configuring your firewall to whitelist the specific hosts you need, implementing strong password policies, and using least privilege access. You also need to be extra vigilant today because attackers are constantly coming up with more sophisticated and hard-to-detect attacks.
About the guest author
Aaron Cure is the Principal Security Consultant at Cypress Data Defense and an instructor and
contributing author for the Dev544 Secure Coding in .NET course. After 10 years in the U.S. Army, I decided to switch my focus to developing security tools and
performing secure code reviews, penetration testing, static source code analysis, and security