A DANGEROUS MINEFIELD – BEWARE THESE 6 TYPES OF CYBER ATTACKS
As the newest Accenture Cyber Security report highlights, cyber attacks in 2021 continue to evolve – becoming more widespread, speeding up deployment, and getting creative in their choice of entry points and overall strategies.
Furthermore, the current trend of diversifying targets – ranging from smaller companies to huge industrial sites – means that no one is safe.
In this article we’ll take a look at some of the most common types of cyber attacks of today, and talk about their specific modes of operation.
1. MALWARE
Malware is the most well known type of cyber threat – with average users almost certainly encountering some form of a computer or mobile virus in the past decades. The umbrella term of malware encompasses many different things; it can refer to Trojan horses, spyware, adware, rootkits, various viruses and computer worms, or the growing threat of ransomware. This is precisely why defending against malicious software is becoming more and more difficult – as many of its forms represent separate forms of threat. The latest statistics also show that the evolution of malware is far from over:
- with at least 560,000 instances of new malware being created and detected every day
- with the number of detected malware variants rising by 62% in 2020, leading to things like cryptojacking, RaaS, and use of AI
- with the number of IoT malware attacks rising 700% during the pandemic
The way malware operates is by exploiting network vulnerabilities, infiltrating systems through links and corrupt email attachments. Once it’s successfully inside your company network, malware can corrupt your database, steal information, block access or even disrupt entire components of your system – indefinitely halting operation, compromising data integrity and damaging productivity. The best way to secure your company against these types of attacks is to look for a custom-designed Next Generation Firewall: a solution that not only represents the best of ‘old gen’ firewalls, but comes with an option for continuous updates in order to keep up with the newest developments in cyber security.
2. MAN-IN-THE-MIDDLE
We discussed MitM attacks in our recent webinar with Cisco – this “eavesdropping” strategy is to subtly infiltrate a two-party channel of communication. Without either of the parties knowing they are there, the attacker can either influence their communication by filtering or adjusting sent data, or stealing it. It is another diverse type of attack with many different entry points and techniques, like sniffing, packet injection, session hijacking and SSL stripping. MitM attacks on industrial networks tend to target connections between different components of the cyber-physical system, interrupting, for example, the communication between the operator and the PLC (Programmable Logic Controllers). These types of infiltrations can carry critical consequences – while it is not confirmed if it was a verified MitM strategy, a 2016 attack on “Kemuri Water Company” has shown what kind of dangerous power access to PLC brings. The hackers were able to control and change the level of chemicals used for treating the water; not having enough information on the process of water treatment itself, the attackers luckily did not inject enough toxic substances into the pipeline – but the danger of this attack is very evident. The best way to defend yourself from potential MitM attacks is a firm access control hierarchy, as well as strong WAP encryptions.3. DISTRIBUTED DENIAL-OF-SERVICE
DDoS is all anyone can talk about lately; the latest quarterly numbers show that even on the slowest day there will be at least 60 DDoS attacks – while the ‘busiest’ day of the past quarter (June 2nd) recorded 1,164 attacks globally.
These increasingly very common threats to large enterprises use multiple devices to flood servers with traffic to the point of exhausting available resources and bandwidth. The overwhelmed system can’t fulfill the customer’s needs – resulting in those familiar screen messages that the company’s service is “unavailable at the moment”!
This multi-angle approach of DDoS attacks, and the length of the disruption they cause (the longest recorded being 776 hours!), cause major disruptions: loss in time, crucial data, and revenue.
With the recent push to employ more IoT into industrial operation, IIoT devices have become one of the newest targets for DDoS attacks.
How to best approach defending yourself from DDoS? The current accepted best practice is integrating an advanced security solution into your system – one that provides real-time threat intelligence.
4. PHISHING
Phishing emails remain one of the most common tactics of entrance into an Industrial Control System.
The 2021 Otorio Industrial Cybercrime Impact research reports a dramatic rise in phishing campaigns – a shocking 700% uptake of phishing emails in just the very few months of the pandemic. If these common attacks are successful, they give their deployers direct access to the operational network.
To prevent phishing from becoming a full-scale issue within your network, a dedicated access control strategy must be implemented in your security protocols.
5. REMOTE ACCESS ATTACKS
With the abrupt switch to remote work early last year, a significant number of critical infrastructure sites became much more exposed to a previously not widespread threat: infiltration through remote access.
Malicious actors, seeking to gain from this unprecedented move within industrial operations, took advantage of Remote Desktop Protocol (RDP) in order to access engineering computers and ICS systems. As per Otorio’s report, the number of attacks targeting remote access vulnerabilities increased by 768% between Q1 and Q4’20.
As remote work does not seem to be going anywhere, so too grows the threat of remote access hacks – in the first quarter of 2021 alone there have been discovered and reported more than 52 new remote access vulnerabilities in industrial automation and control systems.
A noted case of a system infiltration via remote access was the Florida Water Treatment attack in February this year – similar to the case of “Kemuri Water Company” mentioned above. The goal of the threat actors was to increase the existing ratio of chemicals in the water, which could have potentially led to significant fatalities. The hackers gained entrance to the ICS due to an unsecured remote access software package called TeamViewer, which only draws attention to the importance of a securely configured remote access solution.
6. COBALT STRIKE
Cobalt Strike represents a commercially available tool that has since its launch been repurposed to malicious intent. In fact, a 161% increase has been reported when it comes to the use of Cobalt Strike in cyberattacks.
This network vulnerability testing product has become a major prop for threat actors in recent years: used to harvest data, deliver malware and create fake C2 profiles to escape threat detection.
Notable ransomware groups such as Egregor and Revil lean heavily on Cobalt Strike as their method of entrance into industrial networks. What’s more, some cybercrime groups have been working on designing their own custom loaders to deliver Cobalt Strike.
Researchers point out the threat of Cobalt Strike-based attacks is only going to grow in the coming years – so the best way to prepare for this type of threat is to heavily anticipate it and invest in advanced threat identification and analysis systems.