Cyber attacks - the illusion of a safe network

29 April 2016 by Kathrin Brekle

In the early years of the internet, it was often recommended, when addressing the question of security in the net, to disconnect the connected computer to the Internet from the rest of the working processes. That way, the malware from the net would not corrupt the data of the companies. It used to be a simpler and more efficient suggestion, obviously no longer practicable in the current era of almost total connections: rarely can a firm avoid having a computer network. However, the constant connection to the Internet – also from mobile devices – makes these nets easily vulnerable and this is why sensitive data must be more and more protected.

What are the threats?

Cybercriminals use unprotected web protocols to launch their attacks. These protocols are responsible for the exchange of data between computers and net providers, the most popular being the TCP/IP protocol. Under an insufficient protection, what is known as man-in-the-middle attacks can be started. If an attacker has obtained access to a computer network he or she can stand between two communication partners without being noticed. That way the intruder can hear – or rather read – the whole communication content, impersonate one of the communication partners or intercept confidential data.

If the chosen target is suffers first-line damages, a DoS (Denial of Service) attack is generally used. This means that the server or other components in the data network are showered with a massive quantity of requests until the attacked computer is overloaded and the data transmission is reduced to the extreme or totally balanced.

In attacks to big providers the DDoS attack is used (the first “D” stands for “distributed”), which in most cases requires many infiltrated private computers.

1. Attacking scripts

Unclean/corrupted search features or login areas on company websites can represent a source of threats. In them, the attackers can, under given circumstances, use Cross-Site-Scripting (XSS). With the assistance of the JavaScript available in the browser, a smart attacker can for example steal login and password-related data. In these sites the attackers can also request bank data content with the help of SQL-Injections. If the right SQL commands are entered in the input field it can be possible to access credit card numbers or customers data from the data bank, which is why input fields should only be created by professionals.

2. Attacks from within

The real most significant danger comes however not from outer sources but from actual employees. It’s not intentional (although it may sometimes be the case) but as a result of clever manipulations of criminal attackers, in other words: “social engineering”. The crooks pass themselves off as fellow technicians who must repair the faulty software and need therefore the coworker’s password. Another one of their preferred ways of obtaining access to a secure network through devious means is sending fake emails from the executive department.

3. Protect your server!

One might find oneself frowning with surprise at how a firm can on one hand promote strict security measures for computers and networks and on the other hand places the server in simple wardrobes or unsafe basement rooms. It is no big deal for an experienced attacker to provide himself or herself with interesting data in such scenario. What’s more, not only the server but also the rest of the software to be used by the firm network should be well secured. Hubs and switches are easily tapped if not placed behind closed wardrobe doors and network cables should be placed on walls or ceilings. Since wireless networks must have the highest WAP2 encoding there must not be any explicit prominence.

4. Always up to date

It should be obvious but it keeps being overlooked: for security reasons, software must always be updated. Updating the software of operative systems, antivirus software and browsing and mail programs reinforces security and makes the system less exposed to pests of other kinds.

Security measures are also useful for the frequent unwanted firewall. Data transmission is monitored and after it is decided which data and in which quantity enters or exit the net. The most common problem here is the configuration –it is not rare for the strict rules to be conveniently loosened up to make the handling easier, so the security of the net plummets down.

Can a network be completely safe?

The answer could be: generally, yes. Users who comply with all possible security rules and keep their knowledge about the threats their networks face always updated (and use implements new security information as soon as possible) should theoretically not be a candidate for getting in trouble. However, as people do not work like machines, there is always some risk left. In addition to this it should not be forgotten that today’s cybercrime is usually performed by highly professional bands with generous financial resources. Nowadays  a well-protected network should not have any problems from malware downloaded from the net by script kiddies. Nonetheless, in the past few years criminals have become more and more astute in their war against antivirus and other Internet security programs. Even if in most cases the pest is detected quickly, hours, days or even weeks can pass until the information and the right assistance reach the person in charge and then the user.

For this reason, the answer to the above-mentioned question can only be: it is almost impossible for a net to be 100% safe, although safety issues should still be handled in a productive manner. Especially in the era of blackmailing malware such as Locky, TeslaCrypt and Konsorten, we can only repeat this advice: perform regular backups.

I would like to finish this article with an old joke from the IT Department: who has never encountered a cybercriminal is either still waiting for their visit or has not noticed it at all.

Load more comments
Thank you for the comment! Your comment must be approved first

New code