10 Common Security Threats in the Enterprise
The list of potential network security threats is long— much longer than we can possibly cover in a single blog post. CBT Nuggets security training goes in-depth, explaining the nature and characteristics of these threats and what to do about them.
In this article, we'll highlight just a few of them, how they've manifested themselves, and some simple strategies to deal with them. Our list is not meant to be a definitive Top 10, and we won't be able to cover each item comprehensively.
To learn more about protecting your network from security risks, consider taking our CompTIA Security+ (SY0-701) Online Training or looking for vendor-specific training.
1. Malware is Still a Large Network Security Risk
Malware is malicious software placed onto a computer system that is meant to damage, disrupt, or allow unauthorized access. This is really a category of security threats rather than a single example. Under malware, we could include a large sublist of threats, all with their particular methods and effects. Here is a brief list of malware types and what they are used for:
Spyware: Infiltrates and monitors an unsuspecting user's computer to obtain sensitive information such as passwords.
Adware: Automatically displays or downloads advertising software as a user surfs the web, and is often paired with other malware such as spyware or trojans.
Trojan virus: Gains access to a user's computer when it is disguised as legitimate software.
Worm: Automatically replicates and spreads from computer to computer as it takes advantage of vulnerabilities.
Keylogger: Tracks and records keystrokes of a user on their keyboard
Rootkit: Gains administrator-level access to computers and may remain invisible to users.
Botnet: Attacks computer networks or systems as a coordinated group of unsuspecting computers while controlled by a third party
Ransomware: Gains access to a computer and locks it down until the user pays a ransom.
Example of Malware: In January 2023, LockBit attacked the UK's Royal Mail, leaving millions of letters and packages stuck in the company's systems, freezing online tracking services, and crippling online payment services. LockBit threatened to publish all the data they had access to unless the Royal Mail paid a ransom. Royal Mail refused to pay, and the data was published.
Mitigation: Malware can be downloaded onto your computer using various methods. It can come through email, web pages, file transfers—any possible way that a malicious piece of software can be transported and added to your device's software repository. Prevention includes taking great care when clicking links. Never click on a link in an email from an unknown user. Spam emails are filled with such links.
To guard against malware attacks, you need good anti-malware (often called anti-virus) software. Make sure that your system regularly downloads updated versions of the software, including the lists it uses to identify threats. Run regular malware scans of your system and update all hardware and software when new updates are released, as these often include patches for known security risks.
2. How to Combat Phishing Threats
Phishing is a deceptive attempt to acquire personal or sensitive information from a user. The attacker might use social engineering or computing techniques to accomplish their purposes. Just like the rhyming word fishing, someone who is phishing is putting out some bait to see what he can catch.
The most common phishing method is the use of email made to look authentic that surreptitiously attempts to collect information from its victim(s). The email may imitate the look and feel of a bank or a retailer, then ask the email reader to submit account or credit card information. It is more than technical expertise. The design and text are a social and psychological ploy to get the reader to take action.
Example of Phishing: Here is a clever example of phishing that can deceive just about anyone who is not on their guard. When you go in to update your information, you are actually giving it to the attacker.
Mitigation: The best way to prevent phishing is to train your team to spot email phishing and social engineering attempts. One dead giveaway is the sender's email address. If you were actually getting an email from PayPal, it would include paypal.com/ in the email address. If you ever doubt an email's origin, look closely at the email address. But, of course, don't act on an email unless you are 100% certain of its legitimacy.
3. Password Attacks Threaten Your Entire Network
When your password is stolen, it can be used or sold on the dark web for exploitation. There are a number of ways that hackers can get your password. Here are some types of password attacks:
Dictionary attack: Uses a list of common words, sometimes with numbers at the beginning or the end.
Brute force attack: Uses a program to generate likely passwords.
On-path attacks: Impersonates an app or website to capture passwords.
Keylogger attack: Tracks the keystrokes used by a user to collect their password.
Social engineering attack: Uses phishing techniques or personal interaction to get passwords.
Credential stuffing: Uses email and password combinations for one account on others. For example, if your Netflix and bank passwords are the same and your Netflix password is released in a data breach, attackers could access your bank.
Example of a Password Attack: In 2020, Victor Gevers was able to access Donald Trump's Twitter account by guessing his password "yourefired", a reference to the phrase Trump often said on The Apprentice. Later, Victor did it again by guessing the password "maga2020!"
Mitigation: First, don't use a dictionary password. If you use a common word or any word that might come from a dictionary list, you are just asking to be hacked. You should be sure to use a strong password. You have seen the password requirements that call for a capital letter, a number, or a special character. Even if the software or website you are using doesn't require it, make sure to use strong passwords.
You should also consider using multi-factor authentication (MFA). Access requires more than just a password. Many email administrators set up automatic lockouts to prevent hackers from repeatedly attempting to guess their passwords. Another tactic is to use a password generator that creates random passwords.
4. DDoS Attacks are Getting Bigger
Distributed Denial of Service (DDoS) involves a large number of computers attacking a single target to prevent it from properly functioning. The participating computers are generally not willing to do this.
They may be infected by some form of Trojan virus that tells them to attack the target at a specific time. The idea is to flood the target machine or network so that all the processing from the many requests simply becomes too overwhelming and prevents it from doing anything else.
Example of a DDoS Attack: According to The Hacker News, the biggest DDoS attack ever was a 2018 attack on GitHub's code-hosting website. GitHub said, "The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. It was an amplification attack using the memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packets per second."
Mitigation: To prevent DDoS, establish a baseline of the normal traffic that passes through your computer or network. Once you have established the baseline, you will be able to set alarms and notifications to let you know when there is an abnormal amount of traffic — signifying a possible DDoS attack.
Another tactic is to have diversion techniques to send traffic that you suspect is from a DDoS attack. You can even automate this process.
5. 7 Types of On-Path (AKA MitM) Attacks
An on-path attack, previously called a "man in the middle" attack, occurs when someone impersonates a destination server, convincing the client that their transmission has been received and is being properly processed. A hacker's tools and strategies may be very clever, but 10-15 years ago, such ingenuity was not really necessary.
Back then, the majority of internet traffic was sent as clear text. Anyone with a packet sniffer could see passwords and other confidential information moving through the data stream. Nowadays, on-path attacks have to deal with security defenses such as encryption and digital certificates. A typical attack done today involves both interception and decryption.
This type of attack is often accomplished on a local network segment. If the attacker is logged onto a user's Wi-Fi network, for instance, they may be able to use tools to present themselves as the remote network device. This could allow the hacker to divert and collect sensitive data or monitor and record traffic as it passes.
On-path is a concept, but there are many ways to use it. For instance, a phishing scam could also be considered an on-path. There are seven types:
IP spoofing
DNS spoofing
HTTPS spoofing
SSL hijacking
Email hijacking
Wi-Fi eavesdropping
Stealing browser cookies
Example of an On-Path/MiTM Attack: On-path is a kind of session hijacking. Consider a financial transaction between two parties. Using sophisticated tools, the hacker manages to impersonate both sides of the conversation. Intercepting a secret key from one side, the assailant forwards their own secret key to the other.
The trust relationship is formed — a kind of handshake — but neither side realizes there's someone in between them. Once the seemingly secure link is established, the hacker substitutes their bank account information. Unknowingly, the buyer sends money directly to the hacker's account rather than the intended receiver.
Mitigation: Only conduct financial transactions over secure websites. You can tell a site is safe because it has HTTPS rather than HTTP in the URL. Sites with this protection use SSL/TLS and the public key infrastructure (PKI) to encrypt and transmit sensitive data.
One of the best ways to lock down your internet sessions is to use a virtual private network (VPN). VPNs create an encrypted tunnel through which you send and receive all of your internet traffic. They provide an added layer of protection beyond simply using secure websites.
Other strategies include using internet security software on your computer and strong passwords. Anything you do to increase the security of your internet traffic will prevent a man-in-the-middle attack.
6. Drive-By Download
Drive-by downloads remain a significant security risk. They occur when a user inadvertently downloads malware just by visiting a compromised website—they don't even need to click on anything. The malicious software often exploits vulnerabilities in the user’s browser or operating system or uses malicious ads that make it hard for users to avoid them.
A drive-by download might show up on a web page, an email, or a pop-up. You won't even have to click on a link if the hacker has mastered his hack. The download may install any of the malware discussed at the beginning of this article. Look for signs like;
Unusual apps in your program bar
Your web browser's homepage has changed
An unfamiliar toolbar in your web browser
New bookmarks that you didn't make
Pop-up windows display ads
Unusual files in different directories on your computer
Example of a Drive-By Download: You visit a seemingly legitimate website that has been compromised by cybercriminals. Without any interaction, a hidden malicious script on the site scans your computer and detects an unpatched browser plugin. The script then automatically downloads and installs malware in the background. Your device is infected, and you are none the wiser.
Mitigation: The first defense against drive-by downloads is to ensure your computer software is fully updated with all the latest security patches. New vulnerabilities pop up every day, and software makers like Microsoft work diligently to provide solutions for the latest threats using patches and updates.
Another way to guard against a drive-by download is to be careful at all times. Promiscuous browsing in dark corners online, as in life, can lead to unwanted results. Opening emails from unknown persons is probably not a good idea.
Make sure your spam filter and anti-malware software are updated and fully functional. You might also consider hardening your web browser—adjusting it to high security, for instance.
7. The Urgency of Rogue Software
You're surfing the web and suddenly see an urgent security message that you have a virus on your computer. You click the link to find out more. That's just one way that rogue security software can make its way onto your computer. But, once downloaded, it doesn't do any of the things it promised. Rather than securing your machine against external threats, it may become a serious threat to your system.
The fake application might be a teenager's prank, or it could be the source of all sorts of malware. While pretending to run scans on your computer, it could install any of the malware discussed above. It could even be ransomware, trying to disable your system until you pay a fee. Beware of these warnings that try to bait you into quick action to protect your system.
Examples of Rogue Software: Where do we start? The list of rogue software applications that have been roaming the internet is voluminous. And they usually use names that seem like real security programs or sound similar to legitimate software applications. Here is a brief list:
Antivirus System PRO
CleanThis
Eco AntiVirus
PCSecureSystem
Security Suite Platinum
Volcano Security Suite
SpyGuarder
My Security Shield
VirusProtectPro, for instance, installs itself on your system and then displays a message telling you that it is infected. And you are told to buy VirusProtectPro to take care of the problem. It's all a hoax.
Mitigation: To prevent your computer from the presence of rogue security software, you'll want to take all those standard measures that help with other issues. Get a good firewall and anti-malware (anti-virus) program and keep them operational and updated. Make sure you're getting regular software updates for your operating system so that all security patches are installed. And run regular scans to ferret out any malware.
Don't be fooled by frantic warnings about your computer system unless they come from the resident programs that you know and trust. Keep calm, and don't panic. If you do find some clue that rogue software may have infected your system, go to your trusty real security software, run the necessary scans, and be sure that it's either quarantined or removed.
8. Web Application Security Threats
Complex applications have taken over the internet, providing just about any kind of service you can think of. The threat surface of web applications is very broad these days, and there are a whole host of threats targeting online apps. We wrote a lengthy article on the subject of the OWASP Top Ten List, so we won't go in-depth here. Just as a reminder, here is the OWASP list from 2017:
A1:2017. Injection
A2:2017. Broken Authentication
A3:2017. Sensitive Data Exposure
A4:2017. XML External Entities (XXE)
A5:2017. Broken Access Control
A6:2017. Security Misconfiguration
A7:2017. Cross-Site Scripting (XSS)
A8:2017. Insecure Deserialization
A9:2017. Using Components with Known Vulnerabilities
A10:2017. Insufficient Logging & Monitoring
Example of a Web App Threat: As Computerphile expert Tom Scott tells us, "Any time you have to enter information or retrieve information using a website, it's interacting with SQL." With SQL injection, a hacker uses an attack string to input malicious commands or query and extract data from a confidential database.
Here's an example from W3Schools:
1 txtUserId = getRequestString("UserId");
2
3 txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
To trick the application, the hacker inputs the following: 1 105 OR 1=1
The computer sees the OR in the query, logically forgetting about the first part and just returning TRUE for the second part. Since 1=1 is always true, the computational result of the query is simply a list of all the users in the database table. With this neat trick, the computer can pass through software access controls.
Mitigation: We couldn't possibly cover all the mitigation techniques for web application hacks here in just one paragraph. The main thing is that software developers must keep security in mind as they write these programs. In the case of SQL injection, programmers — following best practices — use things like input validation, blacklisting, and whitelisting to ensure that acceptable input is received.
During the testing stages or even after production, a penetration tester (aka pentester) can target a website application to identify vulnerabilities.
9. IP Spoofing is Always in Style
When hackers want to pretend that they are sending traffic from another network device, they can send messages that contain the IP address of that other device. This is known as IP address spoofing. This is accomplished by modifying the source IP address in the header of an IP packet so that it matches the device being impersonated.
It's like sending a letter using someone else's return address. IP spoofing is a common technique for DDoS attacks because it can either hide the attacker's identity or make the traffic look like it's coming from somewhere else.
Example of IP Spoofing: Say an attacker wants to gain access to a particular network or IT resource that is limited to those in a particular IP address range. By modifying a source IP address, the attacker can fool system safeguards into thinking that it is an authorized user.
Mitigation: There are a number of ways to prevent IP address spoofing. Network administrators can limit access using access control lists. They can filter inbound and outbound traffic using specific parameters. The use of encrypted sessions using the public key exchange (PKI) can keep out IP-spoofing hackers. Routers and switches can also be configured to detect and reject traffic coming from outside their network.
10. Wireless Attacks and Evil Twins
You can probably understand the nature of this security threat from the name. But you may not know all the variations of wireless attacks. Two of the most common wireless attacks are rogue access points and evil twins. They are very similar in that they are both meant to deceive the user and entice them into connecting. You might also consider them on-path attacks.
A rogue access point is one that has been inserted into a wireless infrastructure, such as in an office environment, and set up to capture traffic from unsuspecting users. An evil twin is a wireless device, perhaps in a public place like a coffee shop, that has been given a name similar to the one people are expecting. For example, an evil twin at a Starbucks might have a name (SSID) that is spelled almost the same as the Starbucks wireless router.
Here are a few more types of wireless attacks:
Jamming: Sending interference signals to disable a legitimate access point so that users will use the attacking device.
Bluejacking: Pushing unwanted or deceptive content to a user's smartphone or computer over Bluetooth.
Bluesnarfing: Enticing a user to pair with another device in order to pull off data from the user through Bluetooth.
Social engineering: Getting a wireless access password from someone without authorization.
War driving: Driving through town looking for unsecured wireless access devices to exploit.
Example of a Wireless Attack: Some years ago, an unsuspecting network engineer (who shall remain nameless) forgot to turn wireless security back on his router after fooling with the configuration. Weeks later, he was surprised to get an email from a clever, snarky hacker who revealed that he had been snooping all over his laptop through the open wireless connection.
Mitigation: By all means, keep security on your wireless router, or at least a secure landing page. And if you're letting others use your wireless access point, be sure to keep good control of it.
One of the best protections against snooping and wireless attacks in a public place is to use a virtual private network (VPN). They're fairly cheap online, and you can get them for a small monthly fee. Get used to keeping your VPN on whenever you surf the web. This will give you peace of mind and an extra level of protection.
Final Thoughts
If you are responsible for the wireless network at your workplace, you need to monitor it. That might mean a regular audit or an effective monitoring tool. You need to know who's on your network, including users and devices.
Want to learn more about how to prevent the most common network security threats? Consider our CompTIA Network+ training with Keith Barker.
delivered to your inbox.
By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.