There seems to be no end to evolving security attacks aimed at computers and servers in these times. Every system is at risk of malicious attacks via a growing landscape of viruses and malwares created with different intentions however most recently the focus has strongly shifted to those of financial gains.
The increase in the problem can be partly contributed to the significant growth in the use of mobile devices and cloud based applications across the internet, increasing the number of targets and subsequently the profitability of creating and distributing malware. This makes securing your business’ vital resources more important than ever whilst still trying to keep the flexibility of mobile devices that we desire in the modern world. In my last post on the IPv4 to IPv6 Protocol Upgrade I touched on the growing digital threats that have taken off as a result to the lack of security built into IPv4. And today I am going to expand on some specific threats.
A malware attack in its simplest form is a piece software designed to run on a computer or device with or without the computer owner knowing. Although the growth of malware has been substantial in the past few years it is known to have been a security issue since as early as 1982. Types of malware include spyware, key loggers, viruses, worms, adware, scareware, trojan horses or any type of malicious code that unintentionally runs on a computer. These programs can perform many different functions which include stealing, encrypting or deleting sensitive data, altering or highjacking core computing functions and monitoring users’ activity without their permission.
How does malware spread?
One of the problems with malware is that writing it is not a difficult task, and there are various ways that malware spreads through a system. One example is social networks. Third party software and applications can appear when browsing the internet and even when using a social networking site, you need to be careful not to give permissions to them to use your profile.
Pirated software is another example which spreads malicious code through a system. This is also an easy way for malware to be spread because these pirated software seems legitimate when you download them, but can damage your computer enormously.
Other ways in which malware can spread include e-mails, USB sticks, websites, outdated software, Local Area Networks, pop-ups and mobile devices.
Fake CV’s and invoices are by far the most popular place that malware is received. If a job is advertised; it is not difficult for a cybercriminal to send through a malicious attachment which can appear as an ordinary CV on an e-mail.
A Russian fraudster utilised a technique in 2005, sending a trojan to various addresses sourced via a job recruitment site. Many of the CV applicants went on to receive spoof job offers as a result of the trojan. The attack was aimed mainly at corporations as the criminal knew that staff receiving the trojan would likely hide this from their employer as the trojan attack was as a result of their job searching on company assets.
Signs of a malware infection
- Frequent crashes
- Running out of hard drive space
- Unfamiliar icons on your desktop
- Unusual error messages
- Unable to access the Control Panel
- Your friends receive strange messages from you
- Your security solution is disabled
- Programs and messages being generated automatically
- High network activity
- Your system slowing down
- Files disappearing
- File names changing or becoming inaccessible
Address spoofing is quite a simple threat but can be very effective if targeted at the correct people. Spoofing allows people to send e-mails/messages that look like they come from a legitimate source such as one of your suppliers or clients.
Address Spoofing is actually rather easy to do. All a person will need is an SMTP (Simple Mail Transfer Protocol) server and the suitable e-mail software to spoof an e-mail address. Most e-mail providers we use today have protection against the vast majority of these types of e-mails however the threat landscape is constantly changing and as a result some are still likely to make it through.
How do they get your e-mail?
One way your e-mail may end up being listed in an e-mail database is by you clicking a link in a phishing e-mail which leads to you unknowingly submitting your e-mail to the list. Another way your e-mail may end up on a spoofing list is sending forwards to a large group of people which exposes everyone involved e-mail address. All you need is for one of those receiving e-mail boxes to have a scraper in it which pulls all the e-mail addresses it can find and logs them for nefarious use. Another common method is through high profile data leaks such as those at Ashley Madison, Yahoo and Sony where a list of e-mail addresses may be generated from registered users and published online.
How to avoid malware through e-mails
- If there is a link in the e-mail, don’t click on it unless you are sure it is from a legitimate source, checking the e-mail domain can point towards fraudulent e-mails as they often have small variances from the real company.
- Do not download any attachments without being sure they are genuine.
- Do not download an attachment such as a CV or Invoice if you do not work in departments responsible for them.
- Read e-mail message headers and check domain names and IP addresses.
- Look for differences in the language you would usually expect. As an example ‘Resume’ instead of ‘CV’.
- Review the signature at the end of the e-mail
The main aim of a Reconnaissance attack is to ascertain information about a network including active targets, networking services that are running, operating system platform, trust relationships, file permissions and user account information. They can be active or passive and are used preliminarily to gain information about attacked systems as a step towards a further attack. Port scanning is a common technique to find active targets such as networking devices and user endpoints.
What do Reconnaissance Attacks aim to achieve?
Some objectives of these types of attacks is to discover information about a network which could then lead to a further attack, seeking information such as: file permissions, operating system platform, trust relationships and user account information.
How to avoid these attacks
Testing the network to see how much it would reveal in a reconnaissance attack. Penetration testing works by discovering vulnerabilities across a given solution within a controlled environment. The ultimate goal is the prevention of current and potential security issues that may affect networks, firewalls, operating systems and applications. The testing can also provide information on irresponsible end user behaviour as well as errors in system configuration.
Port Scanning Tools:
- Network Mapper (Nmap)
Other tools which can scan the vulnerability of a system help find where a network is vulnerable.
Vulnerability Scanning Tools:
- Microsoft Baseline Security Analyzer (MBSA)
- Security Adminstrator’s Integrated Network Tool (SAINT)
To find out more on DDoS (Distributed Denial of Service) Attacks you can also see our First Response Engineer Luke Germano’s take by reading The Dangers of DDoS Attacks and How to prevent them.
By Jordan Bradley-Stopps on October 20th, 2017