Network security threats and vulnerabilities
Network security protects the boundary between external and internal networks, keeping sensitive data and vital applications safe from unauthorized outsiders. Robust network security infrastructure is essential for any company's security posture. But to create a functional security setup, it's vital to understand why networks are vulnerable and the many threats they face.
What is a network security threat?
Network security vulnerabilities are weak points in physical devices or software which present an opportunity for cyber attackers. Weaknesses could range from poor server surveillance and physical protection to inadequate operating system and antivirus updates.
Network security threats are specific attack methods that exploit those vulnerabilities. There are multiple ways to launch such attacks. All of them should be part of network security policies.
The major types of network security threats
Malware, or malicious software, is software designed to damage target systems. Around 30% of computers in the USA are thought to be infected with malware, so the problem is significant.
Most malware attacks result from zero-day exploits and unpatched applications or operating systems. But phishing, man-in-the-middle, or insecure file sharing can also be to blame.
Malware is an umbrella term for several sub-varieties of cyber threats, and can have various effects. Some versions cause system slowdown. Others freeze systems, while some malware facilitates data exfiltration.
Keyloggers log the keystrokes of infected devices. Generally created to steal login credentials and personal information, they usually spread via email attachments or downloadable files on malicious websites.
Some keyloggers also take regular screenshots or hijack the device's camera. In that case, virtual meetings can be compromised, along with other sensitive information.
Keyloggers can be superficially resident and easy to diagnose but can also be installed via rootkits deep inside a device at the kernel level. Deeper-rooted keyloggers are uncommon but most concerning. Simpler versions tend to be vulnerable to standard anti-malware scanners.
Trojans take their name from the "Trojan Horse" which enabled ancient Greek soldiers to conquer Troy while the residents slept.
Trojan agents are engineered to appear legitimate, just like the horse. Trojan victims download apps as usual. When opened, infected apps automatically seed malware, leading to various worrying consequences.
For instance, banking Trojans harvest financial login details. Backdoor Trojans create routes for attackers to steal information from devices. Mailfinders scan for email contact details, while downloaders constantly download and seed new forms of malware.
The encouraging news about Trojans is that they cannot replicate autonomously. Additionally, if malware scanners find them, they can usually neutralize them quickly.
Ransomware holds users to ransom, freezing devices or apps and demanding a specific action before restoring system functionality. The ransom tends to involve payment in standard currency or crypto-currency.
The cost of ransomware can be crippling. Downtime due to ransomware attacks cost US businesses $159 billion in 2021, with payment demands averaging $7.9 billion.
Payment is also no guarantee that attackers will restore app or data access. 24% of organizations that chose to pay attackers did not recover their data.
As with other malware varieties, ransomware spreads via emails, infected websites, and app downloads.
Adware forces victims to see pop-up ads whether they want to or not. Relatively harmless compared to other threats, Adware can still be a considerable drain on system resources and a sign that systems are insecure.
Unlike ransomware, spyware leaves few traces. It keeps a low profile, hiding from anti-malware scanners while gathering potentially useful information.
This information could include device profiles, location data, keystrokes, emails, camera images, contacts, or financial data. Sometimes, information gathered feeds back to adware networks, determining which pop-ups appear. In others, data feeds straight to criminals for sale on the Dark Web or use in phishing attacks.
6. Logic bombs
Logic bombs trigger at a specific time or when a target has been met. This target could be something completely arbitrary such as sending 500 emails. Or it could be targeted at business operations.
When the trigger point arrives, the logic bomb "explodes". The result could be the release of a worm or virus, with unpredictable consequences.
Pharming implants software on target devices to exploit DNS protocol vulnerabilities. Attackers can then automatically redirect targeted web users to fake websites or downloads.
Pharming can also directly target unsecured DNS servers – redirecting network users to unsafe destinations.
Viruses are similar to malware, but with one difference: they are created specifically to propagate and spread as widely as possible.
Viruses are the most common form of digital threat and can spread in numerous ways. Infected emails, messaging services, website downloads, and even infected USB sticks are all potential vectors.
Most computer viruses require a host file to spread. Unfortunately, this commonly targets popular formats like .doc, .exe, or .xml files – all formats that can appear legitimate when disguised by skilled attackers.
Worms are similar to computer viruses but do not require a host file to replicate themselves. They can often infiltrate devices without being detected, and when worms infest networks, they are difficult to remove.
Worms generally also spread more quickly than viruses. For instance, they may be designed to exploit a specific security vulnerability in a Windows release. In that case, the worm could replicate automatically from system to system if that vulnerability is present.
Botnets are groups of devices infected with malicious agents. These devices are linked together, allowing attackers to control them remotely. Affected devices may not show any noticeable changes. But when used in tandem, thousands of bots can cause havoc on internal networks and the wider internet.
Most importantly, botnets are responsible for crippling Distributed Denial of Service (DDoS) attacks. Controllers often sell their services to attackers via DDoS-for-hire websites. These criminals then mount DDoS attacks, flooding targeted websites with data and potentially destroying their ability to function.
Botnets are closely associated with IoT devices that are often poorly configured, leaving them wide open for attackers.
Phishing and social engineering
Phishing involves sending fraudulent emails that persuade recipients to click on embedded links or file attachments. When recipients click them, these links redirect to malicious content. This content could be anything from malware downloads to fake eCommerce portals.
The results are almost always dangerous for targeted organizations, with the average cost of phishing incidents amounting to $14.8 million per company.
Phishing is a flexible attack method with multiple strategies. Common varieties include:
1. Spear phishing
Phishers create detailed profiles of targets via malware or surveillance and use this information to write emails tailored to that individual.
Attackers target high-level executives with broad security clearances and valuable contact information.
Vishing is a mixture of email phishing and voice contact. Attackers may use hacked Voice-over-IP tools to imitate legitimate contacts, persuading targets to hand over sensitive information.
Attackers use SMS messages to send phishing attacks. Attackers closely copy trusted sources and employ carefully chosen urgent language to make targets click embedded links.
The oldest phishing technique around. Spamming involves sending large amounts of mail with a low success rate but high value when targets respond.
SQL injection attacks
In SQL injection attacks, criminals target poorly configured search boxes on otherwise legitimate websites. By entering malicious code, attackers can harvest information entered into those search fields, providing valuable data for social engineering assaults.
Physical sabotage and surveillance
Network security strategies also need to take into account physical threats. For instance, attackers could employ "shoulder-surfing" techniques, looking over the shoulder of employees in public wifi locations to glean valuable information.
There have also been examples of tailgating, where attackers gain access to offices and server hubs by following credentialed staff through security gates. Dumpster diving to obtain personal information is even a possibility.
Any information could be valuable to phishers mounting social engineering attacks. Companies should shred documents and use professional waste management partners to minimize the risk of data breaches.
MITM attacks occur when attackers hijack connections between network devices or between a network and external devices. By doing so, attackers can eavesdrop on traffic, extracting data transfers and information that can be used in social engineering attacks or sold to third-parties.
While they are commonly associated with remote working, MITM attacks can occur in any situation where devices interact via log-in portals. This makes secure Single Sign On (SSO) systems and network encryption essential.
The list of network threats above is highly simplified. In reality, many network security threats involve multiple attack methods to achieve their aims.
For example, the WannaCry network attacks in 2017 exploited a known vulnerability, ransomware demanding payment, and a worm that sought the same exploit on connected systems. This method infected 10,000 devices per hour at peak activity – showing how rapidly global threats can emerge.
How to identify network security vulnerabilities
1. Update software as quickly as possible
Zero-day exploits target software vulnerabilities in commonly used operating systems and apps, posing an immediate threat to users. The only way to safeguard your network assets against exploits is by regularly patching software when updates become available.
Pay attention to End of Life dates. For instance, Windows 7 stopped receiving updates in January 2020, leaving users unprotected. And make sure employees are aware of the need to source updates from trusted websites.
2. Ensure complete network visibility
Network visibility allows security teams to track user behavior, picking up evidence of insider network threats and external infiltration before it becomes a critical danger.
Map every device connected to the network, including remote work laptops, smartphones, and IoT devices. And put in place monitoring systems to ensure that only privileged users have access to sensitive data or apps.
3. Secure your perimeter
Install perimeter protections like firewalls, Virtual Private Network (VPN) encryption, and access management systems such as Multi-Factor Authentication (MFA) or secure passwords.
With a secure network edge, you can be confident that any unusual traffic or user behavior is the product of malicious threats. Edge protection also prevents access for many attackers, providing a robust first line of defense.
4. Create deep security protection with Software Defined Perimeter (SDP) tools
Many network perimeters now reach deep into the Cloud. Remote working also constantly changes the threat surface, making traditional perimeter network security less effective.
Cloud-adapted network security tools like SDP create encrypted bubbles around every user, following them as they use third-party software, on-premises servers, and remote devices. Users can only access resources according to strict permission settings, and network segmentation means that lateral movement across the network is tightly limited.
SDP provides protection but also makes detecting threats to Cloud infrastructure easier. Security teams can monitor users closely, and any attempts to breach security policies will appear immediately.
5. Focus on physical network security
Companies need policies to detect and neutralize physical threats to network infrastructure and data. Security measures could include surveillance cameras and sensors to protect servers, alongside access management tools like biometric or card scanning.
6. Use antivirus and anti-malware tools
Security teams should equip all network devices with tools to scan for viruses and malware. Security policies should include an authorized set of tools for users to install. These tools should be capable of detecting threats, and staff training should cover how to use them effectively.
7. Train staff to be vigilant
The human side of threat detection is also critical. Staff must be aware of the dangers posed by phishing and social engineering. They should know how to use email safely, and avoid dangerous remote working practices such as using unsecured public wifi or improperly secured mobile devices.
Employees can flag potential phishing strategies or holes in network security, and a well-trained, knowledgeable workforce is a strong guarantee against insider threats.
8. Actively detect DDoS attacks
DDoS attacks are relatively simple to detect via packet monitoring software tools. Track DNS Request, DNS Response, Transmission Control Protocol Synchronize (TCP-SYN), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP) packets. Sudden spikes in any packet variant should alert security teams to potential attacks.
Understand network security threats and minimize vulnerabilities
Every network is vulnerable to cyberattacks and insider threats. A single poorly configured device can bring poorly designed networks down, while the stolen credentials of a single employee can be used to extract millions of dollars worth of data. That's why network security is absolutely crucial.
Take action to plug network vulnerabilities and counter malware, phishing, viruses, and physical network threats. Investment in prevention always outweighs the cost of failure.