#Security & SIEM

The Top 6 Cyber Threats that Keep Businesses up at Night

By: Lauren Sirt
cyber threat

Few things put more fear into the hearts of IT departments than the thought of a massive cyber attack — and for good reason. In 2017, the average cost of security breaches for U.S. organizations was estimated at $3.5 million.

But it’s not all about the money. In addition to the financial burden caused by cyber attacks, the loss of client trust and credibility post-breach can be extremely difficult to bounce back from. After all, once your customers don’t trust you, the chance they will leave you for the competition becomes much more feasible. 

More on the subject:

Bad PR, malicious use of data, and product malfunctions are just some of the most detrimental effects of cyber attacks.

In our recent DevOps Pulse 2018 survey, which examined how DevOps teams are tackling issues pertaining to security and compliance, we asked over 1000 IT professionals which cyber threats they are most fearful of.

Here, is our countdown of the 7 most feared attacks and an explanation of why they send shivers up our spines. 

6. Man in the middle (MITM)

Man in the middle attacks are malicious schemes for retrieving personal information from internet users. In most scenarios, attackers look for poorly secured Wifi and scan the network for weak passwords. The attacker can then use various tools to access and read the user’s private data and information (such as bank account passwords, credit card numbers, health information, etc.). They will then insert tools on websites that the victim visits and gather more data and private information from the user. Ultimately, they will un-encrypt all of the victim’s encrypted information and use it for their own purposes.

Types of MITM attacks include IP spoofing, DNS spoofing, HTTPS spoofing, SSL hijacking, Email hijacking, Wifi eavesdropping, and stealing browser cookies.

Thankfully, you can avoid these types of attacks with a few basic best-practices:

  • Avoid connecting to public wifi, especially when the network is not secured
  • If you must connect to public wifi, use a VPN instead of directly connecting to the server
  • Make sure websites you visit are https rather than http
  • Always be suspicious of emails that come out of nowhere and ask you to confirm your password or other personal information. Instead of clicking on links within such emails, enter the address into your browser

5. SQL Injection Attacks (SQLi)

SQL is a common language for both open source and proprietary databases. Since such databases often contain valuable information, many cybercriminals are eager to get their hands on the data contained within them.  Hence, the existence of SQLi attacks. These attacks involve the manipulation of databases through the injection of malicious SQL statements. As a result of such attacks, cybercriminals can steal data, distort it, remove it, run strange code, or gain control of the database.

Prior to unleashing an SQLi attack, cybercriminals generally like to test the waters. So beware if you see unexpected values turn up, as it may be a sign that someone is searching for vulnerabilities.

Other ways to avoid SQLi attacks include:

  • Creating specific database credentials for each application.
  • Making a habit of testing your applications using both static and dynamic testing.
  • Escaping inputs prior to placing them into a query in order to resolve SQLi weaknesses in legacy systems.
  • Using parameterized queries. Such a strategy protects your database by outlining specific placeholders for parameters to ensure the database understands it as data rather than an SQL command.

4. Cross-Site Scripting (XSS)

Sometimes even sites we trust can be infected with unwanted malware. One example of this occurrence is through the Cross-site scripting (XSS). XSS involves the injection of malicious code or scripts onto pages on legitimate websites. Generally speaking, such incidents are usually performed using Javascript; however Flash, HTML, Ajax, and Java are also languages which have been attacked by perpetrators.

Once an attacker performs an XSS attack on a particular site, the site will then infect those that visit it by stealing cookies, impersonating the victim either on social media or more important sites (i.e. the bank), or by transmitting more malware.

In order to avoid such attacks, sites should escape user input by blocking specific characters to be executed as code. In order to accomplish this, certain symbols such as parentheses, brackets, and others that typically are used to begin and end particular actions within code are either not used or are edited to ensure the code cannot be executed. This secures the database by ensuring no malicious code can get through.

3. Malware

Spyware, worms, viruses, ransomware, botnets, adware and trojans are just some of the many cyber threats commonly placed into the category of malware. Each of these malicious pieces software can be embedded into websites, emails, social media and more to affect victims by breaking their systems, stealing private information, and more.

Viruses are a type of malware which destroys the victim’s files and causes them to not function properly. Spyware, on the other hand, watches its victims’ activities enabling it to steal passwords, credit card numbers, and other personal information. Taking it a step further, worms and botnets affect networks of machines to destroy or control other computers. Ransomware, which is one of the more infamous forms of malware, threaten victims by erasing files, shutting down computer access, or publicizing private information unless he or she pays a required fee.

In order to avoid becoming a victim of malware, take precautions when answering emails or clicking links that appear suspicious. In addition, it is also important to install anti-virus software and run it regularly in order to detect and remove potential cyber threats.

2. Phishing

Phishing scams are increasingly feared by both individuals and businesses alike–and for good reason. The ramifications of many phishing attacks have received public attention again and again. In fact, even the Hillary Clinton campaign was affected by a phishing attack in 2016.

But the real reason to fear phishing attacks is how easy they can be to fall for, especially to an untrained eye. These attacks use emails that seem to be from a trusted source such as the bank, colleague, or friend and includes a link for the victim to download. These types of attacks are incredibly sophisticated as they tend to use familiar addresses and names and make nearly identical copies of trusted websites.

Once a link is clicked or an item is downloaded, the cybercriminal is able to retrieve sensitive information from the victim or spread malware onto his or her computer. To prevent phishing attacks, apply these common best practices:

  • Avoid URL redirects which send you to unfamiliar websites
  • Check the URL of the sites you have been sent to and look out for misspellings as it could indicate that the site is not legitimate
  • When you receive a suspicious email from someone you are familiar with, do not reply in the email thread. Instead, create a new email message.
  • IT teams can also implement the sandboxing technique which allows them to check the legitimacy of the links their team is clicking on.
  • Educate your team (especially those in non-tech positions), and the above safety precautions on a regular basis.

1. DDoS (Denial of Service Attacks)

DDoS attacks are by far the most feared cyber threat according to the DevOps Pulse 2018. Because these attacks cause systems to be very slow or completely shut down, the fear is understandable. Needless to say, if your product is not functioning correctly, your users will become quite agitated.

These attacks are also extremely sophisticated, involving a group of compromised servers or machines that work together to overwhelm systems with requests in order to deny service to users. First, one system is attacked. Then, this system becomes the master, finding vulnerabilities in other systems and exploiting them to work under the master’s control and overwhelm the victim’s servers. Once the victim is overwhelmed with various requests, the server begins to malfunction, causing a denial of service.

Unfortunately, there is no clear-cut way to completely prevent DDoS attacks. However, there are ways to minimize the repercussions. Security professionals should regularly check for vulnerabilities which DDoS attackers typically take advantage of. Furthermore, implementing proactive monitoring, alerting, and patch management is also an important strategy for protecting against DDoS attacks.

Endnotes

Because cybercriminals are becoming increasingly advanced, it is important that we as business owners and IT experts step up to the plate and make security our number one priority.

As we have seen, it is no longer enough to make security an afterthought in our development pipeline. Instead, we must implement security testing, strategies, and best practices into our regular operations in order to combat the magnitude and variety of security threats coming our way.

You Might Also Like

Announcing Logz.io Open 360™: One Platform for Open Source ObservabilityAnnouncing Logz.io Open 360™: One Platform for Open Source Observability

Announcing Logz.io Open 360™: One Platform for Open Source Observability

Q&A with Daniel Seravalli, Lead Engineer at Holler: Nailing Observability at Scale Q&A with Daniel Seravalli, Lead Engineer at Holler: Nailing Observability at Scale 

Q&A with Daniel Seravalli, Lead Engineer at Holler: Nailing Observability at Scale 

OpenObservability Talks Third Year at a GlanceOpenObservability Talks Third Year at a Glance

OpenObservability Talks Third Year at a Glance

Get started for free

Completely free for 14 days, no strings attached.
Start Free Trial
Get a Demo