0

5 network security attacks to be wary of in 2014

Network security attacks between hackers and organisations in an arms race, one of which the hackers are currently on top of. As new techniques are adopted on a daily basis and skill sets become more sophisticated, organisations need to be aware of the kind of network security attacks that are undertaken by cyber criminals. In addition to the usual DDoS or phishing style attacks, cyber criminals are adopting new techniques to infect user machines or extract data. This article aims to look at some of the top network security attacks of 2014 and provides advice on what to look out for.

As attackers skill sets become more sophisticated, technology evolves and trends develop in the manner by which IT is adopted, attackers tailor their exploits accordingly. For example, in the 90’s the major attack route was through the Microsoft Excel macro, a virus that randomly injected capital O’s into workbooks, altering the integrity of spreadsheets by replacing numbers with text labels valued 0. This virus, stealthy in its method, resulted in backups of large data sets containing useless data. This example, now considered extremely low in its sophistication, was one of the first examples of an attack that had gone undetected for large periods of time, causing significant damage.

Today’s strains of malware and hacking are equally as innovative and cause just as much chaos. However, utilising the latest technology, trends in human behaviour and other factors – hackers are still able to get one foot ahead of the arms race that is network security. Here, we look at 7 network security attacks that are likely to be prevalent in 2014.

wireless_access_pointsNetwork Security Attack #1: Rogue wireless access points

Establishing fake wireless access points enables the hacker to utilise their device as a legitimate point of connection. This method relies on users searching for any open wireless access point and using this for the purposes of accessing the Internet. Cyber criminals would rely on this method by disguising the wireless access point as a legitimate point of access, for example Starbucks. The criminal would then leave the WAP open and allow users to connect to the Internet via it, effectively passing all traffic through their own device.

This method then allows attackers to sniff all unencrypted traffic passing through their device, including passwords, bank details or any other browsing activity that occurs. Software is easily obtainable for cyber criminals to disguise their systems as legitimate WAP, so this attack is neither complicated or expensive to implement.

The primary recommendation here is to always check the time of public wireless access points you are connecting to. You should be aware of the type of information you are sending over these insecure connections and should refrain from providing confidential information over these bearers. Unless the public WAP provides some form of encryption or authentication then chances are the browsing activity may be sent in the clear. The best advice here is to be aware of the WAP and your browsing activity.

cookie_stealingNetwork Security Attack #2: Cookie compromise

Cookies are an effective invention that allows states of users to be preserved when navigating the web. These are minimal text files that are presented to devices via websites and allow the site to track our visits, history and enable a better browsing experience all-round. However, with improved usability comes a further security risk.

If hackers are able to compromise these cookies they can essentially pretend to be us. This can stretch from anything to remembering history and preferences through to ability to authenticate to websites as us. Websites that utilise cookies to store credentials could mean that, when these cookies are stolen, they can be used to authenticate unauthorised users as legitimate users.

This attack is not new, it has been a legitimate attack path since the invention of the Internet. However, as technology has improved and users have automated the process further, it can be simply achieved via point and click methods. There are even plug ins for browsers that allow users to steal vulnerable cookies from other users! Tools such as Firesheep allow the names of cookies it has identified to be shown to the user and, with a simple point and click method, the cyber criminal can hijack the session of a legitimate user – along with any credentials!

This attack has received a lot of publicity over the years, the most infamous of which was the BEAST attack. This enabled hackers to steal SSL protected cookies almost out of the air. As the sophistication of tools and level of attacker increases, encryption methods may not even be a suitable mitigation for this type of attack. The best way, however, to prevent yourself from cookie theft is to ensure that the strongest encryption algorithms are utilised. In the current environment, this is TLS Version 1.2. You should also be aware, as an Internet browser, the type of websites you are visiting and the information that is being stored about you via cookies.

incorrect_file_nameNetwork Security Attack #3: Stealthy file names

Renaming of files has been a legitimate attack path since the beginning of time. Naming a file to something like “happy.jpg” or “love.doc” will never seem suspicious to many users – who will simply point, click and open without a second thought. In the modern day, however, users are relatively savvy and so file names such as this may not be as successful – however, the trick still works as it has done before.

Although as a tactic to install malware on victims machines, simple renaming of file names is no longer effective, the premise is. Sophisticated file naming tricks include using Unicode characters to alter file names and file types. For example, the use of Unicode character U+202E enables the attacker to display file name extensions incorrectly. Although the malicious file still remains malicious, it appears less suspicious to users.

As has always been with computers – you should never open up a file name or extension that you are unfamiliar with, even if it seems legitimate. Many anti-virus products may be able to pick up common viruses, however, zero-days do exist so the best form of protection is to review files manually. Ensure you are receiving files from a known location and user.

hosts_fileNetwork Security Attack #4: “Hosts” file – redirects

Domain Name System (DNS) is the backbone of the Internet and allows human readable addresses to be aligned with machine addresses, or IP addresses. DNS takes a web address in its raw format and enters this into its look up table to enable the web address to be referenced with an IP address. This process is performed both within the web browser, but firstly, locally on the machine.

The “hosts” file located on Windows machines within C:\Windows\System32\Drivers\Etc is the local text file that allows DNS lookup in the first instance. In short, your machine will check the hosts text file on your machine before it allows DNS to be performed in the browser. This process leaves this text file open to an obvious security risk, if compromised.

Malware writers are keen to utilise this form of attack as they are able to modify the hosts file to redirect users to whatever website they specify. The hosts text file will be adapted to include any site with a redirection address. If the malware alters this file, it can be very difficult to identify why your browser is continually redirecting you to malicious sites. The best advice for this scenario is to check your hosts file if you are continually being redirected to malicious websites.

removable_media_attack

Network Security Attack #5: Removable Media Attacks

Removable media has always been a difficult attack path to control, especially with regards to SCADA systems. Removable media, such as USB sticks, often bridges the gap between air gaps or allows malicious code to circumvent boundary controls established by organisations.

There have been multiple instances of when removable media has been utilised to carry a virus into a major organisation. New methods are becoming highly innovative and depend on the human factor error to be successful. For example, a major company were recently breached when USB sticks were delivered in the post as well as scattered in the organisations car park. Employees then took the USB sticks, loaded with malicious code, and instantly plugged them into network connected machines within the corporate environment. This method enabled the malicious code to spread throughout the network quickly and cost the company thousands in clean up costs.

Removable media attacks are becoming increasingly common and organisations need to ensure that appropriate controls are in place to mitigate this risk. End point security scanning software should be implemented on all network connected machines and it is highly recommended that a stand alone machine is used to scan removable media entering the organisation. This effectively works as a boundary control and can prevent any malicious code on removable media from entering the corporate environment. A removable media policy should be implemented to support this process.

Conclusion

As has been seen here, network based attacks are still heavily prevalent and many attacks focus on both technical and personal vulnerabilities. The techniques used by attackers do vary in strength and some are based on the original methods that have been around for decades. However, as techniques become more sophisticated organisations must keep up in the arms race and implement appropriate controls to defend themselves.

Filed in: Articles, News Tags: , , , , , ,

Get Updates

Share This Post

Related Posts

Leave a Reply

Submit Comment

© 2017 Cyber Security News. All rights reserved.