Your enterprise network is large and complex, and probably relies on numerous connected endpoints. While this is good for your business operations, and makes your workflow easier to maintain, it also presents a challenge for security. The trouble is that the flexibility of movement within your network means that if a malicious actor gains access to your network, they are free to move around and cause damage, often without your knowledge. These network security threats leave your organization highly exposed to a data breach.
Read on to learn what constitutes a network attack and what you can do to contain threats to your network security with a next-generation antivirus.
In this article:
A network attack is an attempt to gain unauthorized access to an organization’s network, with the objective of stealing data or perform other malicious activity. There are two main types of network attacks:
We distinguish network attacks from several other types of attacks:
In a network attack, attackers are focused on penetrating the corporate network perimeter and gaining access to internal systems. Very often, once inside attackers will combine other types of attacks, for example compromising an endpoint, spreading malware or exploiting a vulnerability in a system within the network.
Following are common threat vectors attackers can use to penetrate your network.
1. Unauthorized access
Unauthorized access refers to attackers accessing a network without receiving permission. Among the causes of unauthorized access attacks are weak passwords, lacking protection against social engineering, previously compromised accounts, and insider threats.
2. Distributed Denial of Service (DDoS) attacks
Attackers build botnets, large fleets of compromised devices, and use them to direct false traffic at your network or servers. DDoS can occur at the network level, for example by sending huge volumes of SYN/ACC packets which can overwhelm a server, or at the application level, for example by performing complex SQL queries that bring a database to its knees.
3. Man in the middle attacks
A man in the middle attack involves attackers intercepting traffic, either between your network and external sites or within your network. If communication protocols are not secured or attackers find a way to circumvent that security, they can steal data that is being transmitted, obtain user credentials and hijack their sessions.
4. Code and SQL injection attacks
Many websites accept user inputs and fail to validate and sanitize those inputs. Attackers can then fill out a form or make an API call, passing malicious code instead of the expected data values. The code is executed on the server and allows attackers to compromise it.
5. Privilege escalation
Once attackers penetrate your network, they can use privilege escalation to expand their reach. Horizontal privilege escalation involves attackers gaining access to additional, adjacent systems, and vertical escalation means attackers gain a higher level of privileges for the same systems.
6. Insider threats
A network is especially vulnerable to malicious insiders, who already have privileged access to organizational systems. Insider threats can be difficult to detect and protect against, because insiders do not need to penetrate the network in order to do harm. New technologies like User and Even Behavioral Analytics (UEBA) can help identify suspicious or anomalous behavior by internal users, which can help identify insider attacks.
Segregate Your Network
A basic part of avoiding network security threats is dividing a network into zones based on security requirements. This can be done using subnets within the same network, or by creating Virtual Local Area Networks (VLANs), each of which behaves like a complete separate network. Segmentation limits the potential impact of an attack to one zone, and requires attackers to take special measures to penetrate and gain access to other network zones.
Regulate Access to the Internet via Proxy Server
Do not allow network users to access the Internet unchecked. Pass all requests through a transparent proxy, and use it to control and monitor user behavior. Ensure that outbound connections are actually performed by a human and not a bot or other automated mechanism. Whitelist domains to ensure corporate users can only access websites you have explicitly approved.
Place Security Devices Correctly
Place a firewall at every junction of network zones, not just at the network edge. If you can’t deploy full-fledged firewalls everywhere, use the built-in firewall functionality of your switches and routers. Deploy anti-DDoS devices or cloud services at the network edge. Carefully consider where to place strategic devices like load balancers – if they are outside the Demilitarized Zone (DMZ), they won’t be protected by your network security apparatus.
Use Network Address Translation
Network Address Translation (NAT) lets you translate internal IP addresses into addresses accessible on public networks. You can use it to connect multiple computers to the Internet using a single IP address. This provides an extra layer of security, because any inbound or outgoing traffic has to go through a NAT device, and there are fewer IP addresses which makes it difficult for attackers to understand which host they are connecting to.
Monitor Network Traffic
Ensure you have complete visibility of incoming, outgoing and internal network traffic, with the ability to automatically detect threats, and understand their context and impact. Combine data from different security tools to get a clear picture of what is happening on the network, recognizing that many attacks span multiple IT systems, user accounts and threat vectors.
Achieving this level of visibility can be difficult with traditional security tools. Cynet 360 is an integrated security solution offering advanced network analytics, which continuously monitors network traffic, automatically detect malicious activity, and either respond to it automatically or pass context-rich information to security staff.
Use Deception Technology
No network protection measures are 100% successful, and attackers will eventually succeed in penetrating your network. Recognize this and place deception technology in place, which creates decoys across your network, tempting attackers to “attack” them, and letting you observe their plans and techniques. You can use decoys to detect threats in all stages of the attack lifecycle: data files, credentials and network connections.
Cynet 360 is an integrated security solution with built-in deception technology, which provides both off-the-shelf decoy files and the ability to create decoys to meet your specific security needs. , while taking into account your environment’s security needs.
Cynet 360 is a holistic security solution that protects against threats across the entire network. Cynet uses intelligent technologies to help detect network security threats, correlating data from endpoints, network analytics and behavioral analytics to present findings with near-zero false positives.
Cynet’s features include:
Learn more about the Cynet 360 security platform.
There’s a lot more to learn about network attacks. To continue your research, take a look at the rest of our blogs on this topic:
Zeus Malware: Variants, Methods and History
Zeus, also known as Zbot, is a malware package that uses a client/server model. Hackers use the Zeus malware to create massive botnets. The main purpose of Zeus is to help hackers gain unauthorized access to financial systems by stealing credentials, banking information and financial data. The breached data is then sent back to the attackers via the Zeus Command and Control (C&C) server.
Zeus has infected over 3 million computers in the USA, and has compromised major organizations like NASA and the Bank of America.
Learn more: Zeus Malware: Variants, Methods and History
Cobalt Strike: White Hat Hacker Powerhouse in the Wrong Hands
Cobalt Strike is a commercial penetration testing tool. This tool enables security testers access to a large variety of attack capabilities. You can use Cobalt Strike to execute spear-phishing and gain unauthorized access to systems. It can also simulate a variety of malware and other advanced threat tactics.
While Cobalt Strike is a legitimate tool used by ethical hackers, some cyber-criminals obtain the trial version and crack its software protection, or even obtain access to a commercial copy of the software.
FTCode Ransomware: Distribution, Anatomy and Protection
FTCode is a type of ransomware, designed to encrypt data and force victims to pay a ransom for a decryption key. The code is written in PowerShell, meaning that it can encrypt files on a Windows device without downloading any other components. FTCode loads its executable code only into memory, without saving it to disk, to prevent detection by antivirus. The FTCode ransomware is distributed via spam emails containing an infected Word template in Italian.
Mimikatz: World’s Most Dangerous Password-Stealing Platform
Mimikatz is an open-source tool initially developed by ethical hacker Benjamin Delpy, to demonstrate a flaw in Microsoft’s authentication protocols. .In other words, the tool steals passwords. It is deployed on Windows and enables users to extract Kerberos tickets and other authentication tokens from the machine. Some of the more important attacks facilitated by Mimikatz include Pass-the-Hash, Kerberos Golden Ticket, Pass the Key, and Pass-the-Ticket.
Understanding Privilege Escalation and 5 Common Attack Techniques
Privilege escalation is a common method for gaining unauthorized access to systems. Hackers start privilege escalation by finding vulnerable points in an organization’s defenses and gaining access to a system. Usually, the first point of penetration will not grant attackers with the necessary level of access or data. They will continue with privilege escalation to gain more permissions or obtain access to additional, more sensitive systems.
Lateral movement: Challenges, APT, and Automation
Lateral movement is an approach used by cyber-criminals to regularly transverse a network to access or damage valuable data or assets. Hackers use tools and methodologies to obtain privileges and access, which enable them move laterally between applications and devices in a network to isolate targets, map the system, and ultimately access high-value targets.
Unauthorized Access: 5 Best Practices to Avoid the Next Data Breach
Unauthorized access refers to individuals gaining access to a company’s networks, data, endpoints, devices, or applications, without permission. It is closely related to authentication, a procedure that verifies a user’s identity when they access a system. Broken, or misconfigured authentication mechanisms are the main cause of unauthorized access.
Advanced Persistent Threat (APT) Attacks
An Advanced Persistent Threat (APT) is an organized cyberattack by a group of skilled, sophisticated threat actors. Attackers plan their campaign carefully against strategic targets and carry it out over an extended period of time.
This article explains the concept of an APT and the five APT attack stages. It also shows examples of APTs, such as GhostNet.
Read more: Advanced Persistent Threat (APT) Attacks
Zero-Day Vulnerabilities, Exploits and Attacks: A Complete Glossary
A zero-day vulnerability is a software vulnerability that is discovered by attackers before the vendor has become aware of it. At that point, no patch exists, so attackers can easily exploit the vulnerability knowing that no defenses are in place. This makes zero-day vulnerabilities a severe security threat.
We have authored in-depth guides on several other security topics that can also be useful as you explore the world of network attacks.
EDR is a set of tools and practices that you can use to detect and respond to security attacks on your network. EDR defends endpoint devices, including workstations, smart devices, routers, and open ports.
See top articles in our endpoint security guide:
Endpoint security is a strategy designed to protect your network perimeter and the endpoints located on that perimeter.
See top articles in our endpoint security guide:
Advanced threat protection (ATP) is a set of solutions and practices you can use to detect and prevent advanced attacks or malware. Typically, ATP solutions include a combination of malware protection systems, network devices, endpoint agents, email gateways, and a centralized management dashboard.
See top articles in our advanced threat protection guide:
Incident response is a growing priority at organizations. Technology platforms are essential for making incident response efficient and effective. Incident response platforms help security teams quickly identify and investigate incidents, manage their work on a case until closure, and automate incident response tasks to provide a faster response.
See top articles in our incident response guide:
Incident response services can help you detect and respond to cyber-attacks. These services generally operate based on an incident response retainer that specifies a fixed monthly cost and a certain scope of security services.
See top articles in our incident response services guide: