Posts

Drive-by Downloads

/in ,

This post is part of our Cyber Threat Series.

The Challenge:

Drive-by downloads are exploit kits that download invisibly from infected websites. These websites may be malicious sites built for malware distribution or trusted sites infected by hackers. Many of these attacks take advantage of weaknesses in popular software and tools, including video players, Java, and Adobe Reader.

Downloads may install and run other malware or may themselves be malicious. Many drive-by downloads install cryptoware, or ransomware, that encrypts files and holds them for ransom.

What to Do:

User education and web protection are the best protection from drive-by downloads. Cyber-aware users understand the risks and can avoid malicious links and sites. Web protection can prevent unexpected downloads and malicious behavior from reaching your systems and users.

DNS protection and secure DNS services provide additional protection by preventing impersonation, hijacking, and domain level attacks.

 

Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.

 

Brute Force Attacks: What are They and How to Protect Against Them

/in ,

What is a brute-force attack?

A brute-force attack is a method used by cybercriminals to crack passwords or encryption by trying all possible combinations of characters until the correct one is found. It involves using automated software that systematically tries different combinations of characters until the password or encryption key is discovered. Brute-force attacks can be successful if the password is weak or if the encryption key is short. They can also be time-consuming and resource-intensive for the attacker if the password or encryption key is long and complex. To prevent brute-force attacks, it’s important to use strong passwords, enable multi-factor authentication, and use encryption methods that are difficult to crack.

This post is part of our Cyber Threat Series.

The Challenge:

Hackers use Brute Force Attacks to target a single service exposed to the Internet, including Remote Desktop, Outlook Web Access, and email services. Brute Force Attacks gain access by trying every viable access method or password.

Hackers use these attacks to access your data or to install other malware within your systems. Patient hackers space out attempts; they are difficult to notice or detect. When hackers rush, the impact can be similar to a DDOS attack.

Hackers can launch Brute Force Attacks externally or from malware-infected systems on your network. Internal attacks often target specific systems and vulnerabilities, such as SQL Server and SQL Injection vulnerabilities.

How to prevent brute force attacks

Require robust passwords; they are your first protection from Brute Force Attacks. Put controls in place to enforce best-practice password structure and expiring passwords can thwart an attack.

Deploy Multi-Factor Authentication. MFA creates and additional level of protection since a compromised password is not sufficient for access.

To protect against internal attacks, ensure systems run current operating system versions. Keep all systems current with patches and updates.

Revisit the four pillars of cloud security, and make sure you fully understand the most important strategies for protecting from brute force attacks.

Deploy “Next Gen” protections to keep Brute Force Attack malware from making it onto your servers and clients:

  • Advanced threat protection (ATP) for email
  • Endpoint and mobile device protection
  • DNS security and protection
  • Web protection and filtering

FAQs

How common are brute force attacks?

Brute force attacks are one of the most common types of cyberattacks and are used by attackers to gain unauthorized access to user accounts, servers, or other systems. The frequency of brute force attacks depends on various factors, including the target system’s popularity, the type of authentication mechanism used, and the complexity of the password or encryption key. For example, systems that use weak passwords or no multi-factor authentication are more vulnerable to brute force attacks. According to a recent report by Akamai, brute force attacks accounted for more than 30% of all login attempts on web applications in 2020. As such, it is essential to implement robust data protection and security measures to prevent brute force attacks and protect sensitive data from unauthorized access.

What are the two types of brute force attacks

The two types of brute force attacks are:

  1. Online brute force attack: In this type of attack, the attacker tries to guess the password or encryption key by repeatedly attempting to log in or decrypt data using different combinations of characters. Online brute force attacks are typically carried out against web applications or online services and are often automated.
  2. Offline brute force attack: In this type of attack, the attacker obtains a copy of the encrypted data or password hashes and attempts to crack them offline by running automated software that tries different combinations of characters until the correct password or encryption key is found. Offline brute force attacks are more time-consuming than online attacks, but they can be more successful as the attacker has more time to try different combinations of characters.

What are the signs of a brute force attack?

Here are some signs that your system may be experiencing a brute force attack:

  1. Multiple failed login attempts: If you notice multiple failed login attempts from the same IP address, it could be a sign of a brute force attack. The attacker may be trying different combinations of usernames and passwords to gain access to your system.
  2. Unusual account activity: If you notice unusual activity on a user account, such as logins from different locations or at odd hours, it could be a sign of a successful brute force attack.
  3. Slow system performance: A brute force attack can cause a system to slow down or crash due to the high volume of login attempts.
  4. Unusual network traffic: A brute force attack can generate a large amount of network traffic, which can be detected by monitoring network activity.
  5. Brute force attack tools: If you find tools used for brute force attacks on your system, such as password cracking software or script files, it could be a sign that your system has already been compromised.

If you suspect that your system is being targeted by a brute force attack, it’s important to take action immediately to prevent further damage and protect your sensitive data.

Contact us to discuss cyber threat protection best practices, and ensure you are set up properly to avoid a brute force attack in the future. The Cloud Advisory session is complimentary and without obligation.

 

The Email and Web Browser Protections You Need

/in

A decade ago, the big problem with email was SPAM.  Unwanted messages pushing “healthy pills” and cell phone deals inundated our mailboxes and clogged our Internet connections.  At times, over 90% of all email traffic reaching our local servers was unwanted junk. We fought back and, for a long time, won the battle with updated email and web browser protections. With tools like Postini (purchased by Google and part of Gmail since 2008), we were able to block spam and email viruses “in the cloud” before they reached our email servers and services. And while spammers became more sophisticated, our data protection and security technologies were able to keep up.

Over the past years, however, we have clearly lost ground. It feels like we are back to square one.

Spam and malware attacks via email are on the rise. This time around, the consequences can be disastrous. Blocking unwanted emails about supplements is still needed, but cryptolocker, ransomware, and destructive malware can destroy your data and your business.

How did we get here and what can you do to implement modern email and web browser protections

5 things that happened to email and web browser protections

We see a convergence of several factors leading to the increase in successful malware attacks.

1. The IT Industry Became Complacent

Antivirus and email security vendors wrongly assumed that their existing models of protection were capable of keeping up with new types of threats.  For nearly a decade, this assumption held true. Cyber-criminals study and understand how to exploit weaknesses in our existing protections; they build malware that goes undetected by our traditional methods of discovery. Our industry was slow to recognize that systemic changes were needed to stay on top, and ahead, of the game.

2. We Face New Threats

To stay ahead of anti-virus protections, malware has grown up. A new class of malware, known as Advanced Persistent Threats, exists. On average, APTs sit on systems and networks for more than 4 months before activating. During this time, they periodically test the system security and protections. They learn how to act to avoid detection. While our legacy protections are watching the doors and windows, the threat is hiding under the bed.

3. Humans Deliver the Goods

Cyber-criminals have learned that human nature is easier to exploit than technology. They now send us messages and present web pages that look and feel valid. We are willing but unknowing accomplices when click links and install malware on our systems from fake emails and web sites. The human instincts to help and trust readily betray us when we are not careful.

4. We Assume our Vendors do the Work

Both Microsoft and Google tell our customers that their email and other information in the cloud gets backed up. What they do say is that these backups are to maintain service reliability and not to protect us from damage or loss due to application or human error. We hear “data backup” and we assume our protection is greater than the reality. This assumption holds true when we are told about built-in protections against cyber-threats.

5. We focus on Cost not Value

Cloud computing drives down cost perception faster than it drives down cost. Major cloud players wage periodic price wars. Cloud services like Microsoft Office 365 and G Suite continually add new capabilities without increasing prices. We do not expect, and do not want, to pay for extras. You are as likely to fall victim to ransomware from a corrupt or hacked web site than by clicking on an email attachment. While nearly all of our customers protect email, fewer than 5% protect web traffic. Web protection is added cost that does not appear to have value until after the cyber attack.

Good News: We have new solutions for email and web browser protection

While we have created a bit of a mess, we do have options. Innovative vendors have built new solutions that affordable confront and address the new wave of threats. Using the power of cloud infrastructure, some vendors have radically improved their solutions while others have taken a step back and built new, strategic solutions. To protect your business, you need to protect your email service and your web browsing.

  • Web protection should scan and analyze all web traffic, intended (page you click) and unintended (the auto-start video stream, cookie update, etc.) for all web traffic from any device you use.
  • Email protection should pre-screen (open and validate) links and attachments in a sandbox (safe environment) before allowing messages to reach your inbox.

The solutions are affordable, are easy to manage, and can be up and running in no time. A dollar of cost can protect against thousands of dollars loss.

For more information, or a free assessment and set of recommendations for your business, contact us today.