Types of network attacks
Common threats targeting network and protection solutions.
Network security: definition
Network security threats refer to the risks and threats that can compromise the confidentiality, integrity, and availability of data and information across an organization’s network.
An attack can cause system downtime and block operations and business processes that lead to productivity loss and exposed confidential data.
Beyond the attack itself, an organization generally faces long-term consequences such as loss of business and customer trust, as well as reputational damage. The human, technical, and financial resources required to investigate the incident and recover and restore systems are non-negligeable – Forrester predicted that cybercrime is expected to cost $12 trillion in 2025.
In short, prevention is better than cure as network security helps business continuity and financial loss prevention. Failing to protect data can even have wider consequences when you consider the resulting fines and legal action.
Threats come from many sources: computers, servers, software applications, APIs, you name it. Protection against attackers involves a range of best practices and tools to control and improve workspace security that we’ll look at a little later.
These attacks can be malicious attempts to infiltrate an organization’s network, and they can be either:
- Passive, by monitoring or stealing information without compromising it
- Active, by compromising network equipment, servers, or workstations, and exfiltrating and/or altering data or disrupting activities.
Pro tip: some basics for your network security
Before going further into the types of attacks that can compromise network security, it’s important to bear in mind that network security vulnerabilities represent a major risk for the workspace.
Vulnerabilities that impact network security
A vulnerability can be exploited by attackers to gain unauthorized access, launch attacks, and propagate further into the organization’s network. As seen above, network segmentation is one best practice to prevent the fallout of an attack, since this segmentation helps limit attackers’ lateral movement on the information system once they’ve managed to infiltrate it.
Vulnerabilities can reside in the workstations or servers’ software, the network equipment, or in external devices. Shadow IT must also be taken into account, as personal devices or tools are generally less secure than information system endpoints.
More precisely, attack vectors can reside in outdated software, vulnerable exposed web services, weak password policies, wrong configuration settings (identity management tools, firewall, etc.), or insecure APIs, and can lead to Remote Code Execution (RCE) and SQL Injection attacks. They can also originate from users themselves via phishing and social engineering.
Any of these vulnerabilities represent an entry point for attackers to gain unauthorized access to data and systems. That’s why updates and patching are crucial to prevent exploitation of vulnerabilities by attackers and to minimize the attack surface.
Types of attacks that compromise network security
Different kinds of attacks can target a network, including malware (viruses, worms, trojans, spyware, etc.) that can be stored on a system to corrupt or steal data, infect devices, spy, disrupt operations, or eventually to demand a ransom. Malicious software can target workstations and servers.
They can be distributed via the exploitation of vulnerabilities, infected websites, phishing emails, USB devices, cracked software, and more.
They often form a platform for attackers to perform malicious actions and to move laterally in a compromised environment.
Let’s now dig into the various threats to network security.
Ransomware
Ransomware can target systems, networks, workstations, and servers. Attackers can infiltrate an organization’s network after stealing credentials to gain access to sensitive devices and data. The attackers can then attempt to steal data, make it inaccessible, threaten to leak it, or even destroy it unless the victim pays a ransom – or multiple ones.
- Tools for protection: awareness, strong passwords and Multi-Factor Authentication (MFA), network segmentation to limit attacker’s lateral movement on the network, firewalls to monitor traffic and block unauthorized access, and intrusion detection tools (such as EDR) based on behavioral analysis.
Phishing
Phishing is an initial access method using social engineering to encourage a user to open a file attached to an email or to click on a link that will install malware on their device. The door is wide open even though the user thinks they have performed a perfectly normal action: the attacker can then access credential or any sensitive information via lateral movement and privilege escalation. Phishing can be used as a first step for attackers to compromise a network, and can lead to advanced cybercrime, cyber-sabotage or Advanced Persistent Threat (APT) activities.
AI-generated emails and campaigns allow a greater number of victims to be reached with increasingly personalized messages, now using cloud services that give the impression of a legitimate message to bypass email filtering systems.
- Tools for protection: antivirus to detect and remove malware, strong passwords and Multi-Factor Authentication (MFA), email filtering solutions, training and awareness to identify suspicious emails.
Supply Chain attacks
Attackers can not only target an organization, but also its suppliers. Thay can identify and exploit vulnerabilities in third-party services to access an organization’s network.
An organization must not only ensure the security of its own network but also ensure that their suppliers deploy the appropriate measures and detection and remediation tools.
- Tools for protection: suppliers compliance tracking and external solutions monitoring, intrusion detection tools based on behavioral analysis such as EDR.
Distributed Denial of Service (DDoS) attacks
DDoS attacks consist of making network services unavailable by overwhelming systems with excessive traffic or connection requests.
They can target bandwidth, server processing capacity, or application layer resources. DDoS attacks generally rely on botnets to pool the bandwidth capacity of thousands (or up to millions) of individually compromised computers and saturate the target organizations’ network.
- Tools for protection: anti-DDoS (ideally set up at the network’s edge), load balancers, network traffic monitoring tools such as firewalls to detect any suspicious amount of traffic or requests.
Man-in-the-Middle attacks
A Man-in-the-Middle (MITM) is a very broad type of attack that can be used to steal data or credentials stealthily. Attackers can intercept victims’ data by controlling and altering their network communications.
By placing themselves “in the middle”, attackers can act as the target service, luring users into a sense of security. Their exploits can take place through compromise routers or public Wi-Fi networks with the help of packet sniffers, they can redirect traffic towards their own systems, or dynamically catch authentication attempts and hijack user sessions.
- Tools for protection: VPN, data encryption, up to date security and encryption protocols.
Insider threats
Threats can also come from the inside! Employees or contractors can use their access to the information system to compromise security.
Whether intentionally (data theft) or by mistake (clicking on a malicious link or file in a phishing email), sensitive information can be exposed or stolen. Since these threats come from within the organization, they are particularly difficult to detect using security tools. A Zero Trust method – or at least, “Zero Trust mindset” – will help to protect the network from such incidents.
- Tools for protection: awareness and employee training, network segmentation and monitoring, hardened access control policies and Privileged Access Management (PAM) tool, external device control feature, and behavioral endpoint detection (EDR).
Cryptojacking
Cryptojacking involves exploiting a computer system to mine cryptocurrencies, often via websites, against the user’s will or without their knowledge.
Once an attacker has infiltrated a network for cryptojacking, they can move laterally to expand their attack. Even if attackers “only” deploy cryptomining software, nothing is stopping them from pivoting and carrying out other actions in the future!
For this reason, it is important to equip yourself against this type of attack.
- Tools for protection: EDR, network segmentation to avoid lateral movement, software hardening to prevent the installation of unknown or untrusted applications.
Protect your network with the appropriate tools
Each cybersecurity tool and action represents a layer of a multi-faceted strategy to protect against cyber threats. Beyond tools, IT hygiene rules are essential for effective cyber protection, particularly through strict security policies, appropriate software configurations, and hardening.
Keep in mind that no tool is able to detect all possible kinds of attacks: firewalls can’t detect zero-day vulnerabilities or phishing attempts; antivirus are based on signature detection and can’t detect unknown malware or suspicious behaviors; and data stored in the cloud is not inherently protected from breaches.
That’s why it’s important to know exactly which tool protects from which threat for an effective cybersecurity shield and full visibility over the information system.
HarfangLab’s platform includes solutions to ensure complete protection of your information system, from Attack Surface Management to threat remediation, including vulnerabilities and Shadow IT management, EPP, and EDR.
And this platform-oriented approach is an excellent way to address the challenges faced by all stakeholders, including CISOs, CEOs, and CIOs, to ensure service continuity, avoid financial losses, and maintain the trust of customers and users!