21 August 2023  —  Acronis

Modern cybersecurity threats: All you need to know

Acronis
Acronis Cyber Protect Cloud
for Service Providers

Organizations of all sizes can fall victim to modern cyber threats. A malicious actor can have various motives to carry out an attack - the most common is financial gain. Depending on the company's disaster recovery policy, a cyber attack can significantly affect business continuity, revenue flow, and customer trust.

Tracking and studying evolving cyber threats is critical to a better cybersecurity strategy. This article will discuss the most common types of cyber threats, threat actors' techniques to infiltrate company networks, and best practices to enhance company defenses.

What are cyber threats?

Cyber threats refer to any potentially malicious attack that aims to gain unauthorized access to a network to steal sensitive data, disrupt business operations, or damage critical infrastructure and information.

Cyber threats can originate from numerous actors - hackers, hacktivists, hostile nation-states, corporate spies, criminal organizations, terrorist groups, or disgruntled insiders.

A cyber attacker can use an employee's or a company's sensitive data to gain access to financial accounts or delete, corrupt, or steal data for personal gain. If unattended, cyber threats can corrupt the company's computer network, halt business processes, and cause indefinite downtime.

Types of cyber-attacks

Cyber-security threats can come in many forms. This is why studying potential cyber dangers and preparing to combat them is crucial.

Malware attacks

Malware (short for "malicious software) is specifically designed software to inject malicious code into a target device or network and enable further harmful actions, such as corrupting sensitive data or overtaking a system.

Ransomware attacks

Ransomware attacks are a type of malware attack that blocks access to computer systems or data until a ransom is paid. Such attacks are usually unleashed by downloading malware onto the target system. Some attacks aim to steal data before encrypting the target system, which would classify them as data breaches.

Acronis

Phishing attacks

Phishing attacks are ill-intended emails, phone calls, text messages, or websites designed to trick users into downloading malware (drive-by download attack), sharing sensitive information or personally identifiable data (Social Security numbers, credit card info, login credentials), or enticing other actions that expose the victims or their company to cyber threats.

A successful phishing attack can lead to identity theft, ransomware attacks, data breaches, credit card fraud, and financial losses for the organization.

The five most common types of phishing attacks are email phishing, Spear phishing, SMiShing, Whaling, and Angler phishing.

Advanced Persistent Threats

An advanced persistent threat (APT) is an increasingly sophisticated cyber-attack in which cybercriminals establish an undetected presence in a system or network to steal information over a prolonged period. APT attacks are meticulously planned and designed to target a specific organization, bypass existing security means, and remain unnoticed for as long as possible.

APT attacks typically require more comprehensive customization than traditional cyber attacks. Attackers are usually experienced teams of cyber-criminals with significant funding to go after high-value targets. To exploit vulnerabilities within the target system, they've invested considerable time and effort in researching all potential entry points within the organization.

The four general reasons for APTs are cyber espionage (including state secrets or intellectual property theft), hacktivism, eCrime for financial gain, and data and infrastructure destruction.

Social Engineering Attacks

Social engineering attack aims to trick users into doing something by playing on their emotions and decision-making process. Most social engineering attacks typically involve a form of psychological manipulation to fool unsuspecting employees into handing over sensitive information. Usually, social engineering uses email, social media, or other communication channels to invoke urgency or fear in the user so the victim would reveal critical data, click on a malicious link, or execute malicious code in some form.

Domain Name System (DNS) attack

Domain Name System (DNS) attacks occur when cyber-criminals exploit vulnerabilities in the DNS of a server. The purpose of DNS is to use a DNS resolver to translate user-friendly domain names into IP addresses readable by a machine.

First, the DNS resolver will query its local cache for the domain name and IP address. If it fails to locate the required records, it will query other DNS servers. If that step of the process also fails, the resolver will look for the DNS server containing the canonical mapping of the domain. Once the resolver locates the specific IP address, it will return it to the requesting program and cache it for future use.

DNS attacks typically leverage the plaintext communication between users and DNS servers. Another common attack type is logging in to a DNS provider's website via stolen credentials and redirecting DNS records.

Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks

A Denial-of-Service (DoS) attack aims to shut down a machine, system, or network, turning it inaccessible to its intended users. DoS attacks flood the target with traffic or send specifically designed information sets to trigger a crash. Both scenarios will block access to legitimate users of the resource or service.

Even though DoS attacks don't usually involve data theft or loss, they can cost a company significant time and money to restore systems to their original state.

A Distributed Denial-of-Service (DDoS) attack follows a similar pattern to DoS attacks. However, a DDoS attack will utilize multiple compromised systems to deliver attack traffic. Exploitable machines can be computers, IoT devices, or other network resources.

Intellectual Property Theft

Intellectual Property (IP) theft refers to the unauthorized exploitation or theft of ideas, creative works, trade secrets, and other confidential information protected under IP laws. IP theft can comprise various sensitive information violations, including trademark, copyright, and patent infringement.

IP theft can affect individuals, SMBs, and global business leaders and threaten national security. IP theft can undermine economic growth and innovation, making IP network security a must for organizations of all sizes.

What are data breaches?

A data breach refers to a security incident in which unauthorized parties gain control over sensitive or confidential information - personal data, such as Social Security numbers, bank account details, healthcare data, or corporate assets - customer data records, financial info, intellectual property, etc.

"Data breaches" are often used interchangeably with "cyber attacks". However, not all data breaches are cyber attacks, and not all cyber attacks are data breaches. An attack can be considered a "breach" when it leads to the compromise of data confidentiality. For example, a DDoS attack that crashes network traffic is not considered a "breach". On the other hand, computer viruses that aim to steal or destroy data on the company network are a "breach". The same applies to the physical theft of storage media drives - external HDDs, USB drives, and even paper files containing essential information.

How do attackers gain access to computer networks?

Numerous exploits can enable cyber attacks on a company network. Below, we will discuss the most common approaches cyber attackers use to penetrate system defenses.

Man-in-the-middle (MiTM) attacks

A man-in-the-middle (MiTM) refers to attacks in which threat actors secretly intercept and relay messages between two authorized parties to make them believe they're communicating directly with each other. The attack can be categorized as "eavesdropping", in which the attackers intercept and control the entire conversation.

MiTM attacks give the malicious actor the ability to capture and manipulate sensitive personal information - login credentials, credit card numbers, and account details - in real-time and, thus, pose a significant threat to company networks.

Third-Party Vulnerabilities (Vendors, Contractors, Partners)

Third-party vulnerabilities can be brought onto an organization's ecosystem or supply chain by external parties. Such parties can include suppliers, vendors, contractors, partners, or service providers, who can access internal company or customer data, processes, systems, or other critical infrastructure data.

Structured Query Language (SQL) injection

SQL injection (SQLi) is a vulnerability allowing attackers to interfere with an application's queries to its database. Typically, such attacks will enable the threat actor to view confidential data - user accounts data or other sensitive info the app can access. In most cases, attackers can modify, corrupt, or delete said data and cause persistent changes to the app's behavior or content.

In some scenarios, attackers can escalate an SQL injection attack to compromise the target server or other key infrastructure or perform a DoS attack.

Accidental actions of authorized users

Sometimes, employees can invoke insider threats without realizing it. Accidental actions that can lead to a data breach include:

  • Mistyping an email address and accidentally sending critical business data to a competitor.
  • Opening attachments in phishing emails that contain a virus or malware.
  • Unknowingly clicking on a malicious hyperlink.
  • Improperly disposing of sensitive documents.

Unpatched Software

Unpatched software contains known vulnerabilities that allow attackers to exploit the weaknesses and deploy malicious code to the system. Attackers often probe into company software to look for unpatched systems and attack them directly or indirectly.

Zero-Day Exploits

A zero-day vulnerability is a software vulnerability discovered by malicious actors before the software vendor has become aware of it. Because the developers don't know about the vulnerability, they haven't issued a patch to fix it.

A zero-day exploit leverages such vulnerabilities to attack systems with previously identified weaknesses. A successful zero-day attack leaves vendors and companies with "0 days" to react, hence the attack's name. Such attacks can wreak havoc on a target system until the vulnerability is remediated.

Generative AI

Attackers can use machine-learning (ML) methods - generative adversarial networks, reinforcement learning, etc. - to create new, highly sophisticated cyber threats that can break through traditional cyber defenses more easily.

Via generative AI tools (e.g., ChatGPT), cybercriminals can build better, more sophisticated malicious code, write AI-powered, personalized phishing emails, generate deep fake data, sabotage ML in cyber threat detection, crack CAPTCHAs, and enable efficient password guessing and brute-force attacks.

Supply Chain Attacks

Supply chain attacks occur when attackers use an outside provider with access to target systems or data to infiltrate critical infrastructure. Because the outside party has been granted access to company apps, sensitive data, and networks, attackers can breach the third party's defenses to infiltrate the system more easily.

Sensitive data manipulation

Data manipulation is a next-gen cyber threat. Instead of brutely bypassing anti-virus software, attackers make subtle, stealth tweaks to the target data for some effect or gain. Some threat actors may decide to manipulate data to intentionally trigger events and capitalize on them. The more sophisticated the fraud, the greater the chance is for the manipulation to compromise data integrity.

What are Examples of Cyber Threats?

Let's examine two examples of cybersecurity threats that turned into full-blown attacks.

IoT (Internet of Things) attacks - the Verkada hack

The cloud-based video surveillance service, Verkada, was hacked in March 2021. Following the attack, threat actors could access private client data via the Verkada software. Moreover, attackers had access to more than 150,000 cameras in hospitals, schools, factories, prisons, and other institutions via legitimate admin account credentials they found online.

Later, over 100 Verkada employees were identified to have "super admin" privileges, which enabled access to thousands of client cameras, defining the significant risk associated with large numbers of over-privileged users.

Phishing attacks - Ubiquiti Networks Inc.

Ubiquiti Networks Inc., an American network technology enterprise, became a victim of a spear phishing attack. Cybercriminals impersonated an outside entity (along with a few high-level employees) to target the finance team of Ubiquiti and trick them into wire transferring a total of $46.7 million.

Following the attack, external advisors and the company's audit committee reported significant weaknesses in the organization's internal financial reporting controls, resulting in the CFO's resignation.

How can businesses manage cybersecurity risks?

Even if they don't threaten national security, cybersecurity threats can severely affect an organization's day-to-day processes, revenue stream, and business continuity milestones.

To combat cybersecurity risks from the outside, as well as insider threats, companies must rely on best data security practices.

  • Data encryption and regular backups

Saving critical data in a normal-text format makes it easier for attackers to access it. Data encryption limits asset access to users with an encryption key. Even if hackers manage to access the data, they won't be able to read it unless they decrypt it. Moreover, some encryption solutions will alert you if other parties attempt to alter or tamper with the data.

Another critical aspect of data protection is regular backups of all important information. Sometimes, cybersecurity threats can turn into full-blown data breaches, leading to data loss. Following such a scenario, you won't be able to recover lost data unless you keep a reliable, secure backup in storage.

Failing to restore operational data may lead to downtime, loss of revenue, and customer distrust. Here, your security team should follow robust backup guidelines, such as the 3-2-1 Rule of Backup. The Rule suggests you keep two copies of your data locally on different media, with one additional copy stored in an offsite location.

  • Regular employee training

Phishing emails are a primary way for hackers to infiltrate company networks. If your employees interact with fraudulent emails, they can unknowingly install malware or grant network access to attackers.

Phishing emails are challenging to detect as they seem legitimate at first glance. Without adequate training, your employees may be tricked and click on a malicious link, open a corrupted attachment, or send sensitive information to the attacker. This is why conducting regular cybersecurity awareness training is crucial to educate your employees on the primary forms of cyber threats and the best ways to block them.

  • Systems and software updates

Software and system patches are vital to your cyber security strategy. They add new features and functionalities and fix security flaws and software vulnerabilities that malicious actors can otherwise exploit.

Promptly updating your systems is critical to counter malicious code that seeks to exploit software weaknesses. It's best to rely on a patch management solution to automate the process and deploy all critical updates as soon as they're issued.

  • Vendor assessments and monitoring

As mentioned, threat actors can exploit vulnerabilities in your vendor's environment to break through company defenses. This is why it's essential to procure comprehensive vendor risk management. This will aid you in mitigating third-party risk instead of solely depending on incident response.

  • Strong passwords

A staggering number of data breaches result from weak passwords. As password-cracking technology has come a long way in recent years, simple passwords are often obsolete when battling cybersecurity threats.

Every member of your organization should use complex passwords combined with multi-factor authentication to deny access to unauthorized parties. It's also best to eliminate password sharing to isolate an attack if a single device is compromised. Moreover, it's best to keep all passwords in an encrypted format.

  • Minimize the attack surface

A network's attack surface comprises all potential entry points for attackers to exploit - software, web app systems, IoT, employees, etc. - to penetrate security defenses.

The three primary attack surface types are:

  • Physical - includes company assets that a hacker can engage if they have physical access to your offices.
  • Digital - includes assets that are accessible via the internet (and aren't protected by a firewall). These include corporate servers, operating systems, outdated assets, such as an old but still active website, and more.
  • Social engineering - in this often overlooked attack surface type, attackers exploit human psychology and manipulate employees into sharing sensitive information.
  • Enhance physical security

Most cyber risk management strategies focus on the digital aspect of your environment, neglecting the physical company premises. However, organizations must conduct regular security assessments to determine the security state of critical infrastructure to safeguard it from attackers attempting to break into their offices.

  • A Killswitch

A killswitch can protect your organization against large-scale attacks. This form of reactive cybersecurity protection enables your IT security team to shut down all systems as soon as they detect suspicious behavior until the issue is resolved.

Moreover, you can implement comprehensive threat analysis to inspect server logs frequently and conduct cybersecurity framework audits to ensure system integrity. Lastly, it's beneficial to deploy network forensic analysis tools to analyze network traffic.

  • Firewalls

A reliable firewall system will protect your network from brute-force attacks and prevent cybersecurity incidents from causing significant damage. In addition, firewalls monitor network traffic to detect and identify suspicious activity that could compromise your data's integrity.

  • A robust cybersecurity policy

Comprehensive cybersecurity policies are integral to threat detection and data breach prevention. When creating your cybersecurity guidelines, you must cover several critical aspects:

  • Disaster recovery (DR) - a DR plan ensures all personnel knows what to do during or following an attack. It also minimizes downtime and ensures unhindered business processes.
  • Security testing - a Security testing policy outlines the frequency of your cybersecurity tests, allowing you to uncover and fix vulnerabilities before attackers can exploit them.
  • Access control and management - this policy outlines which parties can access sensitive information, thus reducing the risk of unauthorized access.
  • Incident response (IR) - IR planning documents the steps and procedures to implement in case of a data breach. It also assigns responsibility levels to different organization members and reduces your company's response time.

How to upgrade your cyber risk management program with NIST

The NIST Risk Management Framework (RMF) provides companies with a comprehensive, flexible, measurable 7-step information security and privacy risk management process. NIST guidelines and standards support implementing risk management programs to protect increasingly vulnerable systems, prevent data breaches and design a robust cyber security strategy in line with the Federal Information Security Modernization Act (FISMA) requirements.

  • Preparation

Includes essential activities and processes to prepare the organization for security and privacy risk management.

  • Categorization

Refers to categorizing the target system and all processed, stored, and transmitted data based on a threat-impact analysis.

  • Selection

Includes selecting the required NIST SP 800-53 controls to protect the computer system based on comprehensive risk assessments.

  • Implementation

Refers to implementing the set controls and documenting the control deployment process.

  • Assessment

Refers to assessing if the security controls are correctly set in place, are operating as expected, and are providing the desired results.

  • Authorization

Refers to senior officials authorizing the system to operate following a risk-based analysis and decision.

  • Monitoring

Refers to continuously monitoring control implementation and identifying potential risks to the protected system.

Acronis Cyber Protect — The best cyberthreat protection for your organization

Acronis Cyber Protect offers complete cyber protection in a single solution — you can manage threat detection, data protection, and backup and recovery functions via a single, centralized dashboard to streamline your cybersecurity strategy.

Acronis Cyber Protect can safeguard Windows, macOS, Linux, iOS, and Android machines. Moreover, you can run Acronis Cyber Protect in the Acronis Cloud to ensure advanced cyber protection in hybrid, mobile, and remote work environments.

The extensive backup options eliminate the need for a dedicated data backup team on-premises, with cloud disaster recovery ensuring minimal downtime and unmatched business continuity. Battle cybersecurity threats easily with Acronis Cyber Protect. Try it out today to provide a better tomorrow for your data.

About Acronis

A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.