CYBERTHREATS AND THEIR SOLUTIONS

1. Viruses and Worms

Computer viruses and worms are destructive
malicious programs designed to infect core systems, destroying essential system
data and making networks inoperable. Viruses are attached to a system or host
file and can lay dormant until inadvertently activated by a timer or event. Worms
are more general – infecting documents, spreadsheets and other files,
sometimes by utilizing macros. Once either one enters your system, it will
immediately begin replicating itself, infecting networked systems and
inadequately-protected computers. Viruses and worms form the building blocks
for many more advanced cyber threats.

 SOLUTION

Installing anti-malware solutions on all networked devices and

systems can significantly reduce the possibility of contracting these viruses or
allowing them to spread. By recognizing the threats early and containing them,
these solutions enable admins to detect malicious programs and remove them
before they inflict any damage. In addition, IT professionals must aggressively
keep software up to date, both on the end-user systems and on core system
computers. With more infrastructure in the cloud, protective strategies must be
extended to protect both local and cloud-resident data. And users must be
trained to avoid the human engineering aspects of attacks, such as phishing
attacks. This multi-faceted approach is known as defense-in-depth.

Page | 1
 2. Drive-by Download Attacks

Network Security Threats In the past, a simple

way to ensure that you didn’t contract a computer virus was to not download
files from any source you didn’t trust. Easy right? Unfortunately, today it’s not
that easy. A drive-by download is a form of attack that allows malicious code to
be downloaded from an internet site through a browser, app, or integrated
operating system without any action on the user’s part. These URLs are designed
to look and act like real websites, but in fact, they are breeding grounds for
several different types of malicious code in hopes that one of them will get
through your system’s security.

 SOLUTION

Keeping your browser up-to-date is one of the best ways to

help identify these malicious sites before you visit them. You can also use a safe
search tool, designed to filter potential threats and ensure you’re not able to
navigate to them.

3. Botnets

Botnets are powerful networks of compromised machines

that can be remotely controlled and used to launch attacks of massive scale,
sometimes including millions of Zombie computers. Botnets are controlled by
Command and Control (C&C) networks, which are run by the hacker. They can
be used to launch Distributed Denial of Service (DDOS) attacks, to make a target
website so busy that it can’t process legitimate requests. In fact, DDOS attacks
are sometimes able to completely crash the targeted site, and relief may be
offered only if the target website owner pays a ransom. Botnets can also be used

Page | 2
to attack secure systems, with each bot operating at a low attack frequency to
evade detection, but the aggregate performing a large brute-force attack.

 SOLUTION

The first defense against botnets is to keep your own machines from becoming
botnet “Zombies,” by using techniques for preventing infection from worms and
viruses, including using antivirus software and keeping operating software up to
date. But even if all machines in your enterprise are kept clean, you can be
attacked when outside machines are directed to attack your web server or
infrastructure. Because of the scale, defense in this case requires a cooperative
approach including working with your ISP, system software vendors, and law
enforcement agencies.

4. Phishing Attacks

Phishing attacks are a form of social engineering attack

that is designed to steal user logins, credit card credentials, and other types of
personal financial information. In most cases, these attacks come from a
perceived trusted source, when in fact they’re designed to impersonate
reputable websites, banking institutions, and personal contacts. Once you reply
to these messages and use your credentials or enter your financial details, the
information is then sent directly to the malicious source.

 Solution

To adequately combat phishing attacks, vigilance is critical.

Unfortunately, these attempted attacks are hard to avoid, but as a rule of
thumb, you should train your users to always be cautious when reading and
Page | 3
opening all emails. Before clicking an external email link, you should look at the
actual URL, as it may be different than the text in the email. Enter the URL
manually, or be 100% sure of the source and delete any emails that seem to be
fraudulent.

5. Exploit Kits

Over the years, hackers have looked for more automated

ways to exploit users systems. These kits are self-contained and sold on the dark
web. The attack is planned to work in several stages starting with a scan of the
user’s system once they navigate to a landing page. If vulnerabilities are
discovered, the compromised website will then divert web traffic to an exploit
and eventually the malicious payload.

 SOLUTION

Exploit kits are designed to be discreet, so discovering them

as they are executed requires the same techniques used to defend against other
sources of worms and viruses. Software solutions include antivirus and intrusion
preventions systems, and human solutions include anti-phishing training for
users.

6. Ransomware

Among all of the latest cybersecurity threats that have

been discovered over the years, none create as much fear and uncertainty as
ransomware attacks. 67% of businesses attacked by ransomware have
permanently lost part of or all of their company data. By infecting secure
database systems, encrypting data, and threatening deletion or corruption of
files unless a hefty ransom is paid, ransomware is a very dangerous form of
malware. The massive increase in ransomware was triggered by the creation of

Page | 4
crypto-currencies like Bitcoin, which allow ransom demands to be paid
anonymously.

 SOLUTION

As ransomware is a form of malware, the same defensive

strategies are required – antivirus software, keeping software updated with the
latest security patches, and training employees to recognize phishing attacks.
But there is an additional protection which is essential – reducing the impact of
a loss of data by having a backup and ransomware recovery strategy or by
keeping data in multiple, replicated locations. This way, the business can
continue uninterrupted, without needing to pay ransom.

7. APT Threats

APTs (Advanced Persistent Threats) are a form of cyber

attack where an unauthorized attacker code enters an unsuspecting system
network and remains there for an extended period undetected. Rather than
inflicting damage to these systems, APTs will quietly sit, stealing financial
information and other critical security information. APTs use a variety of
techniques to gain initial access, including malware, exploit kits, and other
sophisticated means. Once login credentials are discovered, APTs can scan and
infect deeper parts of the infected system, inevitably compromising all forms of
data and easily navigating between connected networks.

 SOLUTION

While these forms of attack are difficult to detect, there are

some key indicators that system administrators can notice to help identify and
counter APTs, including looking for unusual patterns in network activity or large
amounts of data access, outside the normal range for the business. In addition,

Page | 5
IT professionals can improve defense by segmenting the network to isolate
critical data, using honeypots to trap internal attacks, and using application-
specific white lists to limit data access to only the few applications that should
be allowed.

< : ___________________________ :>

THE END

PREPARED BY:

AOUN ALI AKBAR

Page | 6