To say cybersecurity attacks are on the rise would be a big understatement.
We continue to learn of new cyberthreats at alarming rates, and the creative ways hackers are getting in means we should all be paying attention. Cyberattackers are constantly looking for loopholes and new system weaknesses. Unless you are informed and prepared, you could be handing them the access they desire on a silver platter without even realizing it.
Understanding current cyberattacks and how cybercriminals are targeting individuals and organizations is critical to proactively protecting your networks and data.
Major current cyberoffenders that you should not underestimate:
What is KRACK? A KRACK attack sounds a bit silly, but it actually stands for key reinstallation attacks. Critical weaknesses in WPA2 encryption have been discovered that put nearly anyone using Wi-Fi at risk. Security researcher, Mathy Vanhoef, who identified this “serious weakness” in the wireless protocol, reports, “The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected.” In other words, we could all be at risk.
When attacks are initiated, they force what is known as a nonce reuse in encryption algorithms, tricking users on the network into reinstalling a security key that was already in use and previously secure. Once this happens, attackers can read traffic between wireless access points, watching and following users as they navigate the internet. Victims are then, unknowingly, left exposed, allowing attackers many opportunities to capture sensitive info like login credentials, social security numbers, banking information, emails, search traffic patterns, and more.
What’s at risk: All protected Wi-Fi networks. Whether you have the Cadillac or the Geo version of W-Fi in place, you’re vulnerable. Devices running on running macOS, Windows, iOS, Android, and Linux could all be impacted.
The solution: Search to see if your device’s operating systems have available security updates and implement those updates as soon as possible. Microsoft has already released a security update providing protection for Windows and others are working diligently to implement a patch.
What is BlackNurse? A new type of DDoS threat has emerged that requires only a small amount of traffic, potentially from something as simple as a single device, to wreak havoc on your system.
BlackNurse works to quietly target specific firewalls with random ICMP Code 3 port unreachable error messages, overloading network CPUs and causing packets to begin dropping (NS.com) while only using a modest amount of bandwidth (i.e., less than 20Mbit/s) (TDC-SOC-CERT). BlackNurse is sneaky and loves to play the “little ole innocent me” card. Networks beware…the impact can be significant for those that allow ICMP access to the firewall’s outside interface.
What’s at risk? Your network’s firewall. “Most firewalls are prepared for larger, more targeted attacks, but the limited traffic of BlackNurse attacks makes them, by nature, present as low threat activity,” remarks Colleen Hoy, security product manager at Education Networks of America. This tiny but mighty attack is becoming increasingly common and could soon be a force to be reckoned with, taking networks offline and leaving network admins perplexed.
The solution: Check to see if your device is vulnerable to the BlackNurse attack. Many leading firewall devices have been listed as potentially vulnerable without corrective configuration. If your firewall is vulnerable, or if you merely wish to prevent vulnerability, create zone-protection-profiles, DDoS rules with ICMP-flood settings enabled, or rate limiting on routers upstream.
Amazon Phishing Scam
What is the Amazon Phishing Scam? This is a social engineering scam. Users receive an email notification stating there has been an unauthorized attempt at resetting their Amazon password. A verification code is provided and the user is encouraged to call a number to verify their identity. When the number is called, the service agent who answers directs the caller to a “protected” web address to input the verification code as well as their Amazon account password to “verify their identity.”
What’s at risk? Your privacy, credentials, and potentially your entire network’s security. This is so new that the exact risks and purpose for the scam are unknown. It is suspected that the purpose is either “an elaborate credentials phish or the set up for a tech support scam where the bad guys inform users that they must download a RAT (remote access trojan) to allow their personnel to ‘clean’ users’ PCs of malware.” (KnowBe4)
The solution: The solution for this threat is prevention. It is as simple as educating and training your team(s). Inform your staff of the scam and request they refrain from engaging with the email on personal or company devices. Ask that they report to you anything suspicious and that they do not click on any unusual or unknown links or call any numbers without prior review.
New threats emerge daily in network security. Keeping your networks, data, and staff/students safe is a top priority. Creating awareness and taking active measures to prevent vulnerability is the best way to proactively protect your organization and network from cyberthreats.
About ENA Security Services
ENA’s comprehensive security solutions are specifically designed to protect today’s K–12 schools, higher education institutions, and libraries from crippling and damaging cyberthreats and attacks. ENA’s engineering teams are continually testing and developing new methods of discovering and mitigating threats in today’s ever-changing network security landscape. Through sophisticated traffic pattern analysis and strategically placed active policies designed to deny known attack vectors, ENA can limit attack traffic at the edge of our network.ENA SECURITY SOLUTIONS