As people and technology are becoming more and more integrated with each other, we’re seeing more attacks against computer systems that hold data. But who wants to get to your data?
Well, it’s not a simple answer; there are a range of people who organize and initiate attacks against computers for various reasons.
At one end of the spectrum, you have “script kiddies” who have downloaded a tool online and have gone searching for a target. They have no real agenda other than causing trouble just for the fun of it. While these “script kiddies” don’t pose a significant threat, they can quickly become a nuisance.
Moving up, you start to see challengers, hacktivists and disorganized crime. Challengers aren’t looking to steal data; their goal is to gain access to a system for the intellectual challenge.
Hacktivists are people aiming to cause destruction to support their agenda. And disorganized crime refers to those looking to cause problems through methods such as ransomware attacks, fraud or are simply out to make quick cash.
At the other end of the spectrum you start to see serious organized crime, nation-state and espionage attackers. These groups have a very different agenda and look to play the long game. All these groups have two things in common: they are very technical and very stealthy. Organized crime looks to gain money and influence through nefarious means. Nation-state attackers are a collective of people working on behalf of a nation to gain a foothold or steal information from other nation-states. While the sole purpose of espionage is to steal data and gather information such as business plans and intellectual property.
Over the years, attack trends have changed drastically. Going back a few years the main issue was Remote Access Tools (RAT) and Trojans used by disorganized crime attackers. While these are still deployed today, RATs are now mostly deployed by nation-state and espionage attackers to maintain access.
Since the WannaCry outbreak in May 2017, there’s been a huge shift from ransomware attacks to crypto-miners. While ransomware attacks are still common, the smash and grab technique is quickly losing out to the steady approach. This is for two reasons. Firstly, if an organization is hit with ransomware, they typically have a backup of the server meaning the attacker gains nothing. The second reason is that because crypto-mining doesn’t have a big service impact like ransomware, organizations are less likely to react, allowing the crypto-miner to gain crypto-currency over time.
The underlying theme behind ransomware and crypto-mining attacks is email, as typically this is the easiest entrance into an organization’s network. This is because users can easily be tricked into clicking a link or installing malicious software.
Another common attack is Distributed Denial of Service (DDoS): a collection of devices targeting a service to overload it. These attacks are aimed at causing disruption to an organization and can cause significant financial impact. Typically used by hacktivists, they’re also used by attackers who hold a grudge, or “script kiddies” looking to cause chaos.
What protective monitoring can do for you
The key to preventing these attacks is to first gain visibility that you’re under attack. A good protective monitoring system should be able to identify if you’re under attack from a brute force attack, SQL injection or someone sending malformed packets. A key use case for protective monitoring is to cover your internal users when they click a bad link. Once you have visibility you can then start to react to attackers. Of course, there is no “golden bullet” to cyber security and no single tool covers everything. If you couple protective monitoring with endpoint protection, you can start providing your users with a buffer. If you add in a vulnerability tool, you can start identifying vulnerabilities by closely monitoring those devices at risk.
What UKCloud can do for you
At UKCloud we understand cyber security is key to an organization’s success, we offer DDoS mitigation and protective monitoring on your external endpoints as standard. If you want to know more, contact us at firstname.lastname@example.org.