As an IT pro, you’re probably used to doing the heavy lifting when it comes to network security. You might even find your team responsible for educating the rest of your company on best practices when it comes to network common security hacks and how to prevent them.

Today, we’re here to lighten that load a little. Here’s a rundown on six of the most common network security hacks your end users are likely to encounter, how to spot them, and some common-sense primers and prevention tips from the pros you can pass along.

screenshot with terminal text
Source: Unsplash

1. Malicious code in a visited site

Malicious code is software built to do something terrible to your security or networks. Examples that have been in the news lately are firmware attacks, keyloggers, viruses, and spyware. Many of your employees know about malicious code as a concept, but probably think it’s only possible to onboard malicious code through opening email attachments.

However, certain malicious websites will automatically insert malicious code while you think you’re interacting in other ways. For example, what looks like a link to a new page is in reality a link to download code.

Bad actors use malicious code to essentially hijack your computer. If you’re lucky, it’s just obnoxious malware that slows down operations until you fix it. If you’re not, they’ll use your device to access your network’s protected areas.

What IT can do

Your IT department can install security software that looks explicitly for incoming malicious code and stops the operation before it’s completed. Most of this software also scans sites staff might intend to browse that show signs of being malicious or are on a blacklist of known malicious websites.

As well, instituting a zero-trust model for network design have a big impact on what compromised devices will be able to access.

DNS filtering can also eliminate a significant portion of sites from being accessed by end users, stopping trouble before they have an opportunity to click on it.

Network management software can also provide deeper network visibility into possible devices that have been compromised. Tracing traffic destinations, application usage and syslog inspection can spot devices acting out of the ordinary, or treading where they’re not supposed to be.

What everybody else can do

Be aware that malicious code can come in from visiting websites they’re not 100% sure they can trust, and to look for common warning signs:

  • A URL that doesn’t look right for the site they intend to visit
  • Aggressive prompts to download something
  • Strange behavior from a site they usually know to be safe
  • Popups from Chrome and other browsers warning a site isn’t secure
shadow of a man standing
Source: Unsplash

2. Man in the middle

Your business’s normal flow of information goes from one user to another, from one server to a user, or between two servers. For example, you upload your new report to the team hard drive or send a request from your laptop to the HR department.

A man-in-the-middle attack installs a packet sniffer, redirects via a rogue DNS server, or similar code that adds a destination to the flow. Your report still goes from your desktop to the team hard drive, but it makes a stop off-site at an unknown laptop or server. The process is invisible to you, and makes the contents of that communication visible to whoever’s listening in.

If the content includes sensitive information, the bad actor can use it directly to hurt your operations or extort money. But more commonly, they use the information in those intercepted communications to guess passwords, learn more about your vulnerabilities, and gather information for social engineering attacks.

What IT can do

The side trip your data takes in a man-in-the-middle attack is invisible to humans but not hard for network management software to see. Your IT department can use defensive software and active monitoring to watch for the data rerouting inherent in a man-in-the-middle attack.

What everybody else can do

Since man-in-the-middle attacks are mainly invisible, it’s hard for the average user to do anything about them when they’re underway. However, you can prevent it. A man-in-the-middle attack requires software installed on your network or real-time access. Train your staff not to install unsafe software and alert them for attempts to hijack their network access. Also, keep an eye out for any URLs not beginning with “HTTPS” is also another big red flag to avoid. HTTPS certification will fail if a man-in-the-middle attack is present.

pile of garbage at the dump
Source: Unsplash

3. DoS/DDoS attack

A Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack floods a network or individual machine with so much traffic that it disrupts access by legitimate users. These attacks fall into three broad categories:

  • Buffer overflow attacks, which send more traffic to network access than the system is capable of handling
  • ICMP floods, which make the network ping all devices rather than just a single machine upon contact, exponentially increasing the resources each ping uses
  • SYN floods, which uses the TCP handshake protocol to send requests to a server, but never completing the connection, occupying the server indefinitely, until all servers are used

The difference between a DoS and DDoS attack is the number of computers involved. A DoS attack uses a single computer or location to commit the attack, while DDoS comes from multiple machines and locations.

DoS/DDoS attacks aren’t typically used to commit theft or damage data. But they can cost a lot of time and money directly or from lost opportunities/sales while the network is under attack.

What IT can do

DoS/DDoS attacks are a heightened risk because they leverage the way your network is legitimately supposed to work. This makes them difficult to defend against. However, specific hardware and software configurations can make these brute force attacks easier to detect.

They include configuring routers to drop incoming ICMP packets or drop out-of-network DNS responses and next-gen firewall setups with reverse proxies.

What everybody else can do

During a Dos/DDoS attack, there is very little your staff can do because the mechanisms are out of their hands. The best you can do is to train them ahead of time on alternative methods of communication and information access they can use while the network is down.

illustration - phishing vs spear phishing
Source: Click Armor

4. Phishing/Spear Phishing

In a phishing attack, a malicious actor sends emails soliciting sensitive information. When used on private citizens, it’s usually an attempt to steal banking information or credit card numbers. When used against an employee, it’s an attempt to gather login information to access your network.

These emails can be persuasive, sometimes posing as someone from your IT department needing a password to fix a problem. Sometimes they come with threatening messages or urgent timelines to elicit a response before the recipient can think about it.

Phishing usually relies on a blanket approach with the same message hoping someone will fall for it. By contrast, spearphishing targets a specific individual, usually somebody with authority or access, and can be highly tailored to maximize the chances of working.

Once the malicious actor gets login credentials, they can use them to steal or compromise company data. Sophisticated hackers don’t do it right away, but instead spear phish a low-level employee, then use their logins to craft communications with a greater chance of tricking somebody higher up in the company. Over time, they work their way into successfully spearphishing a C-suite leader or IT administrator.

What IT can do

Phishing attacks bypass IT solutions by going straight to the users for access to your networks. However, your IT department can set up password protocols and different access levels to contain a breach if an attack works.

They can also create a response program for this kind of data breach that quickly closes off access if a phishing attempt works.

What everybody else can do

Train your staff to be alert for phishing and spearphishing attacks and never share login credentials outside an official login. Not even your supervisors or your IT team need to know employee logins.

Repeat this training frequently, as sophisticated phishing attacks use psychological manipulation to make people forget their training.

containers
Source: Unsplash

5. SQL injection

SQL (Structured Query Language) is computer code used to communicate with a database. In an SQL injection, a hacker attempts to upload SQL commands through a website to manipulate data on the website’s server. Typically, they do this by entering SQL commands into a web form, such as the comments section or a “contact us” page, spoofing the server as it receives the code.

The code then helps the hacker steal, destroy, or alter data to defraud the company. Sometimes the attack is a one-time event. Other times, it sets up tools for a more profound hacking attempt later. SQL injections were behind many high-profile data breaches (Cisco, Tesla, Fortnite, even the Turkish government).

What IT can do

Setting up proper security for all web forms can protect your network from most SQL attacks. Sanitizing and filtering user-supplied data is easy and can be automated, limiting SQL command functionality on your network.

What everybody else can do

Your average team member won’t interact with these kinds of network security hacks or the things that make your network more or less vulnerable to them. However! If you are responsible for tasks like reviewing and approving web comments, say on a blog post, keep an eye out for submissions that look like code rather than sentences. Report any weirdness to your IT team immediately for investigation.

hole in wall
Source: Unsplash

6. Brute force password attack

There’s an excellent chance you tried a physical version of this strategy if you had a cylinder bike lock and forgot the combination. You started with “0000” and worked your way toward “9999” until the thing opened. That’s a brute force attack.

In a network security hack, it’s the same thing, only much faster. That bike lock had 10,000 possible combinations. A password can have multiple trillions of possible combinations, but computers can work through them at thousands of attempts per second. They can figure out the password if given enough time.

Armed with just a username, a bad actor can run scripts for a brute force attack until they get crack the password. Once access is acquired, they can do whatever that user is capable of inside your network.

What IT can do

You’re familiar with IT’s first line of defense against brute force attacks: limiting the number of possible login attempts in a set period. You’ve encountered it on bad days with your online banking, and maybe your phone. IT’s methods go deeper than that, but they can set up password protocols that make brute force attacks more difficult.

What everybody else can do

At the bare minimum, train your staff to create strong passwords. For example, there are about 40,000 options for an eight-letter password that’s a common word in the English language. A string of eight random lower-case letters increases the options to about 2 billion. Mix in upper-case letters, and that goes up to 53 trillion. Other characters expand the possibilities even more.

Better yet, encourage your employees to use passphrases. These are multiple words strung together to form an easy-to-remember password with more possibilities than there are stars in the visible universe. The chance of a brute force attack guessing a passphrase is next to zero.

Editor’s note: At Auvik, we employ a combination of password management software (like 1Password) and single-sign-on protocols.

Final word on network security hacks: password hygiene

Of course, all the training, awareness, and countermeasures in the world mean very little if your team doesn’t have their passwords set up well and protected even better. Password hygiene is a topic that has filled entire books and courses, but for now, keep the essential information in mind:

  • Avoid reusing passwords
  • Protect password lists and use coded reminders
  • Never mix personal and work emails
  • Change passwords only when needed
  • Implement blacklists of commonly guessed passwords
  • Add two-factor authentication for the most privileged users.
  • Never share passwords with anybody

Michael Dwyer has been an IT consultant for more than a decade. He vigilantly stays updated on new technologies hackers are using.

Get templates for network assessment reports, presentations, pricing & more—designed just for MSPs.

Ebook cover - The Ultimate Guide to Selling Managed Network Services

Leave a Reply

Your email address will not be published. Required fields are marked *