There has been a lot of focus on the security threats associated with remote workers — and rightfully so. In the Acronis Cyberthreats Report 2020, 31 percent of organizations reported daily cyberattacks, primarily targeting remote workers. The rapid shift to remote work greatly expanded the attack surface, with employees’ devices connecting to corporate resources from outside the network perimeter.
But organizations should not forget about network security as they move to protect their remote workforce. WatchGuard’s Threat Labs tracked more than 3.3 million network attacks in the third quarter of 2020, a 90 percent increase over the previous quarter and the highest level in two years. The number of unique network attack signatures hit a two-year high as well.
The data, collected from Firebox intrusion prevention systems participating in WatchGuard’s research, highlights the importance of shielding network-based assets and services from cyber threats. Network resources should be kept up-to-date and protected by next-generation firewalls and other security controls.
What Is a Network Attack?
Cybercriminals launch network attacks to steal data, disrupt business or perform some other malicious activity. Network attacks are distinguished from malware attacks and attacks on endpoint devices and applications, even if the objective is the same.
In a network attack, cybercriminals are attempting to penetrate perimeter security to gain access to internal systems. They may then use privilege escalation to move horizontally throughout the network or vertically to gain higher levels of access to the same systems. In an advanced persistent threat (APT), the attacker uses sophisticated techniques to remain inside the network for an extended period.
Network attacks often begin with reconnaissance. The hacker may use tools such as packet sniffers and port scanners to gain an understanding of the layout of the network and potential vulnerabilities. Corporate information such as domain registrations and even social media profiles can be used to identify network administrators for targeted phishing attacks.
In an access attack, the hacker intrudes on the network without permission. Compromised user accounts are frequently used to gain unauthorized access. Because brute force methods tend to create a lot of network traffic that will quickly be spotted by monitoring tools, hackers will use social engineering and other techniques to obtain valid user credentials. Hackers may also gain physical access to the IT environment, enabling them to plug rogue hardware directly into the network.
Man-in-the-middle attacks involve the interception of network traffic to steal or compromise data. In a distributed denial of service (DDoS) attack, the network is flooded with so much traffic that systems crash or legitimate users are denied access.
How to Prevent Network Attacks
Preventing network attacks begins with strong perimeter security. The network should be segmented into zones to contain attacks and prevent lateral movement. Next-generation firewalls should be installed at the network edge and the junction of each network zone.
Network address translation maps private, internal IP addresses to a limited number of global IP addresses, making it harder for hackers to know which host they’re connecting to. A proxy server sitting between users and the public Internet filters outgoing and incoming traffic to prevent malicious connections and content.
Because attacks are continually evolving, network monitoring is essential. Data from various security tools and systems should be combined and correlated to gain visibility across the network and provide the context needed to detect sophisticated threats.
Verteks has the expertise and experience to help you assess your network, identify vulnerabilities and implement industry-leading security tools. We can then monitor your network and keep it up-to-date and protected against the latest threats. Contact us for a confidential consultation.