Skip to content

Security Threats

1. Introduction to Network Security Threats

A network security threat is an effort to get illegal access to your organization’s network, in purpose to take your data without your knowledge or execute other malicious actions.

There are 2 categories of network security attacks: - Active Attack
Hackers get unsanctioned access to a computer network/system and they can interrupt the transferred information in purpose to intercept the connection and adjust the information. So that hackers can make changes to the data, either by encrypting, removing, or compromising it.

  • Passive Attack
    Hackers obtain access to a computer network/system in purpose to steal and monitor sensitive information. So that hackers can only intercept the information to read or analyze it, but cannot change the data.

2. What is Network Vulnerability?

Network vulnerability is a known flaw or weakness in hardware, software, or other assets, which can be exploited by hackers.

An example:
When a member of your IT security is laid off or resigns but you forget to change their login details, disable their contacts, or delete their usernames or user ID from your business credit cards, then your organization becomes vulnerable to both planned and unplanned threats.

3. 4 Main Types of Network Security Threats

There are 4 main types of network security threats: - Structured Threats
A more organized form of attack executed by one or more hackers with savvy hacking skills. The motives for a structured attack include political or racial motives, ransom or extortion, personal motives, or state-motivated attacks.

Note: The major motive is that the assaults are not causally linked to the hacker.

  • Unstructured Threats
    Usually a disorganized form of attack on one or more unknown networks executed by amateurs or hackers with restrictive skills. The motives for these attacks are often boredom or people with unscrupulous intent.

Note: The intent may or may not be malicious, but there’s always an insensibility to the ensuing impacts.

  • External Threats
    A form of attack executed by perpetrators outside the organization, usually through dial-up access or the internet. These hackers often don’t have permission to traverse these networks.

  • Internal Threats
    An internal threat is from perpetrators who have had contact with authorized access to a network/system and they have knowledgeable insights about the system network. These attacks are significant both in the size and number of losses and usually executed by unsatisfied employees who still have active access.

4. Difference Between a Threat, Vulnerability, and Risk

We have defined network security threat as an effort to obtain illegal admission to your organization’s network, to take your data without your knowledge, or execute other malicious pursuits. We also have defined network vulnerabilities as known flaws or weaknesses in hardware, software, or other organizational assets, which can be exploited by attackers. However, we are yet to define security risks. Network risks are the possible damages or loss your organization can suffer when a threat abuses a vulnerability. Risk can be so severe that you suffer reputational damage, financial losses, legal consequences, loss of privacy, reputational damage, or even loss of life.

We can summarize these three definitions with the formula of : Threat + Vulnerability = Risk

An example: Assume that you have an organization, and let us use COVID-19 as an external threat that is beyond your control. The vulnerability here would be a lack of an effective incidence response plan, a business continuity plan (BCP), or an effective network security policy. The potential risk for your organization would be the loss of valuable information and data or a disturbance in your business operation because you did not address your vulnerability issues.

5. Most Commmon Network Security Threats

Regardless of the type of network security threat, there are different motives for executing network attacks and they are often malicious. Individuals, businesses, and nations have different reasons for executing an attack. The most common are hacktivism, extortion, cyber warfare, business feuds, and personal reasons. These are the most common network security threats:

Computer viruses, Computer worms, Trojan horse, SQL injection attack, DOS and DDOS attack, Rootkit, Rogue security software, Phishing, Adware and spyware, and Man-in-the-middle attacks.

6. Identify Network Security Threats

For an IT security team, technology advancements mean an increased level of risks. Security risks to your business network require you to take preventative measures by conducting a threat audit. To do so effectively, you need to identify the vulnerabilities within your networking infrastructure.

  • Enable your network visibility
    The first step for preparing your network defender and other members of your security team to identify network threats and vulnerabilities is to enable your whole network visibility. The only way you can detect a threat is when it is visible. You can use the existing structures on your network devices to achieve visibility.

  • Set up computer and network access
    You need to construct your computer and network access to control who can access your network and the level of access they can have. Not every user should be given access to the whole network. Your network security policies will determine the appropriate ways to protect treasured assets, evaluate potential risks, lessen vulnerability channels, and craft a recovery plan in case of an incident.

  • Firewall configuration
    Setting up a network firewall thwarts unauthorized access and internet-based attacks from dispersing into your computer networks. Your network firewall oversees the flow of computer data traffic permitted to traverse your network. They can also obstruct reconnaissance assaults, including IP scanning or port sweeps. Your internal firewall can restrict this, but you need to configure it.

  • Limit access to updates and installations
    Malicious hackers can penetrate your computer network through out-of-date software for antivirus, operating systems, device drivers, firmware, and other endpoint mechanisms. As access control in network security is critical, network defenders can mitigate the risk of random assaults by restricting the number of people who can install or update software. A good IT team should only be allowed to activate updates and installations only via their admin access.

7. Most Commmon Network Security Threats

Below are the top 10 of network security threats:

a. Insider Threats
In an organization, it occurs when individuals close to an organization who have authorized access to its network and misuse that access to negatively effect the organization’s critical data or systems. For example, they may inadvertently email customer data to external parties, click on phishing links in emails, or share their login information with others.

Preventing insider threats:

  • limit employees’ access to only the specific resources they need to do their jobs
  • train new employees and contractors on security awareness before allowing them to access the network
  • set up contractors and other freelancers with temporary accounts that expire on specific dates, such as the dates their contracts end
  • implement two-factor authentication, which requires each user to provide a second piece of indentifying information in addition to a password
  • install employee monitoring software to help reduce the rish of data breaches and the theft of intellectual property by identifying careless insiders

b. Viruses and worms
They are software programs (malware) aimed at destroying systems, data, and network.

  • Virus replicates by copying itself to another program, system, or host file. it remains inactive until someone activates it, spreading the infection without the knowledge or permission of a user or system administration.

  • Worm infects other computers while remaining active on the infected system. Once a worm enters a system, it immediately starts replicating itself, infecting computers and networks that arent adequately protected.

Preventing viruses and worms:
Install antivirus and antimalware software, not to download attachments or click on links in emails from unknown senders to avoid downloading software from untrusted websites, be cautious when use P2P file sharing services, don’t click on ads.

c. Botnets
Is a collection of internet-connected devices (incl. PCs, mobile devices, servers, and IoT devices) that are infected and remotely controlled by a common type of malware. It searches for vulnerable devices accros the internet. The goal is to infect as many connected devices as possible.

Preventing botnets:
monitor network performance and activity to detect irregular network behavior keep the OS and all software up to date and install any necessary security patches implement antibotnet tools that find and block bot viruses.

d. Drive-by download attacks
A malicious code is downloaded from a website via a browser, application, or integrated OS without user’s permission or knowledge, even just browsing the website can start a download. Often used to inject banking trojans, steal, and collect personal information.

Preventing drive-by download attacks:

  • Regularly update and patch systems with the latest version of software, applications, browsers, and OS.
  • Stay away from insecure websites.
  • Install security software that actively scans websites

e. Phishing attacks
Type of information security that trick users into breaking normal security practices and giving up confidential information, including names, addresses, login credentials, social security numbers, credit card information, and other financial information.

Preventing phishing attacks:
Not to download attachments or click on links from unknown senders and avoid downloading free software from untrusted websites.

f. Distributed denial of service (DDoS) attacks
Multiple compromised machines attack a target, such as a server, website or other network resource, making the target totally inoperable. The target system may slow down or crash and shut down, denying service.

Preventing DDoS:

  • Monitor networks visually and know how much bandwidth a site uses on average
  • Ensure servers have the capacity to handle heavy traffic spikes and the necessary mitigation tools to address security problems
  • Update and patch firewalls and network security programs

g. Ransomware
The victim’s computer is locked by encryption, which keeps the victim from using the device. To regain access to the device, the victim has to pay the hacker a ransom. Can be spread via email attachments, infected software apps, infected storage devices and compromised websites.

Preventing ransomware:
Regularly back up device and update all software. Avoid clicking untrusted links.

h. Exploit kits
Is a programming tool that enables a person to create, customize, and distribute malware. Cybercriminals use these kits to attack system vulnerabilities to distribute malware or engage in other activities, such as stealing data, launching denial of service attacks, or building botnets.

Preventing exploit kits:
For organizations, deploy antimalware software and security program. Install antiphishing tools because many exploit kits use phishing to penetrate the network

i. Advanced persistent threat attacks
Is a targeted cyberattack in which an unauthorized intruder penetrates a network and remain undetected for an extended period of time. The goal is to monitor network activity and steal information to gain access, including exploit kits and malware.

Preventing APT attacks:
Detect anomalies in outbound data.

j. Malvertising
Is a technique to inject code to online advertising networks and web pages. Redirects users to websites or installs malware on their computers or mobile devices. The device may get infected even if they dont click on anything to start the download. Criminals may use it to deploy a variety of moneymaking malware, including cryptomining scripts, ransomware and banking trojans.

Prevent malvertising:
Ad networks should add validation. Validation could include: vetting prospective customers by requiring legal business paperwork; two-factor authentication; scanning potential ads for malicious content before publishing an ad; or possibly converting Flash ads to animated gifs or other types of content.

Reference: