Identify Common Network Security Threats
After completing this unit, you’ll be able to:
- Identify common motives behind network attacks.
- Explain prevalent network attack methods.
- Discuss real-life network security incidents.
Common Motives Behind Network Attacks
Digital adversaries have various titles—hackers, hacktivists, cyberterrorists, cybercriminals, and cyberwarriors, to name a few. In order to understand how to secure a network, it’s helpful to know what motivates these people to attack computer systems. Here’s a crash course on the various types of hackers and their motives. Learn more about digital criminals in the Digital Security Basics module.
Hackers are often motivated by the need for notoriety—they want to embarrass someone or show the world how clever they are. Usually, they cause no serious damage. Hackers often try to trick people into giving them their account names and passwords directly.
Hacktivists (hacker + activist) target a specific organization because they are motivated by political, social, or moral positions. A hacktivist group acts as individuals toward a common goal and may concentrate on denial of service, loss of reputation (defacing a website), or stealing sensitive data.
Cyberterrorists cause disruption or damage to intimidate their enemies. They may try to disrupt major websites or damage military technology.
Cybercriminals are motivated by money, so they look for credit card data, personal identification information (PII) such as Social Security numbers, intellectual property, and other valuables. Cybercriminals tend to go after health records because they contain all the personal data needed to steal someone’s identity.
Cyberwarriors are motivated by the national interests of their country’s government. They typically attack other nations, but sometimes attack individual companies.
Ethical hackers work to protect companies from digital attackers. Ethical hackers are trained to discover weaknesses and report back to an organization so it can protect against unwanted attackers.
Knowing an intruder’s motives can help organizations focus on what to protect and how to protect it. Next, we learn about the techniques that intruders use to attack computer networks.
Prevalent Network Attack Methods
A cyberattack is any attempt to gain unauthorized access to a computer system to cause damage or steal information. Digital attackers constantly develop new tactics to access information, so cyberattacks come in many flavors. Here is a list of some of the most common types of attacks (unfortunately, there are many other types of attacks in addition to these).
- Phishing is a common email attack method where a digital criminal tries to get the user to click a link to hand over sensitive information such as passwords and health data. Spear phishing targets a specific person, usually a person in authority like a CEO, instead of using mass email. To protect against phishing attacks, disable links in emails, enable spam filters, and train users to recognize phishing emails.
- In a denial-of-service (DoS) attack, the attacker attempts to deny computer resources to the network’s users. This is usually accomplished by overwhelming the target computer system’s resources with unauthorized requests, which prevent valid users from accessing the network. In a distributed denial-of-service (DDoS), the attack comes from many sources instead of a single intruder. Enable firewalls, run antimalware software, and use a virtual private network to protect against DoS and DDoS attacks.
- Ransomware is a common attack in which malicious software blocks access to computer system data and devices until the attacker’s target pays money (a ransom) to the attacker. Often, ransomware gets past the network’s defenses via malware, exploits its first victim, encrypts file systems (which prevents the victim from accessing their data), then pivots through the network to attack its next victim until all computers within a network are affected. The WannaCry malware, discussed in the next section, is an example of ransomware that has been used by many groups to attack computer systems. To avert ransomware attacks, install security updates, run antimalware software, and back up data on a regular basis.
- In a man-in-the-middle (MITM) attack, the intruder eavesdrops on two parties who believe they are communicating confidentially with each other. The MITM attacker may insert themselves into the middle of a Wi-Fi transmission or tap into a physical network connection. Then they can collect or possibly alter the data transmissions, all while the target is unaware of nefarious activity. Encrypt data in transit and use a virtual private network to thwart MITM attacks.
- Sometimes, malware is disguised as legitimate software. This is known as a Trojan horse or Trojan. Cybercriminals use Trojans to gain access to computer systems in order to extract user data. Attackers try to trick users into loading and running Trojans on their computers. Run antimalware software and disable file downloads to protect against Trojans.
Ready to review what you’ve learned? The knowledge check below isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the function in the left column to the matching category on the right. When you finish matching all the items, click Submit to check your work. If you’d like to start over, click Reset.
Nice work! As a network security professional, it’s your job to secure computer systems against each of these potential attacks. That’s a big responsibility, but there are hardware and software solutions plus training available to help you reach this goal. You learn about these options in the next unit.
It seems like every day we hear about another computer system that’s been exploited in some manner. PII—names, Social Security numbers, email addresses—is compromised or stolen. Ransomware holds a school system’s data hostage by taking down the network. Many attacks have become headline news. Let’s review some of the most notorious cyberattacks.
The WannaCry exploits are some of the most well-known cyberattacks. WannaCry is ransomware that attacks computers running Microsoft Windows. It is vulnerability-based and spreads through Windows’ Server Message Block (SMB) file sharing functions. WannaCry has been used to attack computer networks at hospitals, schools, and businesses.
Another infamous piece of ransomware is Petya. Like WannaCry, Petya attacks Microsoft Windows–based systems. It encrypts a computer’s operating system drive and prevents Windows from booting. Then a request for payment is made in order to reverse the attack. This malware has been used to attack computer systems in multiple countries. Unlike WannaCry, Petya is phishing-based, so it typically enters the network because somebody opened a malware link in an email.
The Ryuk ransomware has been linked to attacks on school districts, colleges, and municipalities. Schools and other government agencies have become common targets because these organizations typically lack the funding and expertise necessary to keep systems and software updated with the latest cybersecurity protections. Schools are especially vulnerable because they have so many users (students) who are easy phishing targets since they are untrained in good cybersecurity practices.
As you can see, cyberattacks come in many shapes and sizes. In the next unit, we learn how to safeguard computer systems against these attackers.