The 5 cyber attacks you're most likely to face

Don't be distracted by the exploit of the week. Invest your time and money defending against the threats you're apt to confront

Page 2 of 2

Cyber attack No. 4: Network-traveling worms
Computer viruses aren't much of a threat anymore, but their network-traveling worm cousins are. Most organizations have had to fight worms like Conficker and Zeus. We don't see the massive outbreaks of the past with email attachment worms, but the network-traveling variety is able to hide far better than its email relatives.

Countermeasure: Network-traveling worms can be defeated by blocking executables in email, better patching, disabling autorun capabilities, and strong password policies. Many network worms, like Conficker, will try to exploit network shares by logging on using a list of built-in, bad passwords: 12345, password2, qwerty, and the like. If any of your passwords are listed in the password manifest inside of a worm, you do not have a strong password policy.

Cyber attack No. 5: Advanced persistent threats
Lastly, I only know of one major corporation that has not suffered a major compromise due to an APT (advanced persistent threat) stealing intellectual property. APTs usually gain a foothold using socially engineered Trojans or phishing attacks.

A very popular method is for APT attackers to send a very specific phishing campaign -- known as spearphishing -- to multiple employee email addresses. The phishing email contains a Trojan attachment, which at least one employee is tricked into running. After the initial execution and first computer takeover, APT attackers can compromise an entire enterprise in a matter of hours. It's easy to accomplish, but a royal pain to clean up.

Countermeasure: Detecting and preventing an APT can be difficult, especially in the face of a determined adversary. All the previous advice applies, but you must also learn to understand the legitimate network traffic patterns in your network and alert on unexpected flows. An APT doesn't understand which computers normally talk to which other computers, but you do. Take the time now to start tracking your network flows and get a good handle of what traffic should going from where to where. An APT will mess up and attempt to copy large amounts of data from a server to some other computer where that server does not normally communicate. When they do, you can catch them.

There are other popular attack types, such as SQL injection, cross-site scripting, pass-the-hash, and password guessing, but they aren't seen nearly at the same high levels as the five listed here. Protect yourself against the top five threats and you'll go a long way to decreasing risk in your environment.

More than anything, I strongly encourage every enterprise to make sure its defenses and mitigations are aligned with the top threats. Don't be one of those companies that spends money on high-dollar, high-visibility projects while the bad guys continue to sneak in using routes that could have easily been blocked.

This story, "The 5 cyber attacks you're most likely to face," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, followInfoWorld.com on Twitter.

| 1 2 Page 2
From CIO: 8 Free Online Courses to Grow Your Tech Skills
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies