5 Common Attacks That Dodge Your Firewall.
Updated: Mar 11, 2022
As your first line of defense, firewalls protect networks and systems against a range of cybersecurity threats coming from the internet and other untrusted networks. Like a big, locked door to your house, everyone has one, keeps it locked, and checks it periodically...right?
Today’s complex IT environments and sophisticated threat actors have expanded the number of ways that your business can get hacked. Here are five of the most common attacks that dodge your firewall.
Phishing messages dupe recipients into disclosing sensitive information or opening malicious files. Verizon’s 2021 Data Breach Investigations Report found that 43 percent of data breaches involved phishing. These phishing messages are often extremely convincing to the point that even seasoned security researchers have trouble recognizing that they don’t come from a trusted source.
It’s trivial to emulate a trusted source using information gleaned from company websites or social media. It’s equally straightforward for threat actors to email a company and copy the boilerplate footer text and branded images they receive in the response for use in their own phishing messages. There are so many tools available to find your employees and their emails. Even text messages can deliver phishing messages.
The best way to combat phishing is to have a modern email management tool, test and train your employees, and create a security aware culture.
An increasingly common way for businesses to get breached stems from vendor compromise. As part of digital transformation initiatives, businesses adopt multiple cloud services from team collaboration tools to file-sharing platforms. IT departments vet these tools and then add them to the ecosystem of trusted apps, systems, and services on their networks.
Unfortunately, threat actors actively attempt to find and exploit vulnerabilities in vendor tools that can ultimately wreak havoc on your business. In one of 2021’s most high-profile cyber-attacks, Russian hackers compromised an infrastructure monitoring and management platform owned by SolarWinds. The hackers pushed out an update for this platform containing trojans that provided access to computer systems belonging to multiple US organizations and government departments.
Offset these risks by having a thorough vendor security review process.
Misconfigurations fall into the wider domain of errors that facilitate data leaks and cyber-attacks. These errors can be basic, like having default login credentials, or highly complex problems related to improper security settings for resources.
Cloud computing services are particularly vulnerable. Organizations continue to migrate their critical apps, data, and other services to the cloud to facilitate easier remote access, back up data, and reduce IT costs. It’s not difficult for hackers to find and exploit misconfigurations in the cloud. And since public cloud services are outside the network perimeter, firewalls don’t protect these breaches.
The Internet is chock-full of stories highlighting serious sensitive data exposures in public cloud services like AWS and Azure. One story highlighted how a UK-based penetration testing company found an unsecured Amazon storage bucket with 720,000 birth certificate applications for US residents. The misconfiguration was worryingly basic—there was no password protecting the cloud storage bucket.
The best protection for this is to run regular vulnerability scans and have a periodic penetration test.
4. Compromised Credentials
Compromised credentials remain a primary source of network infiltration that firewalls can’t do much to defend against. Poor password hygiene continues to pose problems for some businesses. Although challenging, even Multi-Factor Authentication (MFA) can be hacked with man-in-the-middle and session hijacking attacks.
Without MFA, hackers look for the tendency of people to reuse passwords across multiple services and systems. This makes it easy to purchase published lists of stolen credentials on the dark web from previous data breaches and simply reuse those credentials to log in to different systems.
Reduce this risk by enforcing strong password policies and using MFA where possible.
5.Unsecured Wireless Networks
The dangers of unsecured public or home Wi-Fi networks have dramatically increased since remote work became the norm. Many users set up their laptop devices so that they automatically connect to any available open network. Hackers may intercept sensitive information transmitted over unsecured networks without the firewall being able to do anything.
Another technique hackers use is to trick people into connecting to a Wi-Fi hotspot under the assumption that it’s a legitimate public Wi-FI network. These man-in-the-middle attacks provide Internet access, while everything the user does while connected is captured by the middleman. Most people sitting in their local Starbucks wouldn’t think twice about connecting to a fake network named “Starbucks Wi-Fi 1”, and this is what makes these attacks such low-hanging fruit.
Modern cybersecurity must be about defense-in-depth if businesses want to prevent threat actors from infiltrating their networks. Firewalls are part of the puzzle, but you can’t afford to neglect other vital strategies such as cybersecurity awareness training, endpoint security, and incident detection and response.
Security Pursuit provides a range of critical security services and solutions your business can use to create a formidable arsenal in today’s threat landscape. Contact us to learn more.