Advanced attacks like zero day exploits and man in the middle attacks may grab headlines, but if you work on an IT service desk you’re probably aware that most organizations are more vulnerable to older, relatively low-tech attacks.
While every organization should thoroughly assess what its real vulnerabilities are and address them, focusing too much effort on advanced attacks is like buying the most high-tech home security system and then leaving the doors unlocked.
Here’s why you shouldn’t be complacent about simpler, tried-and-true attacks.
Old Attacks Delivered in New Ways
The rise of social media and mobile computing have given hackers new ways to deliver old threats. Spear phishing is one example. This is a type of phishing attack focused on a single user or department purporting to be from someone in a position of trust. The attacker requests information like login credentials and then gains entry to secured networks. Who in your organization would come across as being in a position of trust to request information? The IT service desk, for one. Make sure end-users are educated about this type of attack.
Advanced Persistent Threats May Not Be So Advanced
The advanced persistent threat isn’t necessarily “advanced” in terms of how the attacker gains access. After a period of reconnaissance, attackers generally break into networks using social engineering techniques or innocent-seeming files shares and SharePoint sites. Mitigating these risks doesn’t have to be high-tech either, but should involve monitoring the authentication process, monitoring data access patterns, and educating end-users about social engineering techniques.
Zero Day Attacks Are Scary, but Not Necessarily Your Greatest Threat
Zero day attacks happen when attackers find flaws and vulnerabilities in major software systems before the software makers do, which means you could fall victim to such an attack even if you’ve been diligent about installing patches and upgrades. However, attackers aren’t going to go to the trouble of developing a zero day attack if they can gain access some other way, just like burglars aren’t going to break a window if you’ve left your back door unlocked. So while you should be aware of these attacks and ensure your IT service desk stays on top of patches and upgrades, attackers often use simpler methods to access systems.
A Java or Adobe Exploit More Likely than Man in the Middle Attack
When man in the middle attacks happen, they usually make headlines, because they’re scary. In this type of attack, the attacker is able to impersonate each endpoint of a line of communication between two victims, making them believe they are communicating with each other, when in fact the attacker is intercepting all their messages. Security firm FireEye recently examined the 1,000 most popular free Android apps on Google Play and found that the majority had SSL vulnerabilities that made them open to man in the middle attacks. This is yet another risk BYOD policies must try to address.
But as scary as man in the middle attacks are, Marc Maiffret, CTO at BeyondTrust, Inc. tells TechTarget, “At the end of the day, as much as it’s talked about, your average business is getting compromised because of Java, because of Adobe, because of some unpatched Windows vulnerability, versus some super sophisticated man in the middle attack.”
Windows XP: EMET Helps Some, but You Should Upgrade Already
If you still have machines that use Windows XP, and those machines have to go online, you face increased vulnerability. Take steps like only going online through a user account (and not an administrator account), and if possible, separating these machines from the rest of your network. The free Microsoft Enhanced Mitigation Experience Toolkit (EMET) is available for XP Service Pack 3 and above, and can provide additional protection for designated software. It doesn’t guarantee against an attack, and there are incompatibilities with some software, but it makes it more difficult for attackers to exploit XP machines.
When it comes to attackers, the IT service desk is much more likely to have to cope with age-old threats rather than frightening and sophisticated new ones that make headlines. While of course you should be aware of the threat landscape, don’t focus on newer, more intricate forms of attack while forgetting about old fashioned social engineering and attackers getting in due to lack patch and upgrade practices.
When your IT service desk is powered by Samanage, your help desk software is patched and upgraded automatically, because it’s a cloud solution. Moreover, Samanage has powerful risk detection features, like automatic scanning for unauthorized software usage, and a risk compliance performance solution that lets you resolve problems before they can impact your network.
About Tye Graham
Read more articles by Tye