Five Threat Vectors in the Enterprise Space

The internet may still be a wild frontier in many ways, but the last thing you want is a walk on the wild side when it comes to your digital assets. While the world is still learning how to deal with many of the dark forces of the internet, cybercriminals are constantly finding new ways to up their game against unsuspecting or undereducated targets — including your staff and colleagues.

To understand web security, we must first understand the most common attack vectors — how they work, what they look like, and the risks they pose. Attack vectors are the paths and methods threat actors use to breach your security and gain unauthorized access to your systems. An effectively exploited vector may reveal sensitive data or inject malignant payloads into your applications.

Symptoms of common low-level breaches include:

• Defaced or altered content
• Suspicious pop-up windows
• Illicitly uploaded malware 
• Phishing emails sent from a trusted source

Now, let’s look at the most common threats and how to deal with them.

1. Malware

Malware comes in many forms. There’s spyware that steals information about systems and users. Infostealers can grab your browsing history and session cookies. Some take screenshots of your activity or use your camera and microphone to spy. Keyloggers are a particularly problematic type of malware designed to steal passwords and intercept private communication.

Ransomware locks companies out of their IT systems while the criminals deploying it demand payment. This type of malware may also steal or fabricate sensitive data about you and threaten to publish it if you don’t pay a certain amount within a specific timeframe. Advanced ransomware uses a cryptoviral extortion method, encrypting your files in complex ways that may be impossible to reverse without the decryption key.

Trojans hide inside ordinary apps and infect your system, much like the Trojan horse of Greek myth. They may also install additional spyware and create backdoors for future attacks. Unlike viruses, Trojans don’t self-replicate.

Viruses usually infect application code or their files, which they use to self-replicate and infect other systems. Others go straight for the master boot record on a computer. Then, when the malware loads, it has total control. Viruses can also disguise themselves by mimicking your files or hijacking anti-virus software.

Polymorphic viruses encrypt and decrypt themselves in cycles. As the virus copies itself, it invents new encryption and decryption routines to stay hidden.

Worms are self-contained programs that don’t need host files and are typically spread through email attachments. Open this can of worms and it will spam your contacts with copies of itself. Worms can cause serious damage to systems by overloading them in a denial-of-service (DoS) attack.

2. Denial of Service – DoS and DDoS Attacks

Denial-of-service attacks aim to crash servers by overloading them. 

Distributed denial-of-service (DDoS) attacks are massive attacks launched from multiple machines simultaneously. They are usually the work of botnets, but manual DDoS attacks orchestrated by individuals also happen.

These attacks aim to take down your site or enterprise applications by preventing users from accessing them. Sometimes, an attacker can target your internal systems, including phones and printers. DDoS attacks can also temporarily open up other attack vectors. For example, session hijacking may accompany a DDoS attack.

You may be wondering, "How do I mitigate DoS attacks?" Here are some tips.

One of the first vectors to check is TCP SYN flooding. First, increase the connection queue size and shorten the open connection timeout. Then, configure a firewall to block incoming SYN packets.

The ping-of-death (PoD) attack is a type of DDoS attack that uses unusually large packets to choke a web server. A firewall that limits the size of fragmented IP packets can prevent PoD attacks.

A Smurf attack is a DDoS amplification that exploits broadcast networks. It takes its name from the cartoon family of small gnome-like characters because it uses many small sources of bad requests to overwhelm a larger system. You can mitigate Smurf attacks by blocking directed broadcast traffic and setting hosts and routers to ignore ICMP echo requests.

Some general protection against botnets is also necessary. Blackhole filtering redirects the undesirable traffic to a dead-end before it overwhelms the targeted system. Ingress filtering helps to prevent spoofing by verifying that packets come from legitimate addresses.

3. Phishing and Spoofing

Human error often plays a supporting role in many attack vectors. A deceptive attacker may trick legitimate users into giving them critical access to a targeted system.

Phishing refers to texting, emailing, or calling people and pretending to be a trusted individual or organization. Phishing typically aims to steal passwords or accounting information, but it may also deliver malicious payloads or break into a protected system.

In enterprise contexts, spearphishing is a serious threat. An attacker engaged in spearphishing will carefully study your company to find weak links and learn how to manipulate them. Through email and IP spoofing, attackers can falsify the sender's information so it looks like their messages come from inside your company or an affiliate. They may use cloned or compromised websites to add to their credibility and trick targets into revealing sensitive information such as passwords and credit cards.

The best way to counter these threats is to educate your teams with enterprise security best practices:

• Critical Thinking: Always pay attention and look for signs of impersonation. Poor English, low-res signatures, and unusual or improbable names are usually dead giveaways. However, AI tools are making these telltale signatures less common. 
• Link Inspection: Before clicking a link, you should always hover above it to see where it leads and determine if it seems reliable.
• Header Analysis: Check if the email "Reply-to" and "Return-Path" headers point to the same expected domain.
• Marking Emails: By placing timestamps or nonces (random, changing numbers) on all company emails and inspecting the nonces before interacting with an email sent to you, you can avoid replay attacks where attackers copy old messages to deceive people.
• Data Encryption: Encrypting sensitive data protects you against most forms of eavesdropping and spoofing.

4. Password Theft

Threat actors can steal passwords in several ways. They may install a keylogger on targeted systems or trick people into revealing passwords. Social engineering or USB devices can also compromise physical security in public places. 

Cybercriminals more commonly resort to various forms of systematic automated guessing. A typical example is brute-forcing, which uses a random or simple logic pattern to guess passwords. Dictionary attacks use indexes of common passwords and encryption patterns to guess passwords more efficiently.

You can defend against these attacks with an account lockout policy so that repeated incorrect inputs will lock the account. Two-factor authentication also stops most breach attempts. 

5. Man in the Middle

Man-in-the-middle (MitM) attacks occur when the attacker gets between the server and client communication. This can happen in several ways.

During session hijacking, attackers may steal session cookies passed between trusted clients and networks. (Session cookies verify a user is logged into an account.) 

Attackers may also use an active hijacking scheme to communicate with two parties and relay information between them under false pretenses. This allows the attackers to spy on users and steal their passwords.

The best defense against MitM attacks is a combination of data encryption and digital certificates.

General Web Security Best Practices

A strong foundation of overall preparedness is important for defending against all attack vectors: 

1. Keep all software up to date and install every new security patch as soon as possible. Continuous malware scanning is essential to keeping the problems at bay.
2. Get rid of any software and plugins that you don’t use.
3. Leverage cloud security for safer storage.
4. Use whitelists to limit the software, websites, ports, and email contacts allowed on your network.
5. Use firewalls between your networks.
6. Train your team to take responsibility for security and think critically about potential threats. 
7. Implement a least privilege policy to minimize risks. The principle of least privilege (PoLP) refers to a security concept in which users should be given only the minimum levels of access—or privilege—they need to do their work.
8. Make backups of critical data so that you can easily roll back and keep going if something breaks your system

Meet Challenges Head-On

Understanding common threats and their attack vectors may seem challenging at first. Fortunately, there are a finite number of attack types, and most fall into a few standard classifications that are well-understood and monitored yearly for changes and trends. See, for example, the helpful OWASP Top Ten list of threats to web applications.

Considering the range and variety of attack vectors will help you develop a big-picture view or "threat model" that you can internalize and use to harden your defenses. 

At Multidots, we know the importance of securing every aspect of WordPress in the context of enterprise web application development and support. We can ensure that your hosting environment, publishing platform, and digital assets follow the best security standards and practices. We can help monitor your WordPress platform for threats and vulnerabilities — and neutralize them when they emerge. Your web presence should serve your company’s health and growth, not create drag and increase risk.

For more information regarding the security and longevity of your enterprise, contact us today to find out how Multidots can help. Our engineers understand how to build secure-by-default and resilient systems that are hardened against all threats. Our goal is to build and sustain your web presence as a revenue-generating powerhouse.