Attacks on enterprise networks are becoming increasingly common. There are many different methods of enterprise attacks: viruses, worms, Trojans, denial-of-service attacks, session hijacking, and social engineering.
Viruses are malicious code that executes by reproducing itself and infecting other programs, files, and directories through modification. Viruses can spread through systems and inadvertently take up hard drive space. They can slow computer processing speeds and affect user access. Although viruses can sometimes access confidential information and spam users through pop-ups or emails, not all viruses carry a destructive payload.
Worms, similar to viruses, replicate to transfer throughout a network, but in many cases do not carry malicious payloads. Worms use the existing network infrastructure to spread, and they bring about issues and damage to network systems by creating "backdoors." Worms are different from viruses in that they do not need to attach themselves to executable code or programs. Because worms spread through vast networks, they also use a large amount of bandwidth and can effectively slow networks. Some famous worms include the Conficker, Morris, and Mydock.
Trojans are malware that mislead users into believing that they are using legitimate software. Trojans can be used for destructive purposes such as modifying and corrupting files and data on the infected computer, identity theft, or spying by installing keystroke logging or compromising user webcams.
Denial-of-service (DoS) attacks are launched to deny users from accessing services such as the internet or certain applications. The main method to launch DoS attacks is by flooding the targeted system with an enormous number of requests. Unable to cope with the relentless assault, servers become busy and cannot respond to legitimate authentication or access requests. A modification on the classic DoS attack is the distributed denial-of-service attack (DDoS), where the attacker can use many different source IP addresses to launch requests.
Session hijacking involves taking over a legitimate computer session through the use of unverified cookies, cross-site scripting vulnerabilities, or other malware. Attackers can guess responses of two communicating machines to intercept, translate, and participate in communications.
Social engineering exploits are commonly used to attack or discover information about an enterprise. Social engineering uses knowledge about human nature and in some cases, personal details about targets to manipulate people for access and information regarding the enterprise. Social engineering can involve complex endeavors such as using publicly available information to target and pressure high-ranking personnel at organizations to obtain sensitive information. This is known as whaling.
In other cases, social engineering can be the simple act of just walking in behind someone holding the door open; this is known as tailgating. One of the most known social engineering attacks is the attempt to trick users into opening malicious emails or links, known as phishing.
Overall, there are several different attack vectors on enterprise networks, and they are advancing in complexity and subtlety. Organizations must use comprehensive defense-in-depth strategies and create sound cybersecurity practices to be better protected.
Resources
Required
- Guide to Malware Incident Prevention and Handling for Desktops and Laptops
- What Is a Trojan Horse Virus?
- Session Hijacking
- Learn Ethical Hacking and Session Hijacking on Pluralsight
- ASP.NET Session Hijacking With Google and ELMAH
- Threats in Borderless Networks: See DoS and DDoS
- Internet Worms
- Multilevel Modeling of Distributed Denial-of-Service Attacks in Wireless Sensor Networks
- How Do Worms Work?