Attacks to Enterprise Networks

Attacks on enterprise networks are becoming increasingly common. There are many different methods of enterprise attacks: viruses, worms, Trojans, denial-of-service attacks, session hijacking, and social engineering.

Viruses are malicious code that executes by reproducing itself and infecting other programs, files, and directories through modification. Viruses can spread through systems and inadvertently take up hard drive space. They can slow computer processing speeds and affect user access. Although viruses can sometimes access confidential information and spam users through pop-ups or emails, not all viruses carry a destructive payload.

Worms, similar to viruses, replicate to transfer throughout a network, but in many cases do not carry malicious payloads. Worms use the existing network infrastructure to spread, and they bring about issues and damage to network systems by creating "backdoors." Worms are different from viruses in that they do not need to attach themselves to executable code or programs. Because worms spread through vast networks, they also use a large amount of bandwidth and can effectively slow networks. Some famous worms include the Conficker, Morris, and Mydock.

Trojans are malware that mislead users into believing that they are using legitimate software. Trojans can be used for destructive purposes such as modifying and corrupting files and data on the infected computer, identity theft, or spying by installing keystroke logging or compromising user webcams.

Denial-of-service (DoS) attacks are launched to deny users from accessing services such as the internet or certain applications. The main method to launch DoS attacks is by flooding the targeted system with an enormous number of requests. Unable to cope with the relentless assault, servers become busy and cannot respond to legitimate authentication or access requests. A modification on the classic DoS attack is the distributed denial-of-service attack (DDoS), where the attacker can use many different source IP addresses to launch requests.

Session hijacking involves taking over a legitimate computer session through the use of unverified cookies, cross-site scripting vulnerabilities, or other malware. Attackers can guess responses of two communicating machines to intercept, translate, and participate in communications.

Social engineering exploits are commonly used to attack or discover information about an enterprise. Social engineering uses knowledge about human nature and in some cases, personal details about targets to manipulate people for access and information regarding the enterprise. Social engineering can involve complex endeavors such as using publicly available information to target and pressure high-ranking personnel at organizations to obtain sensitive information. This is known as whaling.

In other cases, social engineering can be the simple act of just walking in behind someone holding the door open; this is known as tailgating. One of the most known social engineering attacks is the attempt to trick users into opening malicious emails or links, known as phishing.

Overall, there are several different attack vectors on enterprise networks, and they are advancing in complexity and subtlety. Organizations must use comprehensive defense-in-depth strategies and create sound cybersecurity practices to be better protected.

Check Your Knowledge

Choose the best answer to each question:
Question 1
There is an enormous amount of requests being directed at the network and users cannot access services. What type of attack is occurring?
Question 2
______________ is/are malware that misleads users into believing that they are using legitimate software.
worms
Trojans
rules of engagement
denial of service
Question 3
What type of attack primarily exploits humans to gain access to the network?
Question 4
Which of the following are social engineering attacks? Select all that apply:
whaling and tailgating
phishing, tailgating, and nailing
nailing and phishing
whaling, phishing, and tailgating