November 25, 2010

Businesses - corporate under attack!

It is interesting to note that malware specifically designed to target corporate information systems does not exist. The tools of the hackers’ trade remain the same regardless of whether the target is a private individual or a company, the only real difference is the scale of damage, so companies have to pay particular attention to their own protective measures. The cybercriminals are far more interested in attacking companies than private individuals as the potential rewards from such attacks are considerably higher. It is very rare indeed for a hacker or virus writer to work for nothing. Usually when they feel the need to put their professional abilities to the test they try to ensure that their efforts are duly remunerated. Hackers that attack companies generally do so for the following reasons:

  • To steal confidential information, including financial, with a view to profiting from its usage or resale,  for example, databases belonging to financial organizations 
  • To disable a company’s IT infrastructure with a view to extorting money from that company for returning its IT infrastructure to operational condition. Additionally, a hacker may want to do damage to a company’s reputation or interrupt their business processes by the use of DDOS attacks
  • To use the IT resources of one company for the purpose of attacking other companies.

Cybercriminals do not have to attack a whole organization to get their hands on financial or confidential information. It is much simpler to carry out an attack by targeting an individual victim in an administration or HR department where the level of computer literacy is usually fairly low

Methods of attack

How do cybercriminals gain access to corporate information? What vectors of attack do they choose?

The Structure of a typical corporate network
is usually much more complex than the one
displayed in the picture
Networks belonging to large enterprises with geographically diverse subdivisions have equipment located in different towns and sometimes even different countries, as well as hundreds of kilometers of communications cables. All this makes it very difficult to prevent unauthorized network access or the interception of confidential information transmitted over the network.

Hacking can occur on both private and publicly accessible sections of a network – usually the Internet. In such a case, the cybercriminal does not need to be physically near the hacked channel, using hackers tools and methods available on the Internet it is possible to hack a network remotely.
A hacker does not usually need
direct access to the target
computer within an organization:
these days attacks are carried out
remotely via the Internet

Probably the most popular method for infecting computers is via the use of programs called Trojans which infiltrate a target machine through malware links in spam, instant messaging, and the exploitation of vulnerabilities in different software applications.

Of all of the abovementioned methods of infection, it is the vulnerabilities in software that is one of the biggest problems within the corporate environment. Large corporate networks are made up of a huge number of component parts: workstations, servers, laptops, smartphones, all of which may operate under the control of a different operating system.

Another loophole used by the criminals is the multiplicity of staff and the resulting multiplicity of computer network users and access points. The larger the numbers of end-users and nodes, the more chance there is of an accidental oversight in security procedures or an intentional violation of security policy. Unfortunately, companies rarely do have all-encompassing security policies in place, thus the cybercriminals continue to actively abuse the situation and commit targeted attacks.

Education

One of the keys to successfully minimizing corporate attacks is to educate staff on a constant basis, and not just technical staff, but administrative staff too. Obviously, when a user has no real knowledge of the basic rules of computer security there can be no guarantee that hackers won’t be able to enter the corporate network. It is imperative to teach the staff to think twice and remain cautious.

5 comments:

Is there any enterprise level security to avoid these attacks

So is it that the methods to infiltrate are the same?

What exactly do you mean by DDOS attacks?

@PC Optimization: Denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. In general, a common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable.

@Windows 7 Support and PC Optimization: Yes, corporate security solutions/modules are available that allowing the centralized management of corporate network protection and information security. Protection of a corporate network is a round-the-clock, yearlong process, technical means of protection can include nullifying Wi-Fi signals, access control mechanisms, encryption systems, antivirus programs, firewalls, etc.

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

Twitter Delicious Facebook Digg Stumbleupon Favorites More