Posted October 04, 2020 06:25:16A cyberattack against a company or an organisation can be devastating.
When a hacker has gained control of a company system or an IT network, they can use their ability to compromise an organisation’s information to steal confidential information.
But what should you do if your company or organisation is targeted?
According to a recent vulnerability scan, security researchers from Kaspersky Lab have identified some of the most common ways a cyber-attack could take place.
The first is when an attacker compromises the IT network of a system or organisation, the second is when a hacker breaches the network of an organisation that has a security policy that allows the access of the network, the third is when they break into a network through an insecure channel, such as a proxy server or VPN, and the fourth is when the attacker compromises a system through an unpatched vulnerability in a third-party application.
The researchers identified the most prevalent threats in the data centres, where they said they were most commonly used.
In a typical scenario, an attacker could compromise a company and then install a malicious backdoor in the system, or use an untrusted network service or exploit the same vulnerability in the same system.
In the worst-case scenario, the attack would result in the theft of sensitive data, such in credit card information, passwords, bank account details and personal data.
While there are a number of other ways to compromise a business network, one of the easiest is through a vulnerability in an unmodified version of the software.
This vulnerability is known as an unauthenticated remote code execution vulnerability (URLV).URLV vulnerabilities are the most dangerous, because the attackers are able to remotely execute malicious code and gain access to systems without the need for the users’ knowledge.
The Kaspersk Lab researchers say a hacker could access a server using an un-authenticated network access point (NAT) or a reverse proxy server.
They said an attacker would then have the ability to run arbitrary code on the system and then use the system to exploit the vulnerability.
The exploit would then take the user’s information, such personal data, passwords or bank account numbers, and then send it to the attackers’ servers.
The attacker could then gain administrative access and run malicious code on it.
A second way to compromise the data centre is through the use of a malicious file.
A malicious file could be an application or a file, which can then be used by an attacker to bypass security settings or even access the system.
The malicious file can also be used to execute arbitrary code.
The attackers could then use this file to perform administrative actions on the computer, which would result, according to the KaspersKLab researchers, in the denial of service (DoS) attack.
The authors said they also identified the least common types of vulnerabilities, such an exploit in a software package or a vulnerability with a vulnerability that could not be exploited in any way.
Kaspersky said the most likely vulnerability is a vulnerability introduced in versions of Microsoft Word and Outlook prior to 2016.
Other common vulnerabilities include an unsecured remote code access vulnerability, an unencrypted remote code-execution vulnerability and a security issue that could allow an attacker (or malicious third-parties) to steal the private information of users.
While Kasperska has identified the majority of the vulnerabilities, the researchers said there were some vulnerabilities that they were not able to test due to the complexity of the vulnerability and the fact that there were not many third- party apps.
The report can be downloaded from the Kapersky Labs website here: https://kasperskylab.com/blogs/security/reports/2018/10/05/security-scanning-tool-for-enterprise-security-finance-insurance-insurer/