Intelligent CISO Issue 16 - Page 28

editor’s question RIAAN BADENHORST, GM OF KASPERSKY IN AFRICA T he continued evolution of digital has resulted in a cyberthreat landscape that is becoming increasingly difficult to navigate, with cybercriminal activity growing in numbers and sophistication. Cybercriminals are using a variety of different types of attacks to target victims, making it critical for a business to not only understand the threat landscape, but to also keep on top of it. A type of attack vector that remains popular and easy to exploit, is that of Domain Name Server (DNS) attacks, poisoning or spoofing. This is a type of cyberattack that exploits system vulnerabilities in the domain name server to divert traffic away from legitimate servers and directs it towards fake servers. The code of a DNS attack 28 often occurs via spam emails. These emails attempt to frighten users into clicking on the supplied URL, which in turn infects their device. Banner ads and images, both in emails and untrustworthy websites, can also direct users to this code. Once infected, a user’s computer or device will take them to fake websites that are spoofed to look like the real website, Dedicated cybersecurity training for a business and its employees around the reality of such attacks and how to be a human firewall to these plays an important role. which exposes them to risks such as spyware, keyloggers or virus worms. This type of attack redirects traffic bound for the target corporation’s servers to a cybercriminal’s own machines. As a result, visitors to a company website are taken to fake resources that look authentic but have no filters or protection systems. Such attacks pose several risks to a business, one of the most concerning being data theft. Financial services websites (such as banking), as well as online shopping websites, can easily fall victim to this type of attack and this could result in passwords and credit card or personal information being compromised. Furthermore, such attacks pose a massive risk to the internal workings and processes of an organisation. If fake servers are successfully created, the victim organisation loses contact with the outside world. Mail is hijacked and typically phones as well, given that many businesses make use of IP telephony. This greatly complicates both internal response to the incident and communication with external organisations – DNS providers, certification authorities, law enforcement agencies and so on. Eliminating DNS attacks or cache poisoning can be difficult, as cleaning an infected server does not rid a desktop of the problem and clean desktops connecting to an infected server will be compromised all over again. However, being fully prepared for such attacks, leaning on cybersecurity threat intelligence and a strategy aimed to ensure that a business is focused on prevention, detection, responding and prediction, is key. Furthermore, dedicated cybersecurity training for a business and its employees around the reality of such attacks and how to be a human firewall to these plays an important role. Issue 16 |