What is cyberthreat protection?
Cyberthreats are various types of malicious software (malware) that have the potential to infiltrate computer systems or networks for the purpose of disrupting services, stealing data, and, above all, making money for the attackers.
So, cyberthreat protection is an array of security solutions designed to defend systems and networks against cyberthreats.
Evolution of cyberthreats
As the world of computing has grown, so have the types of threats. A computer worm called Creeper, which traveled between Tenex terminals, was one of the earliest threats. It printed the message “I’M THE CREEPER: CATCH ME IF YOU CAN.”
In those early days, attacks were mostly carried out by individuals or small groups for the purposes of bragging rights as much as anything else. They were a nuisance and it probably took IT teams some time and money to get rid of them. By today’s standards, they were quaint.
Cyberthreats have come a long way since then. Solitary hackers have been replaced by organized crime networks, state-sponsored cabals, and well-funded gangs, all looking for ways to profit from cybercrime. And their attacks have come a long way, too, with those simple computer worms replaced by sophisticated programs that can carry out a variety of nefarious activities, often without detection. Let’s take a look at some of the tools in a cybercriminal’s attack arsenal:
- Ransomware is a form of malware that blocks access to a victim’s data and files, usually through encryption, until the victim agrees to pay a specific sum of money.
- Browser exploits allow attackers to take advantage of a vulnerability in an operating system and change a user’s browser settings without that user’s knowledge. Attackers use them to harvest user credentials, deliver ransomware, execute malware, install malicious crypto mining software, and elevate privileges.
- Malware is a general term for malicious software designed to cause damage to a computer, server, or network. There is a wide variety of malware types, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, and others. Malware is often installed upon successfully exploiting vulnerabilities or via social engineering attacks and its code may include a variety of techniques to evade detection and spread.
- Advanced persistent threats (APTs) are attacks in which an unauthorized person gains access to a network and stays there undetected. APTs are “advanced” because they use malware that can bypass or evade many types of security protections. They are “persistent” because, once on the network, the malware is in regular communication with command-and-control (C&C) servers to which it can send stolen data or from which it can receive instructions.
- Phishing is the act of luring email recipients and web users into providing private information, such as credit card numbers, by posing as a legitimate business. For example, a user may receive an email from what appears to be from Bank of America, asking the user to log in for an important update about a transaction. Once the victim does so, the attacker now has the victim’s login credentials and banking access. Just a few years ago, these spoofed websites and emails were easy to spot, but now they are barely distinguishable from the genuine sites.
- Domain squatting refers to registering a top-level domain that is similar to a known brand for phishing, stealing credentials, or serving malware. A good example is something like gmali.com. Unless the user looks closely, an email from this address might appear to be a legitimate message from Gmail, perhaps with a security warning that prompts the user to visit a malicious website.
- Homograph attacks use tactics similar to domain squatting. International domain name (IDN) homograph attacks are used to trick people into clicking on links that appear to be those of legitimate sites by using characters that look like others, such as using the numeral “1” instead of an “l” in the Apple URL (https://www.app1e.com) or using a “0” (zero) instead of a capital “O” in Olive Garden (https://www.0liveGarden.com).
External factors and security-specific threats are converging to influence the overall security and risk landscape, so leaders in the space must properly prepare to improve resilience and support business objectives.
When a cyberthreat becomes an attack
So, what happens if one of these cyberthreats somehow makes its way into your organization? The attack typically starts with the initial delivery vector, such as a phishing email with an exploit or malware hidden inside. The malicious file is delivered when a user downloads it or clicks on a link to it in the email. Next is exploitation, where the program looks for vulnerabilities in the system it can exploit to execute the code. Installation is next, where the malware is loaded onto the victim’s machine. Callback is the next step, where the malware payload attempts to communicate with C&C servers. The final step is detonation, where malware installs additional malware, exfiltrates data, or performs any other action programmed by the C&C server.
The best defense against cyberthreats
Certain industries and businesses represent the most valuable targets for cyberthreats due to the sensitivity of their data or their perceived ability to pay larger ransoms. However, all organizations should be aware of preventive measures to take as these attacks become more prevalent.
Legacy security approaches with stacks of hardware-based appliances housed in the data center can’t adequately protect organizations from today’s advanced cyberthreats. Organizations can’t update these devices quickly enough to keep up with the ever-changing threat landscape. And organizations can’t replicate this security stack at branch offices or have it follow remote employees who are working from just about anywhere.
A cloud-native platform provides the cyberthreat protection needed by today’s digital organizations. But not all cloud platforms are built the same. It must be purpose-built for the cloud, not a virtual instance of security appliances as these suffer from the same limitations as their counterparts in the data center—an inability to follow users, bandwidth and performance issues, and an inability to scale to user demand.
To provide effective protection in the battle against cyberthreats, a cloud-native platform should integrate the following features:
- Cloud firewall: Protects users from reaching malicious domains and provides granular controls to detect and prevent DNS tunneling.
- Intrusion prevention system (IPS): Monitors a network for malicious activities, such as policy violations or security threats, including botnets, advanced threats, and zero-days. Inspects all encrypted traffic to discover and block hidden threats.
- Sandbox: Prevents corrupted files from executing on a user’s device. Suspect files are copied onto a virtualized operating system, which are then executed to look for malicious behaviors.
- Browser isolation: Keeps content on malicious websites from reaching a user’s device or corporate network. Instead of downloading content served by a webpage, only a safe rendering of pixels is delivered to the user so any hidden malicious code is kept at bay.
So, how well are you protected against cyberthreats? See for yourself with a free Internet Threat Exposure Analysis.