Cyber Security: Top 10 Online Threats [and How to Prevent Cyberattacks]
“There is a thin line between cyber security and business and we should find this exact line where both subjects are satisfied.”
Vladimir Atanasov | Senior Cyber Security Engineer | ScaleFocus
Many business people say, “My company doesn’t have anything to hide, so I do not care much about cyber security”. Actually, it is not about hiding… it’s about preventing cyberattacks. In the era of digitalization, protecting your business from cyberattacks is crucial. Company sensitive information and data needs to be well-protected by advanced cyber security solutions as to avoid undesired leakages and security breaches. Those, who fail to realize this on time are putting their business on the line, thus exposing their company assets to cyber attackers, who may harm their operations in both short and long-term.
In this blogpost, we will discuss top 10 online threats to cyber security, analyze how they may harm your business operations and give practical advices on how to prevent them.
1) Cyberattacks such as SQL, NoSQL, OS, LDAP injections
An SQL injection is one of the most common web hacking techniques, which may compromise your database. This type of cyberattack is the placement of malicious code in SQL statements, via web page input. The injection is one of the most dangerous issues for data confidentiality and integrity in web applications. It has also been listed in the OWASP Top 10 latest list of the most common and widely exploited vulnerabilities ever since its inception.
- User supplied data is not validated or sanitized by the web application. Not all input symbols should go into the back-end.
- User input is not validated or sanitized and is directly used or concatenated as part of SQL query command. That may lead to further compromise as data leakages.
What may happen?
- The cyber attackers may modify the “id” parameter value in their browser, which would in turn change the meaning of both queries to return all the records from the account table. More dangerous cyberattacks could modify or delete data or invoke stored procedures.
- Hostile data used in Object-relational mapping search prams to extract sensitive data.
How to prevent code injection cyberattacks?
- Perform regular source code reviews. Use source code analysis tools (SAST) and dynamic application test tools (DAST).
- Perform automated testing of all parameters.
- Use programming specific controls to prevent from mass records disclosure in the cases of an SQL injection.
- Perform input validations such as character escaping/sanitization.
2) Broken Cyber Authentication
Application authentication and session management are sometimes implemented incorrectly, which allows hackers to compromise passwords, keys, session tokens or even exploit identities. The goal of a cyberattack is to take over one or more accounts for the attacker to get the same privileges as the attacked user.
- User credentials are not properly protected.
- Login credentials are predictable and easy to guess.
- The system permits weak, well-known passwords, which makes it easier for the cyber attacker to exploit such a vulnerability.
- Session IDs are exposed in the URL.
- User sessions or authentication tokens are not properly invalidated during logout or after a specific period of time.
- Lack of multifactor authentication.
What way happen?
- Credential stuffing. This cyber attacker uses stolen account credential lists to gain unauthorized access through large-scale automated login requests.
- If a person is using a public computer to access an application and instead of signing out, the user simply closes the browser. The cyber attacker uses the same browser an hour later and gets authenticated.
How to prevent this type of cyberattack?
- Use multi-factor authentication. Businesses are advised to revise and consider password rotation and complexity requirements, as well as adding another factor for authentication.
- Implement weak-password checker.
- Warning message during log-in should be the same when user id and/or password are incorrect.
- Limit failed login attempts or lock the account for a certain amount of time if the user types the wrong password more than 3 times.
- Remove Session ID from the URL.
3) Sensitive Data Exposure
Sensitive data needs to be properly saved and protected as to avoid unexpected cyberattacks. With the introduction of GDPR, many companies are getting concerned about their sensitive information. Cyber attackers may steal or modify such data to conduct card fraud, identity theft and other cybercrimes, if reliable security measures are not in place.
- Data is transmitted or stored in plain text and not encrypted.
- You are using outdated cryptographic algorithms.
- The user agent (browser, mobile application) fails to verify if the received server certificate is a valid one.
What may happen?
- A cyber attacker may steal sensitive data and use it to perform fraud.
- If unsustainable encryption algorithms are used, this may lead to data exfiltration.
How to prevent your data from exposure to cyber attackers?
- Identify which data is considered sensitive as per governance framework and your business needs.
- Clear-out all sensitive data once you don’t need it anymore.
- Ensure strong algorithms, protocols and keys are in place.
- Encrypt all data with secure protocols such as Transport Layer Security (TLS) with perfect forward secrecy.
- Disable caching for responses, which contain sensitive data.
- Store passwords, using strong hashing algorithms.
4) XML External Entity Cyberattacks
Many outdated or poorly configured programs, which can read or process XML documents (XML processors) evaluate external entity references within the document. These types of cyberattacks are particularly dangerous since they can have a huge impact on internal files, which would in turn lead to disclosure of confidential data, denial of service, server-side request forgery or other system failures.
- The application accepts file uploads directly from untrusted sources and data.
- Some of the SOAP-based web services have Document Type Definitions (DTD), which is enabled through Windows Communication Foundation (WCF).
- If you are using SOAP prior version 1.2 is being used, it is likely to be susceptible to cyberattacks if file entries are passed to the SOAP framework.
What may happen?
- Cyber attackers may exfiltrate sensitive authentication data.
- The cyber attacker may compromise your server’s configuration.
- The cyber attacker may cause unavailability of service/system downtime.
How to prevent XML external entity cyberattacks?
- Developer training and awareness on possible cyber-attack methods.
- Implement white-listing input validation.
- Use static code analysis tools.
- Regularly update components, which turn out as vulnerable.
5) Broken Access Control
Restrictions on what authenticated users are allowed to do is often not properly enforced. Cyber attackers may exploit these flaws to gain unauthorized access to functionalities, data, sensitive documents and files.
- Bypassing access control checks by modifying URL, internal application state or the HTML page.
- Allowing the session token to be changed to another user’s record, which will enable them to view and edit someone else’s files.
- Missing authorization layer among the APIs.
What may happen?
- Cyber attackers may gain privileged rights to accounts.
- The cyber attacker can get access to sensitive information.
- The cyber attacker can get the rights to change/modify content.
How to prevent unauthorized access cyberattacks?
- Invalidate session tokens once the user is logged-out.
- Enable forced login/logout after a password change.
- Apply role-based access control to all resources.
- Access control models should enforce record ownership, rather than accepting that the user can create, read, update or delete any record.
6) Security Misconfiguration
In some cases, deadlines and pushy clients put a lot of pressure on development teams. Time is ticking away, and you need to finish that project soon. When such situations occur, engineers rush into finish setting-up a system with all components to ensure functionality and tend to overlook on security. Insecure default configurations, incomplete or ad-hoc ones as well as misconfigured HTTP headers may open the doors for cyber attackers.
Security misconfiguration loopholes:
- Improperly configured services.
- Enabled default accounts and passwords.
- Outdated and/or vulnerable systems and server components.
What may happen?
- Cyber attackers may gain privileged access to services.
- The cyber attacker will have access to sensitive information.
- The cyber attacker will have the rights to change/modify any file.
- The cyber attacker may perform reverse engineering by listing available folders or downloading complied code.
- The attacker may cause service disruptions or system unavailability.
How to prevent security misconfiguration cyberattacks?
- Avoid unnecessary feature installations.
- Verify the effectiveness of the configuration and settings in all environments.
- Harden and automate processes which make it easy to deploy another environment with good security features.
- Review and update security of configurations.
7) Cross-Site Scripting (XSS)
In the case of cross-site scripting, the cyber attacker can insert or update untrusted data in a given webpage, without going through proper validation first. Scripts, inserted by the attacker get executed in the browser and may steal sensitive information.
Types of Cross-Site Scripting Attacks:
- Reflected XSS – The web application displays unvalidated user input as part of the page. This may allow cyber attackers to execute arbitrary code in the victim’s browser.
- Stored XSS – Application components store not validated user input, which can be recalled and executed later by another user.
- DOM XSS – The attack payload is executed as a result of modifying the DOM environment in the victim’s browser.
What may happen?
- Cyber attackers may receive the user’s session ID, which will allow them to take over the user’s current session
- Cyber attackers will gain access to the user’s account and steal sensitive data.
- Cyber attackers will have the rights to change/modify files while he is logged in the user’s account.
How to leverage cyber security to prevent cross-site scripting cyberattacks?
- Use frameworks which have a higher level of XSS detection.
- Validate all client input data.
- Consider Content Security Policy (CSP).
8) Insecure Deserialization
Tampering object serialization may become an online threat, which occurs when untrusted data is used to abuse the logic of an application. This often leads to remote code execution, which can further enable injection cyberattacks, executed by hackers.
Examples of Insecure Deserialization
- Altering cookie objects – Access control related cyberattack, which may result in session hijacking.
- User state serialization – Object and data structure related cyberattacks can execute remote code or modify data logic.
How to leverage cyber security to prevent insecure deserialization cyberattacks?
- Implement integrity checks for serialized data.
- Log deserialization exceptions and failures.
- Restrict and monitor incoming and/or outgoing from system components, which deserialize.
9) Components, with known vulnerabilities
When components, such as libraries, frameworks, modules, with well-known vulnerabilities are used by an application, this may lead to serious security gaps, which would further enable cyber attackers to cause breaches or system takeovers.
- Used software is vulnerable or out-of-date.
- The underlying platform, frameworks, dependencies are not upgraded or fixed, when needed (known vulnerabilities, enhanced defensive mechanisms).
- Software and system engineers fail to test the compatibility of updated, upgraded or patched libraries.
What may happen?
- Execution of arbitrary code on the system may be enabled.
- Cyber attackers may take over the application or its infrastructure.
- Total/partial system unavailability.
How to bridge security gaps related to components?
- Remove unused dependencies, unnecessary features, components and files.
- Continuously maintain software versions, libraries and security patches.
- Obtain components only from their official corresponding sources.
10) Logging and Monitoring
Inefficient logging and monitoring, combined with ineffective integration with incident management may result in cyber attackers exploiting systems, exfiltrating data or causing service unavailability.
Your application is at risk if:
- Logs are not monitored for suspicious activities.
- Logs are stored locally, rather than in a centralized location.
- Important events, failed login attempts, and other suspicious activities are not logged.
- No log monitoring system is applied to raise alerts and detect cyber-attacks in real time.
What may happen?
- The cyber attacker may succeed in hacking a component while remaining unnoticed for a long period of time.
- The application is unable to detect, escalate, or alert for active cyberattacks in real time or near real time.
- Warnings and errors generate far too generous log messages to the clients.
How to leverage cyber security to prevent logging cyberattacks?
- Ensure extensive logging and monitoring of all important events in your systems.
- Implement centralized log monitoring and correlation system.
- Establish effective monitoring and alerting capabilities.
- Adopt cyber security incident management (incident response and recovery plan).
Conclusion: Why do you need cyber security?
Cyber incidents are avoidable. Although there is no guarantee you will never suffer from a cyber incident, there are some things you can do to seriously lower your risk. Ensure long-term business protection by securing your systems in advance. Cyber attackers can be unpredictable and may strike when you least expect them to. Take the proactive approach and follow our advices on how to keep your company safe.