Blog & Tools

Like burglars, cyber thieves look for openings to exploit

Cyber Threat Landscape Report

In some ways, cyber thieves are like old-fashioned, neighborhood burglars.

“It’s like the bad guys ring every doorbell to see if anybody’s home,” said Theron McChesney, supervisor of business intelligence at SDN Communications. “Then they’ll check to see if the door is open. If it’s open, they just go in.”

Of course, burglars in the computer underworld checking for openings to networks typically enjoy a cloak of anonymity. However, their attempted intrusions in the Sioux Falls region were quite evident during the first quarter of 2018.

Four of the top 10 forms of attacks that SDN Managed Firewall Services detected were port scan attacks. In such attacks, hackers look for and explore open channels in servers and other programs for information or to assist in future attacks.

“Be aware of attackers analyzing your network for potential vulnerabilities through open ports and services. Investigate which ports are available within your network and review if they should be accessible or not,” SDN cybersecurity experts warn in the company’s Cyber Threat Landscape Cybersecurity Intelligence Report for Jan. 1 through March 31.

The quarterly report summarizes the cyber threat information SDN’s Managed Firewall and Managed DDoS Protection services gathered during the first three months of 2018.

During the quarter, the devices flagged nearly a third of all client firewall traffic as malicious or as spam.

The threat report reminds businesses and organizations to update their systems regularly to reduce the potential for loss. Skilled and lucky hackers can find out about weaknesses in software and exploit vulnerabilities even before fixes become available. Even so, well-maintained, up-to-date firewalls provide a critical line of defense.

The general purpose of a firewall is to determine what kind of traffic to block and what traffic to allow. SDN works with its Managed Firewall customers to initially set the traffic-policy configuration and then continues to manage those settings to make sure they’re appropriate for the business, McChesney said.

Report findings indicate that DDoS-style attacks also remain popular in the region. In Distributed Denial of Service incidents, attackers unleash large volumes of malicious traffic to disrupt or disable a targeted computer network or program. If pranksters or criminals lack the expertise to create an attack on their own, the culprits can buy DDoS attacks anonymously on the Dark Web.

The first-quarter threat report found of all the DDoS attacks in the region, multi-vector attacks were especially prominent. DDoS attacks of any type present a challenge for the defense but combining attack methods makes that even greater. For example, an attack designed to consume bandwidth can be combined with an attack directed at a specific protocol or one designed to exploit a specific weakness.

“Multi-vector attacks are difficult to mitigate. A layered DDoS defense provides proactive detection and mitigation whether it’s a straightforward volumetric attack, a protocol-based attack, or a stealthy application-style attack,” according to the report.

The number of DDoS attacks identified in the Sioux Falls region during the first quarter of the year increased by more than 50 percent from the same quarter in 2017.

“The solution to any of these DDoS attacks is to have a mitigation service that can detect attacks and prevent them from impacting your business,” McChesney said.

The Cyber Threat Landscape is a free report that is published online every three months.

Learn more about the exact increase in DDoS attacks, their size and how long they lasted, as well as the types of malicious content SDN’s Managed Firewalls prevented from reaching businesses by visiting the Cyber Threat Landscape Report Archive.

For additional information about threat-mitigation services for your business or organization, call an SDN account executive at 800-247-1442.