editor’s question
RIAAN
BADENHORST,
GM OF
KASPERSKY
IN AFRICA
T
he continued
evolution of
digital has
resulted in a
cyberthreat
landscape that
is becoming
increasingly difficult to navigate, with
cybercriminal activity growing in
numbers and sophistication.
Cybercriminals are using a variety
of different types of attacks to target
victims, making it critical for a business
to not only understand the threat
landscape, but to also keep on top of it.
A type of attack vector that remains
popular and easy to exploit, is that of
Domain Name Server (DNS) attacks,
poisoning or spoofing.
This is a type of cyberattack that exploits
system vulnerabilities in the domain
name server to divert traffic away from
legitimate servers and directs it towards
fake servers. The code of a DNS attack
28
often occurs via spam emails. These
emails attempt to frighten users into
clicking on the supplied URL, which in
turn infects their device.
Banner ads and images, both in emails
and untrustworthy websites, can also
direct users to this code.
Once infected, a user’s computer or
device will take them to fake websites that
are spoofed to look like the real website,
Dedicated
cybersecurity
training for a
business and its
employees around
the reality of such
attacks and how to
be a human firewall
to these plays an
important role.
which exposes them to risks such as
spyware, keyloggers or virus worms. This
type of attack redirects traffic bound
for the target corporation’s servers to a
cybercriminal’s own machines.
As a result, visitors to a company
website are taken to fake resources
that look authentic but have no filters or
protection systems.
Such attacks pose several risks to a
business, one of the most concerning
being data theft.
Financial services websites (such as
banking), as well as online shopping
websites, can easily fall victim to this
type of attack and this could result in
passwords and credit card or personal
information being compromised.
Furthermore, such attacks pose a
massive risk to the internal workings
and processes of an organisation. If fake
servers are successfully created, the
victim organisation loses contact with
the outside world. Mail is hijacked and
typically phones as well, given that many
businesses make use of IP telephony.
This greatly complicates both
internal response to the incident
and communication with external
organisations – DNS providers,
certification authorities, law enforcement
agencies and so on.
Eliminating DNS attacks or cache
poisoning can be difficult, as cleaning an
infected server does not rid a desktop
of the problem and clean desktops
connecting to an infected server will be
compromised all over again.
However, being fully prepared for such
attacks, leaning on cybersecurity threat
intelligence and a strategy aimed to
ensure that a business is focused on
prevention, detection, responding and
prediction, is key.
Furthermore, dedicated cybersecurity
training for a business and its employees
around the reality of such attacks and
how to be a human firewall to these
plays an important role.
Issue 16
|
www.intelligentciso.com