What does a cyber attack look like?
Cyber security is never far from the headlines these days, and it’s something we at F5 Networks take incredibly seriously. We are of course committed to making sure our customers can always securely access their data and applications from any location and any device; that’s a must in today’s business. That’s the reason we bought Versafe, an acquisition you can read more about here. But while a lot of the recent headlines about cyber security have made for very scary reading, we thought we’d offer some practical advice. We’ve previously written about profiling a cyber attacker so I thought this time we’d take a look at what a cyber attack may look like and how attacks like this can and do take place, with a focus on Versafe’s areas of expertise. Of course, no two cyber attacks are the same but there are some tell tale signs to look out for that could indicate your business is under attack. One of the most common ways of launching a fraud attack is still via phishing; targeted emails that are sent to specific workers, hoping they will either install malware onto the company’s network or reveal information that could help attackers gain access to whatever systems they need. These emails can be difficult to spot. We’ve all received badly written emails that claim to be from Amazon or PayPal or a bank demanding we offer our personal details ‘for security reasons’ but targeted emails can look much more professional. They can masquerade as being legitimate emails from IT departments, HR/payroll or an external supplier, and can even spoof the sender’s name, so the email looks like it’s from someone the target knows and trusts. If the victim falls for the trick and downloads the malware then it’s loose on your system. Some modern pieces of malware are capable of getting around firewalls and antivirus software and it can be hours, days or even weeks before malware is detected. During that time the malware can be sniffing out valuable information from across your systems. Cloud-based, proactive monitoring of malware will help identify if a cyber attack is happening before too much damage is done. Another potential indication that your business is under attack is that applications lose their availability. Workers could have trouble establishing and/or maintaining a connection to the applications they need to do their jobs. This could indicate that the service is under attack from a DDoS, which is slowing down or even stopping access, or that someone has accessed the network and is using your bandwidth to search from critical data before sending it back to the attacker. So far we’ve talked about your users on your network, but what if the users are not from your organisation? What if they’re your partners, or your customers? Normally, you’d expect there to be little threat from these, but these users are susceptible to malware in the same way and as a result we’re seeing an increase in the types of attack that hijack user’s browsers and their connections to your systems. The warning signs for these types of attack are less visible to the naked eye; for example Versafe’s technology is capable of monitoring the integrity of session data between the browser and the application for any suspicious activity. That is something that a user would not be able to pick up on, and therefore relies on a robust and modern security infrastructure. As I mentioned above, no two cyber attacks are the same so spotting the signs that you’re under attack is difficult. However, having an always-on, cloud-based security infrastructure in place to keep an eye out for any suspicious activity will go a long way to helping you detect any potential danger.