Auto-translation used

A selection of must-have solutions to protect businesses from targeted cyber attacks

In the face of increasingly sophisticated cyber threats, many organizations are becoming targets for targeted attacks. To understand how best to protect ourselves from such incidents, we spoke with a leading cybersecurity expert at Noventiq Kazakhstan.

What do companies face with targeted cyber attacks?

Targeted attacks differ from mass attacks in that they target a specific organization. Attackers carefully study their target, identifying vulnerabilities that combine technical flaws and social manipulation. For example, an elaborate phishing email may contain a malicious attachment designed to target the credulity of a particular employee. After opening this attachment, the digital invasion begins.

An equally common way is to use software or website vulnerabilities to hack systems. Such attacks play a long game – they act unnoticed, pumping out data and gradually strengthening control. Detection occurs at a time when the damage has already been sufficiently great and leads to serious consequences.

What measures will help to ensure reliable business protection?

There are several key technologies that organizations need to implement in order to reduce risks and strengthen protection against targeted attacks:

  • Measures to combat DDoS: protection against distributed denial of service attacks that serve as a "smokescreen" when conducting more important maneuvers.
  • Implementation of SIEM: Security information and event management systems detect intrusions and anomalies, contributing to the early detection of threats.
  • SOAR integration: Orchestration, automation, and security threat response accelerate incident response, allowing threats to be eliminated quickly.

This trio creates a stable cybersecurity system that allows you to quickly identify and respond to targeted attacks and thereby minimize damage. In addition, for multi-level protection of large businesses and timely threat prevention, several auxiliary tools should be considered:

  1. Deception – involves creating an imitation of vulnerable systems to lure intruders into traps. Fake user databases or servers can alert the Security Management Center (SOC) about unauthorized access attempts.
  2. Intrusion Prevention Systems (IPS) they analyze network traffic for malicious activity. If signs of an attack are detected, such as an exploit, IPS blocks the connection, preventing the attacker from causing damage.
  3. Intrusion Detection Systems (IDS) they also detect suspicious activity, but unlike IPS, they do not block traffic, but only notify the SOC. This allows you to collect information about the attack.
  4. The new generation of firewalls (NGFW) analyzes traffic in a deeper context, not limited to batch data. For example, NGFW can identify the traffic of a particular application as malicious.
  5. Advanced Threat Protection (ATP) uses machine learning technologies to identify abnormal activity indicating an attack. For example, selecting credentials from an unusual location.
  6. Endpoint Threat Detection and Response (EDR) allows you to stop an already launched attack on devices. EDR can block a malicious process, isolate an infected file, and restore the system to a safe state.

By combining these capabilities, organizations create a comprehensive multi-level protection. Deception systems prevent attackers from advancing, and IPS, IDS, NGFW, ATP and EDR jointly detect and neutralize malicious activity.

Additional strategic measures to strengthen the information security of the organization:

  • Access Control (IAM) and Privilege Management (PAM) to minimize the consequences of compromise.
  • Using sandboxes to safely analyze files and links for malware.
  • Advanced Detection and Response (XDR), which combines data from different sources to identify complex attacks.
  • Network segmentation, which limits the capabilities of intruders along the perimeter.
  • Mandatory staff training, which will help to avoid initial infection through phishing.

Using an integrated approach with these technologies, companies will significantly strengthen their defensive capabilities against targeted attacks, even if attackers use sophisticated methods and 0-day exploits.

Examples of real targeted attacks on global companies:

  • The attack on SolarWinds in 2020, as a result of which hackers gained access to the computer systems of more than 18 thousand organizations, including the US Department of Defense, the US Department of Homeland Security and 120 Fortune 500 companies.
  • The hacking of the Equifax network in 2017 led to the theft of the personal data of 145 million people. Hackers exploited a vulnerability in the software to gain access.
  • The Kaseya hack in 2021, as a result of which hackers infected more than 1,500 companies, including 1,200 Fortune 500 companies.
  • The attack by the Carbanak hacker group on banks around the world, as a result of which more than $ 1 billion was stolen from financial organizations.
  • The Dropbox hack in 2012, when 68 million passwords of cloud service users were stolen.
  • The hacking of Microsoft Exchange in 2021, as a result of which hackers gained access to the computer systems of more than 200 thousand organizations around the world.
  • An attack on Twitter in 2020 using social engineering to gain access to internal systems and hack celebrity accounts.
  • The Sony Pictures attack in 2014, as a result of which hackers stole more than 100 TB of data, including confidential employee files, movies and TV shows.

These and other incidents demonstrate how devastating targeted attacks can be. The implementation of comprehensive protection measures is critically important to counter such threats.

If you would like to receive advice on ensuring business information security, send us a request.

Comments 4

Login to leave a comment