• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Cyber Attacks and Cyber Defense Options

August 20, 2018 By Emil Hozan

Cyber Security. Businessman using tablet technology and icon customer network connection and exchange data on the virtual display. Cyber attack concept

There seems to be an endless list of what attackers are willing and capable of doing; viruses, malware, network attacks, etc. It’s tough just trying to keep up with all of these types of attacks along with properly training users and raising cyber security awareness in the company, on top of figuring out how to prevent these attacks and mitigate them should they infiltrate a network. This can seem like an impossible task for an SMB, considering that not many have designated security staff on-site. Then there is the consideration of additional expenses, whether forecasted or not.

Rest assured, however; WatchGuard’s got your back!

For starters, let’s break down major forms of attacks and categorize them in hopes of better understanding what WatchGuard can do to help. Then we’ll cover some offered services that’ll free up some stress and worries (hopefully) about hardening your network and reduce possible countless man hours in hardening your network security with an outside IT firm, which translates to saved money.

Virus – an ambiguous and generic reference – is often used to categorize any attack on a network or computer device. For the most part, that is true, but there are certain criteria that need to match that makes a virus a virus. It must be able to execute itself as well as be able to replicate itself using a host file. A different way to look at this would be in terms of potentially unwanted programs, or PUPs.

If you’re familiar with the history of the city of Troy and its impenetrable defense walls, you know how they were outwitted by accepting the gift of a wooden horse filled with enemy troops and bringing it within those same impenetrable walls. That’s an analogy indicating that regardless how hardened or secure a network is, if you allow an unknown program into your network that may be disguised as a valid application then you’re only setting yourself up. These are known as trojans or a trojan horse. You can often times find these embedded with program downloads that are free to download from the Internet.

Worms are PUPs that are very similar to viruses and can be categorized as a sub-class of viruses but are different in the fact that they do not require a host file. They simply replicate themselves across hosts and the network. In addition, they can exploit operating system vulnerabilities and make way for attackers to take control or execute arbitrary code.

That was a lot of info but to sum it up, focus on the PUP aspect. Any of the above subjects fall under the PUP category. From continuous attacks and analysis, each form of attack has what’s known as a signature – actions that make each form of attack unique and trackable. From WatchGuard’s perspective, we offer the Gateway AntiVirus engine, which taps into Bitdefender’s provided signature set.

Now if you’re thinking that you avoid downloading random programs or have a stringent download policy, awesome! I congratulate you on that. Then I would ask, well what about mainstream products, do you use Microsoft Office or have any in-house Web server or SQL servers? This is where direct host attacks come into play, often times attempting to exploit a vulnerability in legitimate programs. SQL injections, cross-site scripting, or buffer overflows are a few examples of possible network attacks.

A key difference is PUPs orient around viruses, worms, and trojans, versus network attacks on legitimate programs with vulnerabilities. A similarity between the two are their signatures, a unique action that is trackable and differentiates different types of attacks. Our Intrusion Prevention Service does just this and is constantly updated as new vulnerabilities are disclosed.

In an upcoming blog post we’ll cover more advanced options that don’t rely on signatures for detection and prevention. These advanced attacks are known as advanced persistent threats (APTs) and zero day malware.

Stay tuned!

 

References

Symantec.com, Contributors (September 30, 2016). What is the difference between viruses, worms, and Trojans. Retrieved from https://support.symantec.com/en_US/article.TECH98539.html

Share This:

Related

Filed Under: Editorial Articles

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • The White House Tackles AI
  • The Threat Actor That Hacked MGM
  • What to Expect from NIS2

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Grading our 2023 Security Predictions
  • What to Expect from NIS2
  • Combined Cyber and Kinetic Warfare
  • The White House Tackles AI
  • The Threat Actor That Hacked MGM
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use