How does it work?
Network-delivered threats are typically of two basic types:
- Passive Network Threats: Activities such as wiretapping and idle scans that are designed to intercept traffic traveling through the network.
- Active Network Threats: Activities such as Denial of Service (DoS) attacks and SQL injection attacks where the attacker is attempting to execute commands to disrupt the network’s normal operation.
To execute a successful network attack, attackers must typically actively hack a company’s infrastructure to exploit software vulnerabilities that allow them to remotely execute commands on internal operating systems. DoS attacks and shared network hijacking (example: when corporate user is on a public WiFi network) of communications are exceptions.
Attackers typically gain access to internal operating systems via email-delivered threats which first compromise a set of machines, then install attacker controlled malware, and so provide ability for the attacker to move laterally. This increases the likelihood of not being detected up front while providing an almost effortless entry point for the attacker.
According to a recent Microsoft security intelligence report, more than 45% of malware requires some form of user interaction, suggesting that user-targeted email, designed to trick users, is a primary tactic used by attackers to establish their access.
Some threats are designed to disrupt an organization’s operations rather than silently gather information for financial gain or espionage. The most popular approach is called a Denial of Service (DoS) attack. These attacks overwhelm network resources such as web and email gateways, routers, switches, etc. and prevent user and application access, ultimately taking a service offline or severely degrading the quality of a service. These do not necessarily require active hacking, but instead rely on attackers’ ability to scale traffic towards an organization to take advantage of misconfigured and poorly protected infrastructure. This means they often make use of a network of compromised computer systems that work in tandem to overwhelm the target, known as a Distributed Denial of Service (DDoS) attack. In many cases, attackers will launch DoS and DDoS attacks while attempting active hacking or sending in malicious email threats to camouflage their real motives from the information security teams by creating distractions.
While detection, perimeter hardening, and patching processes are required to mitigate threats from active and passive network delivered threats, as a basic starting point organizations need to protect themselves especially from the email-delivered threats that subsequently enable network-threats to be successful.