Massive distributed denial-of-service (DDOS) attacks last week, which shut down powerhouses like Twitter, Spotify, Netflix and many others, remind us that the Internet is a vulnerable place. And while you have several areas within your business that require attention, protecting your financial institution’s network from external cyberattacks is major priority.
In cyber attacks—which, according to a recent Verizon report, are responsible for at least 75 percent of confirmed data breaches in the last six years—determined cyber criminals will slowly gather information about an institution’s network, monitoring patterns and changes to discover weaknesses. Once inside your network, they steal or distort confidential data and often disable security features to enable larger future attacks and avoid detection.
To protect against external cyberattacks, all employees—technical and non—should be trained to look for signs of a threat.
Types of External Cyberattacks
External cyberattacks come in many forms. From password attacks and session hijacking to viruses and worms, in external attacks, hackers often utilize these common external penetration techniques:
- Session hijacking: an attacker hijacks a network session shared between two systems by masquerading as of one of them
- Password cracking: an attacker identifies the password of a user or administrator to gain access to a system
- Denial of Service (DoS) attacks: a hacker bombards a system, causing it to crash or deny access to legitimate users
- Web-application attacks: an attacker manipulates data and potentially compromises the host device or internal network
- Malicious software: a hacker plants viruses in a machine or program that replicate and cause significant damage; worms propagate throughout networks; and Trojan horses, disguised as legitimate programs, cause major system damage
3 Ways to Defend Against External Cyberattacks
To defend against dangerous cyber criminals using external penetration tactics, your financial institution may consider performing vulnerability assessments and external penetration testing, among other types of testing.
- Remote Vulnerability Assessments
A vulnerability assessment provides your financial institution with a prioritized list of network vulnerabilities. This type of assessment, which ensures GLBA guideline compliance, can be easily performed using a remote scanning device—configured by a certified provider—that is plugged into your network. The device will scan the entire network, including hardware and software, and perform internal vulnerability, patch management and port scanning functions. The assessment provider will then analyze the data and prepare a detailed report with recommendations for securing your network.
- External Penetration Testing
In an external penetration test, ethical hackers seek to achieve a specific, attacker-simulated goal. By attempting to access your financial institution’s internal network, the test determines whether or not a mature security posture can withstand an intrusion attempt from an external hacker.
A thorough penetration test typically consists of these essential elements:
- Reconnaissance: learning about the target through Internet searches, website reviews, IP blocked information and Domain Name System (DNS) interrogation, which require little or no interaction with the network
- Scanning: looking for potential openings through network mapping, port scanning, operating system (OS) fingerprinting, service detection and vulnerability scanning, which is the first major contact with the target’s systems
- Gaining Access: attempting to compromise the system by accessing features, performing password and Web application attacks and exploiting vulnerable software, which are performed by the hacker
- Maintaining Access and Covering Your Tracks: subverting security controls to establish a backdoor into the network and avoid detection—many organizations forego this step because it’s highly intrusive and involves manipulating systems, applications and files
- Web Application Testing
Through Web application testing, consultants identify vulnerabilities in the apps used by your business for potential security issues. Web application testing ensures your organization’s security by uncovering potential opportunities for exploitation and scanning for the latest Web application security risks identified by the Open Web Application Security Project (OWASP). Whether the apps are in-house, third-party proprietary or off-the-shelf, consultants assess the security of your Web applications based on your specific situation and request so your financial institution can stay secure.
These types of security tests can benefit institutions by showing the impact of an attack rather than theorizing about it, ensuring controls work as expected and identifying ways to improve security. Make examiners happy, and protect your financial institution against advanced cyber threats like external penetration attacks by utilizing these strategies for a strong cybersecurity posture.
Terry Anderson, CISSP/OSCP, is a senior risk and compliance consultant and penetration tester for CSI Regulatory Compliance.