Cyber threats Part II - decrease the likelihood of a cyberattack and increase your system security

Cyber threats Part II - decrease the likelihood of a cyberattack and increase your system security

Devopsity on 20-04-2022

Cybersecurity should always be a top priority.

Cyberattacks come in different forms and with various aims. We can distinguish several types of cyberattacks and just as there are various types of attacks, there are different prevention actions. It’s good to learn more about those so that you know what to be prepared for and how to look out for the signs of danger.

Read more about the common cyberthreats and what can you do to prevent them

SQL injection

A structured query language injection, SQL injection, takes place when a hacker inserts a malicious code into a server with the use of SQL, in order to access and steal the data or clear the sensitive data. It is usually based on inserting the malicious code into the website search box or website comment box. Unfortunately, this type of attack is common as it can provide an attractive target for the attacker, for example, a database of an application will often contain all of the crucial data for the application.

It’s important to back up the data on a regular basis, in order to prevent catastrophic loss of sensitive data.

There are a few ways how to minimise the risk of SQL injection. Validating user input and accepting only characters from the defined allow-list and rejecting other potentially dangerous from deny list. Settings parameterized SQL statements or stored SQL procedures.

DNS Tunnelling

A DNS Tunnelling occurs when a cyber hacker attacks the DNS protocol and encodes other protocols or malicious data so that sensitive data from the compromised DNS server can be stolen and the server can be controlled remotely.

DNS firewall should be configured to identify suspicious domains, IP addresses and intrusions. In addition to that, it’s recommended to monitor DNS queries for unusual patterns.

Denial-of-Service (DOS) Attack

A DOS attack occurs when the system, server or network is flooded with traffic in order to overload the resources and bandwidth, meaning legitimate requests cannot be processed. Distributed denial-of-service (DDoS) attack is carried out to take the system offline, meaning, another attack can be carried out and enter the network or server.

A content delivery network (also known as CDN) might minimize DOS Attacks due to the disturbing nature of its delivery network’s servers. In fact, some popular CNDs providers offer additional DOS protection.

Moreover, Cloud vendors offer protection from this kind of attack, for example, AWS offers AWS Shield Standard at no additional charge which mitigations DOS Attacks.

XSS Injection 

A Cross-Site Scripting (XSS) injection attack happens when a cyberattacker injects malicious code into legitimate websites. The malicious script is sent as a browser side script and the browser of the end-user executes the script, the end user’s browser cannot distinguish whether the script is legitimate. Subsequently, the malicious code can read and steal sensitive data including the user’s login credentials, perform actions that the user can perform, access the cookies, session tokens and other information stored by the browser.

In order to prevent the XSS injections, it’s important to use a combination of prevention measures. Firstly, user input should be filtered upon arrival and sanitization of data implemented. Secondly, the output data should be encoded and appropriate response headers should be used. On top of that content security policy (CSP) is another mechanism that minimizes XSS vulnerabilities. CSP allows defining which resources can be executed by browsers.

Cross-Site Request Forgery

Cross-Site Request Forgery (CSRF) happens when the trust of an authenticated user by the web application is exploited and web application vulnerability means it cannot filter which request is sent by the user and which one is requested by the attacker without the user’s consent.

CSFR tokens are a popular choice to increase protection from CSRF attacks. Tokens are random uniquely generated secrets that verify if a request came from an authenticated user. For increased security tokens should be server-side generated and stick to a session.

In stateless applications, a double submits cookie pattern may be used as a prevention from CSRF attacks. In this method the client sends an encrypted secret value in a  form of cookie and as a request parameter and then the server verifies if both those values match.

Another approach to minimize CSRF is introduced by samesite attribute which defines how cookies are submitted. It gives the possibility to control cookies access and which cookies can be sent by the browser. Samesite Strict value will block sending cookies to cross-site browsing concept and allows only first-party cookies which is the safest option. Some functionality might require less strict settings which can be accomplished with LAX value which allows sending third cookies only with the get method.

Clickjacking

Clickjacking is an attack during which after the user clicks on the element that is invisible hidden under the intentional content and it takes them to a hidden website or opens hidden content. It might result in downloading dangerous software, visiting malicious websites or sharing personal data and might result in transferring or spending money online.

Clickjacking attacks can be mitigated with other prevention mentioned in other attacks, including content security policy and samesite cookies. To prevent from clickjacking attack made by a malicious embedded frame, you can use the X-frame option response header. There are a few options to achieve that: denying displaying frames at all, allowing only from the same site, or allowing from a specific URI.

Server-Side Request Forgery

Server-Side Request Forgery (SSRF) attack takes place when the hacker updates internal resources, for example, they may change the URL and read the data or connect to internal services as well as make the server connect to external software and steal sensitive data.

Whitelisting domains, enforcing URL schemas and blocking raw responses from servers are among the most common ways to protect infrastructure from server-side request forgery attacks.

Outdated applications and their components

It’s always recommended to keep applications and their components such as plugins, themes, templates etc. in the newest stable versions. An outdated website is a potential security breach while older versions often have vulnerabilities. Also, it’s good to keep the application clean. If you have an old template plugin or other components which are not being used anymore, it’s better to delete them and keep the infrastructure clean rather than to keep an old unused module.

What can you do to keep your business secure?

In addition to the above various cyberattacks prevention practices, it’s important to remember the general rules. Keeping the system and software up to date, having antivirus protection, being prepared with an incident detection, solution and response approach as well as having all the data stored securely and backed up is absolutely vital.