Network attacks are the unauthorized actions on the applications and systems within your company network. These are usually perpetrated by malicious actors with the goal of altering, destroying, or stealing data.

Some network attacks take a stealthy approach; they discreetly breach your network defenses and steal your data without altering anything. These are known as passive attacks. Another variant, known as active attacks, will seek to alter, encrypt, or destroy your data.

Types of network attacks

DDoS (Distributed Denial of Service)

DDoS stands for Distributed Denial of Service, one of the scariest network attacks network administrators have to deal with. Designed to cause total chaos by overwhelming your systems, DDoS attacks send a flood of requests that consume your system or application resources and render it unusable for legitimate users.

A few years ago, a massive DDoS attack targeted Dyn, a company that manages domain name systems (DNS) for websites like Twitter, Netflix, and Reddit. The attackers used a botnet, which is a network of infected devices, to send an overwhelming amount of traffic to Dyn's servers. 

The result was that websites that millions of people visited daily were suddenly inaccessible. It was like someone had pulled the plug on half the internet.

One of the reasons why DDoS attacks are so effective is the sheer volume of traffic they can muster. Attackers often use botnets made up of thousands, sometimes millions, of hijacked devices. These devices can be anything from compromised computers to unsecured IoT gadgets like smart thermostats or cameras. 

So your smart fridge or TV can be hijacked as part of a grand plan to take down a major website. It sounds wild, but it happens.

There are different types of DDoS attacks, too. Some aim to exhaust the bandwidth by sending massive amounts of traffic. Others, like application-layer DDoS attacks, target specific features or services of a website. 

For instance, they might repeatedly load a search function on an e-commerce site until it crashes. A notable example of this was the attack on GitHub in 2018, where attackers exploited the platform’s code repository service, causing GitHub to struggle with a peak load of 1.35 terabits per second.

The sneaky part is that these attacks are often distributed, meaning they come from multiple sources, making it incredibly hard to block them without also affecting legitimate traffic. 

So, DDoS attacks can cause massive disruptions, financial losses, and headaches for IT teams. And with more devices getting connected to the internet every day, the potential for even larger and more devastating attacks only grows.

Phishing

Phishing is a practice where cybercriminals send emails and other messages to unsuspecting people purporting to be representing reputable companies with the goal of tricking them into revealing passwords and other sensitive information.

For example, you receive an email that looks like it's from your bank, asking you to verify your account details. The email will even have the bank's logo and a perfect copy of the bank's email layout. But instead of your bank, it's a hacker trying to steal your information.

The email might ask you to click a link to reset your password. When you click, you’re taken to a fake website designed to look real. Once you enter your credentials, the hacker saves them. Suddenly, they have access to your personal or company accounts.

The emails are usually so convincing that victims are easily fooled into clicking the link and logging in to what they think is your claimed company’s portal.

A variation of these attacks are what’s called spear phishing attacks. These are even more targeted. For example, a CEO might get an email that looks like it’s from their CFO. It asks them to approve a wire transfer. Because it looks legitimate and urgent, they approve it without a second thought. A few days later, they find out the email was fake, and the money's gone.

Besides emails, phishing can happen over text messages too. This is called smishing. You might get a text claiming to be from your bank, telling you there’s suspicious activity on your account. It provides a number to call or a link to click. If you follow through, you’re connecting directly with the scammer.

It’s essential to always double-check who’s sending you emails or messages. Don't click on links or download attachments unless you're sure they’re safe. If something feels off, it probably is. Remember, it's better to be paranoid than to be hacked.

Man-in-the-Middle (MITM) attacks

Man-in-the-Middle (MITM) attacks are a particularly sneaky type of network attack. The attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. The attacker positions themselves in the middle, hence the name.

MITM attacks are hard to detect without specialized tools. They happen while you're having what you deem to be a private conversatin with a colleague over email. Unbeknownst to you, a hacker slips in and reads the message you send and receive. 

Worse, the hacker might even alter those messages before they reach their destination. One common tactic used in MITM attacks is to create fake Wi-Fi hotspots where you walk into a coffee shop and immediately get prompted to connect to "FreeCafeWiFi." 

The wifi network will look legit but will actually be a rogue network set up by a hacker. Once connected, everything you do online can be monitored or manipulated.

Another tactic involves what’s called SSL stripping. Websites today often use HTTPS to encrypt data. However, an attacker can downgrade this connection to HTTP, which is not secure. 

Once they do that, they can then intercept everything you send to the website, such as login credentials or personal information. For instance, you might think you're securely logging into your bank account, but in reality, the attacker is capturing your username and password in plain text.

Email can also be a vector for MITM attacks. You may receive an email from a known vendor asking for payment details. If the attacker has infiltrated your email network, they can alter the bank account details. 

You end up sending money to the attacker instead of the vendor. It's insidious because you might never realize anything has gone wrong until it's too late.

MITM attacks can also target mobile communications. By using a rogue cell tower, an attacker can intercept calls and texts. This tactic, called an IMSI catcher or Stingray, tricks phones into connecting to it instead of a legitimate tower. It’s particularly worrisome because it doesn’t require much technical skill to pull off.

Attackers can also exploit vulnerabilities in network protocols. Protocols like ARP (Address Resolution Protocol) and DNS (Domain Name System) are common targets. 

In ARP poisoning, the attacker associates their MAC address with the IP address of a legitimate computer on the network. All traffic meant for that IP address gets sent to the attacker instead. In DNS spoofing, the attacker corrupts the DNS cache, redirecting users to fraudulent websites without their knowledge.

Staying safe from MITM attacks, therefore, requires vigilance and robust security measures. Encryption is essential. Always use secure connections (look for HTTPS), avoid using public Wi-Fi for sensitive transactions, and employ strong, updated security protocols on your network. Being aware of these tactics is the first step in protecting against this type of attack.

Insider threats

Sometimes the most significant threats come from within the company. These are known as insider threats. An insider might be a disgruntled employee, someone looking for financial gain, or even a well-meaning individual who makes a mistake.

A popular example is the case of Edward Snowden. He was a contractor for the NSA who leaked classified information because he believed the public had the right to know. 

While his intentions might have been ethical, the impact on network security was massive. Sensitive data was exposed, showing how destructive insider actions can be, regardless of intent.

Sometimes, the threat isn't intentional. A classic example is the case of an employee clicking on a phishing email. They might think it's from a trusted source, but that one click can compromise the entire network. Malware gets installed, and suddenly, customer data is at risk. This shows how even well-intentioned insiders can become a security risk.

Another scenario is when insiders misuse their access privileges. Someone in the IT department with access to the entire network might decide to exploit this access to steal sensitive information or disrupt operations. 

The case of the UBS rogue trader, Kweku Adoboli, comes to mind. Although he wasn't hacking a network, his misuse of access and systems resulted in significant financial loss, illustrating the broader impact of insider threats.

There are also situations where employees are blackmailed or coerced into attacking the network. An example is an employee who gets caught in a compromising situation and is then forced to install spyware on the company network.

Having robust monitoring and strict access controls can help mitigate these risks. Constant vigilance, employee training, and a solid incident response plan are crucial. We can't always predict who might turn into an insider threat, but you can certainly prepare for it.

Privilege escalation

When cybercriminals gain a foothold in your network, they often aim to escalate their privileges. Why? More privileges equal more control. 

One common technique for escalating privileges is exploiting vulnerabilities in software. For example, an attacker might find a flaw in your operating system or an application. 

Once exploited, this flaw can grant them admin rights. A notorious case was the EternalBlue exploit. Hackers used it to spread WannaCry ransomware, wreaking havoc worldwide.

Credential dumping is another favorite tactic of hackers. Attackers dump hashed passwords from your systems. They then use tools like Mimikatz to extract plain-text passwords. Once they have an admin's password, they can log in anywhere within the network. There is no telling what kind of damage they can do with that level of access to sensitive data and critical systems.

Not to forget is the Pass-the-Hash (PtH) attack. Here, attackers capture password hashes rather than the password itself. They use these hashes to authenticate as a user on the network. It's like forging a key based on its impression. No need to decode the hash, just pass it along.

Sometimes, attackers exploit weak security configurations. Default admin accounts, for instance, often have predictable passwords. If these accounts aren't secured, they provide an easy route for privilege escalation.

How to mitigate network attacks

There are several techniques you can employ to mitigate network attacks. Let’s discuss the main ones.

Firewalls

Firewalls help block unauthorized access while allowing legitimate traffic. By carefully configuring your firewall rules, you can significantly reduce the risk of intrusions. For instance, you should ensure that only necessary ports are open and that you have rules to block known malicious IP addresses.

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)

IDS and IPS tools monitor network traffic for suspicious activity. An IDS can alert you when it detects something fishy, while an IPS can take immediate action to block the threat. 

For example, an IPS might automatically drop packets from a known malicious source. Regularly updating the signatures for these systems ensures they can recognize the latest threats.

Network segmentation

By dividing your network into smaller, isolated segments, you limit the spread of an attack. Think of it like having multiple watertight compartments in a ship; if one section gets compromised, the others remain secure. 

For example, you could segment your network so that sensitive financial data is only accessible to certain departments, reducing the risk if a general user’s segment is breached.

Encryption

Encrypting sensitive data ensures that even if an attacker intercepts the data, they can't read it. Using protocols like HTTPS for web traffic and VPNs for remote connections can help keep our data safe. 

For instance, when employees work from home, a VPN can ensure that their connection to the company’s network is secure.

Regular software updates and patch management

Many network attacks exploit known vulnerabilities in outdated software. Keeping your systems and applications up-to-date with the latest patches can protect you from these exploits. 

For example, a recent update might fix a critical vulnerability in your email server software, preventing potential abuse.

Moreover, user education and awareness are essential. Teaching your employees about phishing scams and safe internet practices can prevent a lot of issues. 

For instance, regular training sessions can help employees recognize and avoid clicking on suspicious email links, which could otherwise lead to malware infections.

By implementing these techniques, you create multiple layers of defense, making it much harder for an attacker to find a way in.

Common vectors for network attacks

Email

Email is a favorite hunting area for cybercriminals. Phishing is the most notorious type of email attack. Hackers craft deceptive emails that appear legitimate, tricking employees into clicking on malicious links or downloading harmful attachments. 

For example, an email might look like it's from a trusted vendor, urging you to check an urgent invoice. One click, and malware could infiltrate the network.

Another example is Business Email Compromise (BEC). In these attacks, cybercriminals impersonate a high-ranking executive or a trusted business partner. The message might request a wire transfer or sensitive data. BEC emails can be hard to spot, even for the vigilant, because they are usually very convincing.

Malware distribution through email is another critical concern. Cybercriminals can attach malicious files to seemingly innocent emails. These attachments could be anything from fake invoices to job applications. When opened, the malware installs itself on the network, often undetected.

Ransomware is particularly nasty; it can encrypt files and demand a ransom payment for their release. There have been incidents where entire company networks were paralyzed because someone unknowingly opened a malicious email attachment.

Spam emails also pose a threat. Although it might seem more annoying than dangerous, spam can clog up email servers and waste valuable resources. More importantly, spam often contains malicious links and attachments too. Some employees might think they're just dealing with harmless junk mail, but one wrong click can lead to a security nightmare.

Employee training is crucial to defend against these types of attacks. Regular phishing simulations can help staff recognize and avoid malicious emails. Periodic reminders about not clicking on unfamiliar links or downloading unexpected attachments can make a significant difference. Implementing robust email filtering and security protocols can also catch many of these threats before they reach the inbox.

So, while email is indispensable for communication, it’s equally essential to be aware of the threats it can bring into our network. Being cautious and educated about email attacks can go a long way in protecting your company’s network.

Web applications

Web applications are computer programs you access through a web browser. Think of Microsoft 365 or Google Docs/Gmail. They offer many business benefits, like speed, compatibility, and scalability. But they are also prime targets for cyberattacks. 

According to the latest DBIR, web applications were the top action vector in 2023. They were used in 80% of incidents and 60% of breaches.

So why are web applications such hot targets? Two main reasons. First, many have vulnerabilities or configuration errors. Second, they often store valuable information, like personal and financial data. 

A successful breach gives attackers direct access to that data. Barracuda research shows that 40% of IT professionals involved in ethical hacking believe web application attacks are among the most lucrative. For APIs, 55% say the same.

Barracuda’s anti-botnet detection data from December 2023 shows most bot attacks were volumetric distributed denial of service (DDoS) attacks. These attacks use brute force techniques to flood the target with data packets, using up bandwidth and resources. 

They can even be a cover for more serious, targeted attacks against the network. In all, 53% of bot attacks were volumetric DDoS, while 34% were application DDoS attacks targeting specific applications. Another 5% were bot-driven account takeover attempts.

SQL injection

SQL injection is a convenient tool for building applications and databases. Yet it can also be a tool for network attacks. Imagine an attacker gaining access to your company's internal network through a vulnerable web application. 

That attacker can then use SQL injection to exploit internal databases, but the scope doesn't stop there. They could pivot to other parts of the network.

Let's say the attacker starts by finding an unprotected web form on your internal HR application. By injecting a SQL command like `'; DROP TABLE employees;--`, they might delete important employee records. This is already bad, but now imagine they use a less destructive payload to map out the network.

They might use something like `'; SELECT host FROM network_map;--`. If the database contains a table that holds information about network devices, the attacker gets a list of internal hosts. 

With this information, the attacker can target specific machines. They might use `'; EXEC xp_cmdshell 'ping 192.168.1.1';--` to send commands to another server. SQL injection, thus, turns into a way to execute arbitrary commands on the network.

Another example involves the attacker querying for login credentials. Injecting `'; SELECT username, password FROM admin_users;--` could give them admin credentials, providing access to critical systems. If they find stored procedures that interact with network services, they can inject commands to manipulate those services directly.

Not all SQL injections return visible results. Some operate silently, like blind SQL injection. The attacker might inject `'; IF (username='admin') WAITFOR DELAY '00:00:10';--`. If the application takes longer to respond, they know the username exists. This method can be used to gather sensitive information slowly and stealthily.

Network attacks via SQL injection are especially dangerous because they often bypass traditional security measures. Firewalls and intrusion detection systems might not catch these subtle manipulations if the SQL commands seem legitimate.

The real-world implication? A single SQL vulnerability can expose your entire network to an attacker. It’s important to secure all entry points, parameterize queries, and use least privilege principles for database accounts. By doing so, you can mitigate the risks and prevent attackers from turning a tiny hole into a massive breach.

Cross-site scripting (XSS)

Cross-site scripting (XSS) vulnerabilities allow attackers to inject malicious scripts into otherwise trusted websites. When these scripts are executed in a user's browser, they can manipulate network interactions in various harmful ways. 

For instance, an attacker could craft a malicious URL containing a script designed to steal cookies, impersonate users, or even hijack sessions.

So you might visit a site that displays a message parameter from the URL without proper validation. An attacker could send a link like `http://example.com/status?message=<script>alert('XSS')</script>`. If you click it, the script in the URL executes in your browser, displaying the alert. 

But it’s not just about alerts. More dangerous scripts could steal your session cookies. These cookies might store authentication tokens that grant the attacker access to your account.

Another scenario involves stored XSS attacks, where the malicious script is stored on the server. For example, in a message board, an attacker might post a comment like `<script>malicious code here</script>`. 

Every user who views this comment would execute the malicious code. This could lead to session hijacking, where the attacker gains control over users' accounts.

Beyond stealing cookies and hijacking sessions, attackers can manipulate network requests to perform Cross-Site Request Forgery (CSRF) attacks. They might inject scripts that trick your browser into sending unauthorized requests to another site where you're authenticated. 

This could change your account settings or conduct transactions without your consent. For instance, a script could execute a request to transfer funds from your bank account to theirs, all while you’re unaware.

XSS vulnerabilities can also target network connections by injecting scripts that manipulate content loading in iframes. An attacker could load a trusted site in an iframe and overlay it with invisible elements to capture keystrokes, a technique known as clickjacking. You might think you're typing your password into a secure login form, but it's being captured by the attacker’s script.

Developers should be cautious about any user input and always validate or encode it appropriately. Using Content Security Policy (CSP) headers can help mitigate some attacks by limiting the sources from which scripts can be executed. 

However, the best defense is careful coding practices that prevent these vulnerabilities from existing in the first place. By understanding and addressing how XSS can manipulate network interactions, you can build more secure web applications.