By Johnes Mecha
On 17th July 2018, Serges Nanfack, Cisco Technical program Manager from South Africa gave a talk to members of the public and Swahili Pot Hub members. This was part of the Cisco Academy Safari tour 2018. The talk was on cyber security and how it affects the commerce and technology space.
Types of Network Attacks
He explained some of the common and emerging types of network attacks:
- Network Attack Surface – This is an attack which affects network devices e.g. Routers and Switches that connect your devices to the Local Area Network and the internet.
- Software Attack Surface – This is an attack that is embedded in software e.g. Android apps, iPhone apps which you download from PlayStore or Appstore.
- Behavior Attack Surface – A lot of people have been connected to the internet more that 5 years ago hence they are more vulnerable to cyber attacks. The more people are connected to the internet the more vulnerable they become.
It was shocking to learn that approximately 20% of companies report cyber attacks but most will report it years after incident. Kenya has the highest internet penetration in Africa, at about 86%. It however reports 3,000 attacks monthly. This translates to more job opportunities in the Cyber Security. In 2017, the notorious and costly Wannacry Ransomware cyber attack hit 19 Kenyan firms. It is against this backdrop that Kenya recently enacted the Computer Misuse and Cybercrimes Act, 2018.
How Attackers Evade Detection
Attackers embrace encryption methods to conceal their command and control traffic. This makes them to mix legitimate traffic with toxic traffic which contains malicious code. Cyber criminals are adopting command and control channels that rely on legitimate internet services, making malware traffic almost impossible to shut down.
Techniques used to Target Execute Attacks
Attackers are using Watering hole technique. This is where they target a specific group of users through a third party software application or website. For example, where employees from one firm frequent an establishment that requires them to register online, an attacker may hack the establishment to get the employees’ details and use it to attack the firm.
Malicious documents in email attachments may also be used by attackers to affect their victims once the attachments are opened. These documents may be in the form of Office Documents, Archive Documents (Zipped files) or even PDF Documents.
PDF Documents may be used to hide malicious code where once the document is opened it installs malicious code behind the scenes.
New Methods of Cyber Attack
Attackers are nowadays upgrading to Application-layer attacks through IoT devices. IoT devices means the Internet of Things and includes devices that are controlled via network (internet) such as smart TV, smart doors, smart houses or household appliances, smart cars and the like. This is rising rapidly while network-layer attacks declining.
Network-based ransom ware does not need any human intervention. An example of a network based ransom ware is “WannaCry” which is a rapid moving, self-propagating malware. Once it affects a victim machine, it will encrypt the entire computer and lock you out. The virus will request you to pay 100 bitcoins to recover the files failure to which you will lose all your files.
Ways to mitigate Cyber Security Attacks
Only 25% of security attacks can be prevented and mitigated using products. The processes within companies are therefore vital for cyber security. Some mitigation measures include:
- Using sandboxing techniques – a website like virustotal.com can be used as a sandbox environment to analyze your files to know if they might be malicious before opening them.
- Using Machine Learning can help detect internal threats within organizations. Machine learning is where you teach a computer to detect and eliminate threats before they affect you.
- Training staff on cyber security practices is compulsory for the security of any company, organization and institutions.
- Critical Operating System Security patches can be used to address software attacks. These are security features that your Operating System provider (eg. Windows) develops after analysis of threats in the market and sends to you as updates. When you fail to update your Operating System software, you become vulnerable.
In conclusion, Cyber Security is a costly affair. The solution is to be vigilant. It is essential for every organization to have a Cyber Security Policy. It is also important to update your anti virus and to practice safe cyber principles.
Johnes Mecha is a software developer/consultant in android and web development. He is currently an intern at Mpower Limited.