Every day we see a large number of tools being implemented within enterprises and institutions due to the need to keep their environments more secure, along with this implementation of tools comes a series of responsibilities to make resources be used efficiently and effectively, generating the results expected by the Analysts, Managers, and Management. When we speak of a corporate environment there are a number of tools that we can find, such as Web Application Firewall (WAF), Intrusion Prevention Service (IPS), Antispam, Antivirus, Firewall, Web Filter / Application Control, DLP (Data Loss Prevent) Switches, Routers and etc. Each of these tools has its characteristic and function within the corporate environment, being well configured generate results and metrics that help managers make decisions for environment/business growth, security improvement, and others.
In recent years there has been a significant increase in cyber attacks and attempts to exploit vulnerabilities, attackers have increasingly studied CVEs (Common Vulnerabilities and Exposures) based on this knowledge to try to exploit, invade and exfilt data from companies or individuals. When implementing a security tool within a company, it is necessary to pay attention to some points that go beyond the implementation project, some of these points are maintenance and updating of the tool following the good practices of the manufacturer. A very common error that occurs today and makes many companies vulnerable to attacks is that they only care about the tool in the implementation process, after that the points mentioned above that require constant attention during the tool life cycle inside the company are forgotten and make the environment susceptible to attacks and exploitations.
Some points that make environments vulnerable:
From these points mentioned above, I would like to draw attention to the ‘Human Factor’, due to the technological growth, it became fundamental the importance of creating a culture of security policy in the day to day of the collaborators. Companies are investing more and more in lectures, training and workshops to try to reduce an attack or invasion is caused by the human factor, when we speak of human factor can be exemplified as follows: the attacker sends an email with a supposed advertisement or promotion and in it comes a link that will direct the user to this “promotion”, but when in fact it is a malicious link (this attack is called Phishing), the user may be infected with some Malware and from that machine the attacker has internal access and begins to make lateral movements in an attempt to exploit or compromise the company environment. Every day we see research being done by tool makers showing that most of the attacks that occur still have the human factor, that is, a user who is not prepared to identify some simple types of attacks, such as phishing and that can compromise the entire security of the company.
There are currently three most commonly used types of Phishing attacks:
Mass-Scale Phishing: Attack where fraudsters launch an extensive network of attacks that are not highly targeted
Spear Phishing: Tailor-made for a specific victim or group of victims using personal details.
Whaling: A specialized type of spear phishing that targets a “large” victim of a company, for example CEO, CFO or other executive.
Below we have the anatomy of a phishing attack:
About the author: Zoziel Freire
Cyber Security Analyst Content Writer of the portal: www.infosectrain.com Analyst document’s malicious CompTIA Security Analytics Professional LPIC-3 Enterprise Linux Professionals CompTIA Cybersecurity Analyst Linkedin: https://www.linkedin.com/in/zozielfreire/
(SecurityAffairs – Human Factor, cybersecurity)