Protected Harbour Discovers New Form of Cyberattack

New Cyber Attack Identified by Protected Harbor Banner

A New Type of Cyber Attack Identified by Protected Harbor

While monitoring a large client’s infrastructure last week, our techs became alerted by a series of infection notices. Rapidly taking action, we managed to stop the attacker in their tracks. However, a question remained on the minds of all of us, how did the hacker manage to break into this client’s system in the first place? We sat there wondering, how the attacker was able to break through our firewalls when so many other attackers, who try daily, fail.

At Protected Harbor, our team doesn’t just work to stop cyber security attacks; we go back to the beginning to fill in the blanks of how something like this was able to occur given our defenses. While combing through our systems, we noticed that there were a series of our servers that had been attacked and found that the source was from several IP (Internet Protocol) addresses meaning this attack wasn’t done from just one computer. This was a coordinated attack.      New-Cyber-Attack-Identified-by-Protected-Harbor-middle

We then went on to search for any possible patterns that could be linked within the user IDs that were used, and sure enough, there were. In this case, it appears the attackers were using the same user ID to try and break in and that the repeatedly used ID had not been logged into the system for an extended period prior. As it turns out, this user ID that was unsuccessfully trying to log in belonged to an employee that no longer worked for the company.

According to our lead technician Nicholas Solimando, “There was an infected file that was found in the profile of a user who had been terminated. We isolated the file and removed it, and then came to find from the client that that user had been terminated along with around 4500 other names that they hadn’t told us about.”

Though the user IDs were inactive, the profiles were still present within their servers. Our team then went on to create a script that would take their list of 4500 names as an input, repeat through the list, and for each entry, scan each of their servers and remove the corresponding profile.

This helped us to work with the client to enable a notification and communication procedure between us and the HR department, solving the core issue.

Nick Solimando left us with some final solid advice for other companies who may be experiencing a similar issue and different types of cyber attacks, “Keeping up to date with your active user base is critical to reducing threat surface and keeping your systems protected.”

 

Top 10 Most Common Types of Cybersecurity Attacks

  1. Phishing Attacks
    Phishing remains one of the most prevalent cyber threats. Cybercriminals send deceptive emails that appear legitimate to trick recipients into providing sensitive information, such as passwords or financial details. Common phishing attacks often involve fake links or attachments that, when clicked, compromise security.
  2. Malware Attacks
    Malware, including viruses, ransomware, and spyware, infiltrates systems to steal data or cause damage. Implementing malware attack prevention strategies, such as up-to-date antivirus software and avoiding suspicious downloads, can protect your organization from these threats.
  3. DDoS Attacks
    A DDoS attack example involves overwhelming a network or website with excessive traffic, causing it to crash. These attacks disrupt business operations and can be mitigated by using firewalls and traffic monitoring tools.
  4. Password Attacks
    Hackers use techniques like brute force or credential stuffing to gain unauthorized access. Strong, unique passwords and two-factor authentication can help prevent these attacks.
  5. Insider Threats
    Employees or contractors with access to sensitive data can unintentionally or maliciously cause breaches. Regular security training and monitoring can reduce the risk.
  6. Man-in-the-Middle (MITM) AttacksMITM attacks involve an attacker intercepting communications between two parties. These attacks compromise network threats by eavesdropping on sensitive data. To enhance cyber attack prevention, organizations should use strong encryption and secure communication protocols.
  7. Whale-Phishing AttacksTargeting high-profile individuals, whale-phishing exploits weak cybersecurity habits. By focusing on employee training, organizations can mitigate risks through rigorous email scrutiny and anti-phishing training for executives.
  8. Spear-Phishing AttacksSpear-phishing attacks leverage tailored emails to deceive specific targets, making them a significant network security threat. Implementing tools for cyber threat prevention, such as email filters and authentication protocols, can minimize risks.
  9. RansomwareRansomware locks systems until a ransom is paid. Victims face data breaches and prevention challenges if their systems lack robust defenses. Regular updates and next-generation firewalls ensure attackers are thwarted.
  10. SQL Injection AttacksSQL injections exploit database vulnerabilities, leading to severe data breaches issues. Following a least-privileged access model and auditing code regularly ensures robust cyber threat prevention strategies.