What's New in Cybersecurity & How to Keep Your Servers Secure
The more digitized we become, the more hacking and malware become more sophisticated. From consumer to enterprise and to government, attacks are on the rise, and everyone must be on the lookout. With hackers attempting to attack every 39 seconds on average, it’s best to stay updated with cybersecurity news and constantly improve policies and practices.
New Forms of Threat
If PCs were usually the targets, hackers are now starting to realize that enterprise servers might be a better target, since organizations often handle sensitive data.
A new type of malware focuses exactly on that: servers, along with the databases that store crucial company data. PureLocker ransonware received its name because it’s written in PureBasic, an unusual programming language for malware, but which allows the virus to be easily transferred between different operating systems, like Windows, Linux, and OS-X. PureLocker encrypts servers and it’s said to be delivered via phishing methods. Hackers then ask for a ransom in cryptocurrency in exchange for the decryption key, with the threat that data will be destroyed in case the ransom is not paid.
However, ransomware is being slowly overcome by cryptocurrency mining. With blockchain and cryptocurrency spreading, it’s no wonder hackers are looking into ways to illegally benefit from these technologies. If ransomware is a direct way of asking for money, cryptocurrency mining is a stealth way of using other people's or companies' system resources to gain illicit profit. Cryptocurrency mining software, however, is not malware; it's a software that leverages computing power, and even big companies have been a victim to this sort of attack, for instance, Oracle’s WebLogic Servers.
The number of Distributed Denial of Service (DDoS) attacks is also on the rise. Although the number of large-scale DDoS attacks continues to grow, the trend is heading towards smaller and untraceable DDoS attacks. The reasoning behind this is that a huge DDoS attack is simple to detect and you can just shut down the entire infrastructure and bypass the attack, whereas the smaller DDoS attacks are easier to overlook and can cause a lot of damage.
However, DDoS attacks are also growing in scale. The largest attack as of late was on the Wikipedia servers and carried on for almost three days, initially affecting Europe, Africa, and the Middle East, then also the US and Asia. Their web servers were flooded with fake HTTP traffic and it’s thought to have been in the terabits-per-second range.
A new type of attack is the Denial of Service (DoS) attack that targets the data processing algorithms of websites. This is a more hidden attack than a normal DDoS one, since it originates from only one machine but can take down whole websites and can even cause server outages. These sly DoS attacks may not be as massive as the DDoS attacks but can produce the same destructive results by feeding junk data to algorithms and causing a “traffic jam” inside the server.
New Technologies to Keep an Eye On
The latest developments in 5G will allow millions of IoT devices to be connected to the ultra-fast Internet network. It’s estimated that in 2020 there will be around 36 billion IoT devices, ranging from light bulbs to vehicles and even to smart homes. 5G will allow a download speed of up to 10Gbps for these IoT devices, but will also expose them to security threats, such as DDoS, botnets, RFID spoofing, malware, and others.
AI algorithms will become essential in both helping manage the massive number of Internet-connected devices and in securing them. Thus, AI and ML have an important role in cybersecurity in the coming years - the very technology that’s threatening us, might also be the technology that helps us overcome it, with artificial intelligence and machine learning improving companies’ ability to anticipate and prevent breaches. According to a report by Capgemini, since cyber analysts are overwhelmed by attacks, close to half (48%) of the interrogated firms said that budgets for AI in cybersecurity will increase by an average of 29% in 2020.
Cloud computing has been a buzz word for a while now, but having all data online, in the cloud, is a double-edged sword: it helps with backup but hinders security. Hacking, privacy breaches, and cyberattacks are common risks in the cloud. According to Armor analysts, cloud customers suffered 681 million cyberattacks in 2018.
If your data is in the cloud, keep your eyes open. Hackers have found ways of getting into larger enterprises through third-party vendors: as much as 56% of businesses say they suffered data loss, and 44% experienced data breaches, due to a vendor. Follow on G2’s advice and include security on the list of criteria for choosing IT vendors.
How to Avoid Ongoing Problems
The leading cause of data breaches remains human error (in data centers also, as we learned in our Halloween SysAdmin Quiz), meaning that the biggest security threats come from within the company. Good thing we’re slowly looking at biometric security, since “official password rules,” as we know them today, are not that secure after all. 2020 will probably see a rise in security training for employees in organizations worldwide, and you should be part of the trend.
But who will hold the training? According to a report by Cybersecurity Ventures, there will be a 350% growth in open cybersecurity positions from 2013-2021 and 3.5 million unfilled cybersecurity jobs worldwide in the next few years. With cyberattacks growing in number and complexity, the understaffed security departments are at a loss to keep up. As a result, we trust that the number of universities and online courses in cybersecurity will also grow.
An exploit usually gets more dangerous once the code has been posted online, such as on the exploit-db website, since that is when any script kiddie has access to it and can run them freely. Although they usually don’t do anything as they lack the skills, you never know who or what can get inside your servers. It’s best to just stay updated and follow best practices.
Best Practices in Cybersecurity for Server Infrastructure
When it comes to your infrastructure, there are several best practices that you should keep in mind:
- Use strong passwords
- Change passwords regularly
- Use multi-factor authentication
- Use password hashing for securely storing credentials
- Remove and delete inactive users
- Segregate your network
- Scan servers for viruses
- Update software & OS
- Have a patch management strategy
- Monitor and baseline network protocols
- Use NAT (Network Address Translation)
- Use firewall
- Use SSH key authentication
- Use VPNs
- Use honeypots and honeynets
- Encrypt data
- Only install trusted software
- Detect insider threats
- Scan for vulnerabilities regularly
- Backup data regularly
- Monitor third-party access to your data
- Automate response to attacks when appropriate
- Physically secure your network equipment
- Don’t know what to do? Hire a professional.
Cyberattacks are not only aimed at big enterprises; a staggering 65% of cyberattacks are aimed at small and medium-sized businesses. With this in mind, all organizations should focus on three things in 2020: proper, updated cybersecurity policies, good infrastructure security, and educating employees about the dangers in information technology security. Just as important, having the right certifications and security audits in place will become increasingly more crucial for IT companies worldwide.