Monte Robertson, CEO of Software Security Solutions, provided FOX Business with a summary of popular cyber security attacks and how to identify them during or after:
- •Attacks from Scareware are easily discovered because the attackers say if you give them money, the “infection” that THEY put on your computer will be removed
- •Attacks from BOTS can mean the compromised machines are sending out spam e-mail or you see a jump in network traffic coming from those infected machines-monitor for those signs.
- •Attacks from viruses have taken a back seat and are not as common as they used to be. Viruses are written differently and their results vary. Watch for e-mail and file propagation levels to jump throughout the network and the slowing down of computing resources, which can be you've been infected.
- •Attacks from Trojans are very common these days. They are usually delivered from surfing on the web or via BOT. They are stealthy and do not want to be discovered. Watch for critical data leaking out of the network.
- •Attacks from Password Crackers, Keyloggers and Malware are also difficult to detect and are delivered from surfing the web and BOT infection. Watch for unknown programs being installed on computers (Antivirus alone will not usually help here).
- •Attacks on databases are designed initially to be stealthy and take place over time. This threat surface area is now getting the attention it needs. Watch database logs for; who is accessing what data, who is queering what data, what data is moving where in the database. Watch the logs. Watch for and do everything you can to prevent SQL Injection attacks.
- •Attacks from the Internet happen all day and night, every day of the year. Watch the firewall logs to make sure you know what kind of attacks are happening and when. This monitoring and reporting should be done in real time.
Robertson also added, “Keeping up with network security requires regular maintenance, just like anything else you use on a daily basis.”