Evolving cyber risk is a constant concern for companies in Brazil and around the world.
In general, the Brazilian cyber security scenario has evolved positively, as indicated by many recent surveys on the subject.
One of the most recent, published on September 12 by the International Telecommunication Union (ITU), is theGlobal Cybersecurity Index 2024(GCIv5).
Brazil ranks second in cyber maturity in the Americas, rising from 6th place in 2018 to 3rd in 2021.
However, despite these advances, there is still a lot to do, as cyber threats are constantly evolving, requiring organizations to keep their teams trained and aware of the risks and solutions.
The risks are twofold: directly against machines and directly against people.
Against machines, the main categories are – Denial of Service attacks – Unpatched vulnerabilities While against people, the major risk categories are: – Phishing – Lack of knowledge
The evolution of denial of service attacks
The first category of risk is denial of service attacks, a clear example of how evolving cyber risk affects organizations.
These attacks have been around for almost 30 years, and since then companies have been mitigating them with a variety of techniques and tools, often deployed even in routers.
Network services use IP blocking, traffic detour and packet analysis, among other measures, to prevent millions of malicious requests from overloading servers and blocking legitimate user requests.
However, hackers in the service of evil are increasingly developing new techniques to bring down services and servers, causing damage and threatening organizations with persistent attacks.
Often, these criminals demand a ransom to stop the attacks.
In many other cases, the attacks are carried out by hacktivists in the service of a cause, also damaging services and their users.
HTTP/2, a vector with great power
In recent years, various techniques have emerged for use in denial-of-service attacks, of which we highlight two that abuse the HTTP/2 protocol.
This protocol is an update – in fact, the first new version, published in 2015 – of the HTTP protocol. However, its qualities have been abused to degrade the functioning of servers with two types of attack. First, there is HTTP/2 Rapid Reset.
In this attack, invalid HTTP/2 requests are sent, but designed to cause an unexpected and abrupt connection reset on the server, leading to an overload and, eventually, a denial of service. To mitigate this attack, companies can adopt the following practices:
- Filtering requests,
- Limited connections,
- Monitoring and response, and
- Correct configuration.
Another type of attack related to HTTP/2 is the HTTP/2 Continuation Frame.
In this malicious technique, the attacker starts a legitimate HTTP/2 request with a header frame. It then injects continuation frames containing unauthorized or malicious data. As a result, the server interprets these frames as part of the original request, but this sequence can lead to unexpected behavior and server instability. To mitigate this type of attack, the following actions are recommended:
- Rigorous validation of frames,
- Limiting the size of frames, and
- Continuous traffic monitoring.
New threats in denial of service attacks
Two other types of denial-of-service attacks have been observed by telecommunications and network companies, such as Huge Networks.
Firstly, the Loop DoS.
The attacker usually looks for specific vulnerabilities in the system they want to target that can be exploited to create an infinite loop of requests, triggering unexpected or incorrect responses and thus degrading the service. To mitigate this type of attack, companies resort to:
- Regular security updates,
- Adequate and up-to-date firewall configurations,
- Limitation of requests, and
- Rapid response monitoring.
Then there’s DNSbomb.
In this type of attack, the attacker locates a critical DNS server for the organization and then sends out a large number of queries, usually using non-existent or invalid domain names.
The excess of queries results in the exhaustion of resources and, eventually, the interruption of services. To mitigate this risk, the main alternatives have been:
- Limiting the number of queries per IP,
- Use of redundant DNS services with load balancing.
Vulnerabilities and the growth of cyber threats
Attacks against machines are part of the evolving cyber risk, as they usually take advantage of well-known or even unknown vulnerabilities – in this case, called “zero days”, because they are at the stage where they have “zero days since they were first located”.
Nation-state espionage services sometimes exploit these unknown vulnerabilities for years before locating them.
In many cases, security researchers and the companies that manufacture the software solutions themselves often make the discoveries of these vulnerabilities.
As soon as they publish patches for these flaws, companies must apply them to all solutions in use immediately to prevent hackers from locating and abusing them.
From that moment on, they are no longer “zero days”.
Unfortunately, however, many flaws remain unpatched and are available to anyone who discovers them surfing the Internet.
Phishing and the evolution of attacks against people
Among the major categories of risk to people, phishing is undoubtedly one of the most dangerous.
The evolving cyber-risk also includes cyber crooks from all over the world who send out millions of emails every day carrying contaminated documents or links that lead to similarly contaminated pages or documents. In this case, the crooks copy fake pages and websites, logos and photographs in order to create an illusion of trust in those who browse the fake pages. Consequently, the malware in these items contaminates the victim’s computer and, once installed, opens the door to hacking into the machine, the network or both.
With just one click, the path potentially leading to a major cyber incident begins.
To combat this risk, companies invest in training, simulations and other strategies to keep all employees alert, ensuring that they don’t fall prey to the temptation to click, especially when using their own cell phones connected to the company’s Wi-Fi.
In addition, lack of knowledge represents a growing threat within the evolving cyber risk, endangering both employees and companies when they don’t know how to use strong passwords, two-factor authentication, biometric authentication and other security strategies.
Therefore, companies must continually educate their employees about cyber risks, viewing these programs as an investment rather than an expense. Did you like this content?
If you found this article useful and want to delve into more topics related to security, connectivity and technological innovations, explore the other articles on the Huge Networks blog.
