Network Infrastructure Vulnerabilities

What Is A Network Vulnerability?

A network vulnerability is a weakness or flaw in software, hardware, or organizational processes, which

Nonphysical network vulnerabilities typically involve software or data. For example, an operating system
(OS) might be vulnerable to network attacks if it’s not updated with the latest security patches. If left
unpatched a virus could infect the OS, the host that it’s located on, and potentially the entire network.

Physical network vulnerabilities involve the physical protection of an asset such as locking a server in a
rack closet or securing an entry point with a turnstile.
Servers have some of the strongest physical security controls in place as they contain valuable data and
trade secrets or perform a revenue-generating function like a web server hosting an eCommerce site.
Often stored in off-site data centers or in secure rooms, servers should be protected with personalized
access cards and biometric scanners.

Prior to investing in security controls, a vulnerability risk assessment is performed to quantify the cost
and acceptable loss of the equipment and its function. As with all things in cyber security it’s a balancing
act of resources vs functionality that makes for the most practical solutions.
What Are The Different Types Of Network Vulnerabilities?

Network vulnerabilities come in many forms but the most common types are:

1. Malware, short for malicious software, such as Trojans, viruses, and worms that are installed on
a user’s machine or a host server.
2. Social engineering attacks that fool users into giving up personal information such as a
username or password.
3. Outdated or unpatched software that exposes the systems running the application and
potentially the entire network.
4. Misconfigured firewalls / operating systems that allow or have default policies enabled.

It’s important that your network security team address these factors when assessing the overall security
posture of your systems.

When left unchecked, these vulnerabilities can lead to more advanced attacks such as
a DDoS (distributed denial of services) attack, which can bring a network down to a crawl or prevent
users from accessing it altogether.

1. Malware (Malicious Software)

Malware is a malicious software that is unknowingly purchased, downloaded, or installed. The use of
malware to exploit network vulnerabilities continue to rise hitting an all time high of 812.67 million
infected devices in 2018.

Systems infected with malware will present with symptoms such as running slower, sending emails
without user action, randomly rebooting, or starting unknown processes.

The most common types of malware include:

 Viruses
 Keyloggers
 Worms
  Trojans
 Ransomware
 Logic Bombs
 Bots/Botnets
 Adware & Spyware
 Rootkits

Malware is often deployed through phishing emails. In short, threat actors send emails to employees
containing links to websites or embed attachments within the email itself. If an action is taken, such as
clicking the link or downloading the attachment, the malicious code is executed and you can consider
yourself breached.

Viruses

A virus is the most common type of malware attack. In order for a virus to infect a system it requires a
user to click or copy it to media or a host. Most viruses self-replicate without the knowledge of the user.
These viruses can be spread from one system to another via email, instant messaging, website
downloads, removable media (USB), and network connections.

Some file types are more susceptible to virus infections – .doc/docx, .exe, .html, .xls/.xlsx, .zip. Viruses
typically remain dormant until it has spread on to a network or a number of devices before delivering
the payload.
Keyloggers

Keylogging, or keyboard capturing, logs a user’s keystrokes and sends data to the threat actor. Users are
typically unaware that their actions are being monitored. While there are use cases for employers using
keyloggers to track employee activity, they’re mostly used to steal passwords or sensitive data.
Keyloggers can be a physical wire discreetly connected to a peripheral like a keyboard, or installed by a
Trojan.

Worms

Similar to a virus, a worm can also self-replicate and spread full copies and segments of itself via
network connections, email attachments, and instant messages. Unlike viruses, however, a worm does
not require a host program in order to run, self-replicate, and propagate. Worms are commonly used
against email servers, web servers, and database servers. Once infected, worms spread quickly over the
internet and computer networks.

Trojan Horses

Trojan horse programs are malware that is disguised as legitimate software. A Trojan horse program will
hide on your computer until it’s called upon. When activated, Trojans can allow threat actors to spy on
you, steal your sensitive data, and gain backdoor access to your system.

Trojans are commonly downloaded through email attachments, website downloads, and instant
messages. Social engineering tactics are typically deployed to trick users into loading and executing
Trojans on their systems. Unlike computer viruses and worms, Trojans are not able to self-replicate.
Ransomware / Crypto-Malware

Ransomware is a type of malware designed to lock users out of their system or deny access to data until
a ransom is paid. Crypto-Malware is a type of ransomware that encrypts user files and requires payment
within a time frame and often through a digital currency like Bitcoin.

Ransomware attacks can have a devastating impact. For example, current estimates of the Baltimore
ransomware attack is up to $18 million in damages. Like viruses, worms, and Trojans, ransomware is
delivered via email attachments, website downloads, and instant messages and spread through phishing
emails or infected websites. There is no guarantee that paying the ransom will grant access to your
files/data and the recovery process can be difficult and expensive.

Logic Bombs

Logic bombs are a type of malware that will only activate when triggered, such as on a specific date/time
or on the 25th logon to an account. Viruses and worms often contain logic bombs to deliver its payload
(malicious code) at a pre-defined time or when another condition is met.

The damage caused by logic bombs vary from changing bytes of data to making hard drives unreadable.
Antivirus software can detect the most common types of logic bombs when they’re executed. However,
until they do, logic bombs can lie dormant on a system for weeks, months, or years.
Bots/Botnets

Botnet, short for roBOT NETwork, is a group of bots, which are any type of computer system attached to
a network whose security has been compromised. They are typically controlled remotely.

The Mirai botnet was able to gain control of internet of things (IoT) connected devices like your DVR,
home printer as well as smart appliances by entering the default username and password that the
devices shipped with. The threat actors deployed a DDoS (distributed denial of service) attack by sending
large amounts of data at a website hosting company, causing many popular websites to be taken offline.

Adware & Spyware

Adware and Spyware are both unwanted software. Adware is designed to serve advertisements on
screens within a web browser. It’s usually quietly installed in the background when downloading a
program without your knowledge or permission. While harmless, adware can be annoying for the user.

Spyware, on the other hand, is a type of malware designed to gain access and damage your computer.
Spyware collects user’s information such as habits, browsing history, and personal identification
information (PII). Attackers then sell your data to advertisers or data firms, capture your bank account
information, or steal your personal identity. Spyware is often downloaded in a software bundle or from
file-sharing-sites.
Rootkits

Rootkits are a back door program that allows a threat actor to maintain command and control over a
computer without the user knowing. This access can potentially result in full control over the targeted
system. The controller can then log files, spy on the owner’s usage, execute files and change system
configurations remotely.

While traditionally deployed using Trojan horse attacks, it’s becoming more common in trusted
applications. Some antivirus software can detect rootkits, however, they are difficult to clean from a
system. In most cases, it’s best to remove the rootkit and rebuild the compromised system