July 27, 2016
-
Joe Franscella
,

5 Ways to Prevent an Untargeted Attack

<p>The Internet is lurking with all manner of thieves and spies. Hacking tools which are more and more sophisticated are being churned out in greater numbers. All manner of threats can be categorized into either a targeted or untargeted attack. The distinction is that targeted attacks are delivered to you personally, whereas <a href="https://www.anomali.com/blog/targeted-attack-vs.-untargeted-attack-knowing-the-difference">an untargeted attack is a “trap”</a> you engage yourself. Here are the five main ways to prevent bringing this devastation about.</p><ol><li>Use up to date anti-malware software, preferably <a href="{page_244}">integrated with threat intelligence</a>. Automated tools and scripts are crawling the web right now looking for networks to exploit or penetrate through brute force. Having a firewall and looking out for worms, Trojans and other forms of viruses, requires the most current definitions. Get the best platform you can and update it regularly.<br/>  </li><li>Have strong security policies and follow them. Your business could fail permanently after a breach. Don’t risk your future on an assumption people are not abusing Internet privileges. Be selective about when to log in with administrator credentials. Not every employee needs access to every file, so limit access on an as-needed basis. If possible, block out all non-work related traffic. Forbid downloading of software, especially games and music. Pirated software is <a href="https://www.techsoupcanada.ca/en/community/blog/thar-it-blows-the-dangers-of-pirated-software" target="_blank">infected with malware 1/3</a> of the time.<br/>  </li><li>Have a cyber-crime emergency plan. Regularly create backups for the event malware brings about a ransomware attack. If an untargeted attack allows criminals to access your network, they could find it valuable. A black market exists where the perpetuator of an untargeted attack can sell the personal information about employees, students, patients, etc. If others have been done harm because you were the victim of an untargeted attack, you are still responsible for making amends. Losses include making financial restitution, lost production, compromised company secrets, and the cost of crisis communication to manage the reputation damage.<br/> <br/> Ransomware is a targeted attack, however, it is often brought about as result of bringing about an untargeted attack. If a virus is holding your network and all of its files and programs hostage, some say not to pay, whereas others say to acquiesce to their demands and try to never let it happen again. In the event the powers that be decide paying the ransom is easier, know in advance how to access crypto-currency. This way, the payoff can happen as quickly as possible minimizing productivity lost during down time.</li></ol><ol start="4"><li>Fight fire with fire. You can hack back by deceiving cyber-criminals and taking a page from their playbook. Using a honeypot to gather intelligence will give you detailed evidence to examine after the threat of an untargeted attack. Use hacking techniques on yourself to identify weaknesses and address them before they’re exploited. Tools are available to explore your network for credentialing weaknesses like <a href="http://www.darkreading.com/application-security/x-zz-top-list-of-password-guesses-attackers-try-when-breaking-into-systems/d/d-id/1324517" target="_blank">default or easily guessable passwords</a>.<br/>  </li><li>Be educated and think before you click. Even work-authorized sites could be infected with malware. Look out for infected sites or spam-bot emails, and do not install unauthorized software applications or click pop-up ads. Let less experienced web users know if they’re not sure about a web link, it’s preferable to ask.</li></ol><p>With increasing sophisticated techniques for targeted attacks, some say an untargeted attack is going after “low hanging fruit.” Still, enough people are reaching for said fruit to make it absolutely necessary for you to be aware of and protected from the realities of the dangers lying in wait.</p><p>Make sure you are not in the pathway of an attack and build your threat intelligence program today.</p><p><span class="hs-cta-wrapper" id="hs-cta-wrapper-f68f0b2e-fb62-48eb-acd6-8b2ad6455083"><span class="hs-cta-node hs-cta-f68f0b2e-fb62-48eb-acd6-8b2ad6455083" data-hs-drop="true" id="hs-cta-f68f0b2e-fb62-48eb-acd6-8b2ad6455083" style="visibility: visible; display: block; text-align: center;"><a class="cta_button" cta_dest_link="{page_3451}" href="https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=0a81b108-0c35-466f-8ccb-36ff661bc040&amp;placement_guid=f68f0b2e-fb62-48eb-acd6-8b2ad6455083&amp;portal_id=458120&amp;redirect_url=APefjpFSKMC0NjaY_OjUFZ8oZvIposQ6gw_NJN0gRAlO5p7aF9xGfBpXpEv8fLyyaN2dYsFqoAr2krywvowmTVvCulY5BAMaHUx3ag9dvGvZfbt1wKPqCgZvHJgri4PeXUyyoV0yeDgBf-Jn1bxhfIL9z8iXuXKTbi1pPOo6ExEgjgdniuPylClHgB_JXTl3IFaQPzyMwFCacHLCcQh12PqtRGrTfZTLkKeeCXigF0yyTc7F4F1jl6d7S_mK0gYCsa1J1-wpXl0jSuye8eBiq5nNpk_p0oUyJ2s4EY717V9wpXpIxaikJJ8LPyLJSYeXUkFoSM6sgFatgpN8YZfgMvJsKsfgbs14pA&amp;hsutk=2767d93d6471d657e0c9f660e4b58ef8&amp;utm_referrer=https%3A%2F%2Fblog.anomali.com%2Ffive-ways-to-prevent-an-untargeted-attack&amp;canon=https%3A%2F%2Fblog.anomali.com%2Ffive-ways-to-prevent-an-untargeted-attack&amp;pageId=4277489336&amp;__hstc=41179005.2767d93d6471d657e0c9f660e4b58ef8.1456736058655.1478822660171.1478831861868.179&amp;__hssc=41179005.68.1478831861868&amp;__hsfp=1335165674" id="cta_button_458120_0a81b108-0c35-466f-8ccb-36ff661bc040" style="margin: 20px auto;" target="_blank" title="View It Here">View It Here </a> </span> <script charset="utf-8" src="https://js.hscta.net/cta/current.js"></script> <script type="text/javascript">hbspt.cta.load(458120, 'f68f0b2e-fb62-48eb-acd6-8b2ad6455083', {});</script> </span></p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.