Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

The Internet-Based Threats Putting Your Organization at Risk

Published 05/15/2023

The Internet-Based Threats Putting Your Organization at Risk

Originally published by Lookout.

Written by Stephen Banda, Senior Manager, Security Solutions, Lookout.

The way we connect in the workplace has changed. For one, “the workplace” isn’t just limited to the office anymore, and that means instead of relying on a corporate network, employees are using the internet to get their work done. While this has been a game-changer for enabling productivity, this reliance on the internet also opens you up to a host of internet-based threats.

Internet-based threats like phishing are some of the most common methods used by attackers to compromise your organization's security, and reliance on the internet gives them countless more attack vectors and opportunities to compromise your enterprise.

As you embrace the productivity boost that comes with using the internet as your default corporate network, you need to stay vigilant against these internet-based threats.

Common internet-based threats you need to be aware of

Because everything is so interconnected these days, internet-based threats also do not live in isolation. As you’ll see below, they are closely linked to each other as a broader spectrum of risk that comes from the web.

Social engineering

Social engineering is the classic approach to phishing, where the attacker takes a personal approach. They use details about you or your position that make them seem like a real person to trick you into giving up important information. This used to occur mainly in the context of business email compromises (BEC), but have since evolved to include modern devices like smartphones and tablets.

Attackers typically do some sort of research on their intended victim and create a fake story to gain their trust. The pernicious part of social engineering attacks is that attackers can end their interaction without arousing suspicions, leaving victims with no idea that their security has been compromised.

When Pegasus spyware was first discovered, it was because a journalist was sent a link from an anonymous "source" who said they had tips about a specific story the journalist was working on. Another common social engineering scheme often pops up around tax season, with attackers pretending to be accountants or IRS employees and trick people into sharing their financial information.

Impersonation and DNS spoofing

Impersonation and DNS spoofing are like a leveled-up version of social engineering, and even savvy users can fall for these tricks. Attackers who use these tactics create real-looking websites that users then input their real login information. Once the attackers have these credentials, they can access sensitive data and the site can even install malware.

One version of this is impersonation, in which attackers create a fake URL that's very close to the URL of the original site. Unless users have a very keen eye, a subtle difference in the URL is easy to miss, and is even more difficult on a mobile device.

In DNS spoofing, attackers alter the DNS records to redirect traffic to a fake, imitation website. Because the user is attempting to go to a real URL, they often have no reason to be suspicious that their destination isn't legitimate.

Account compromise

If users fall prey to phishing techniques, one of the major consequences can be account compromise. That's when attackers gain access to online accounts with the intention of stealing sensitive data.

This happens in a number of different ways. Maybe your information was previously leaked as part of a data breach or your password was simply weak. Or it could have occurred because you fell for a phishing scam.

If even a single employee falls victim to account compromise, it can have wide-ranging effects on your organization. Earlier this year, cloud communications company Twilio announced that attackers had breached their system using employee credentials obtained through a phishing attack. After that breach, the attackers were able to target users of the encrypted messaging app Signal, which is a Twilio customer.

Malware delivery

Another pernicious threat lurking as users browse the internet is malware. Malware is often delivered via phishing tactics, and once a device has been infected, it can steal sensitive data, surveil users, and even infect other devices. Ransomware, which is a form of malware that encrypts files that can only be decrypted if you pay attackers a ransom, is also on the rise.

It's become even easier for attackers to deliver malware thanks to the growth of malware as a service. These kits are inexpensive to obtain and easy to set up. And because attackers often reuse pieces of older malware to build new malware, it's a threat that is always evolving.

How to stay vigilant against internet-based threats

There are a lot of ways using the internet as your corporate network can leave you vulnerable, but staying secure is possible.

Look for a solution that provides DNS-layer security, which continuously monitors the internet for potentially malicious sites and blocks them before users can encounter malicious content. Inspection of inbound and outbound traffic is also critical, as it enables you to see when malware is being uploaded and prevent data leakage to the public internet.

In the past, you may have turned to an on-premises secure web gateway (SWG) to solve these problems, but with employees working from everywhere, this is no longer the best solution. Instead of hair-pinning traffic with an on-prem tool, look for a cloud-delivered solution as part of a broader security service edge (SSE) platform that will help you optimize performance and security, no matter where your users are. One that has a unified policy around data leakage, unsanctioned web apps, and acceptable use.

Share this content on your favorite social network today!