Smartphones, tablets, and laptops are considered endpoints, connected to a network terminal.
If they are not protected, these devices bring cybersecurity vulnerabilities to an organization, since they open gaps for the action of malicious actors, who use more sophisticated tools every day.
We asked senhasegura what the main risks are associated with endpoints.
Why Should I Worry About Managing Access to Endpoints? It is essential to manage access to endpoints and ensure their security. In this way, it is possible to identify cyber threats and eliminate them, preventing an endpoint from becoming a gateway for cyberattacks. Main Risks Associated with Endpoints Endpoints are associated with several risks for organizations that do not invest in preventive measures related to these devices. Among them, we can highlight: Phishing (Social Engineering)
Phishing is one of the less sophisticated cyberattacks, but it has many victims these days. It occurs through messages that use social engineering to manipulate the user, pretending to represent a legitimate and reliable institution. These messages ask for personal information, ask you to click a link or download a malicious attachment, deploy malware to your endpoint, and compromise the security of the institution it is connected to.
One of the factors that make these attacks successful is the lack of investment in cybersecurity, which includes raising awareness and empowering professionals who can cope with these threats.
Outdated Software
Outdated software opens loopholes for hackers, who exploit vulnerabilities and gain access to a network through legitimate programs. Therefore, it is important to pay attention to the quality of the software, which must come from reliable sources. Another important measure is to update Windows and other operating systems in order to use always updated software. Malware
Some ads, appearing on respected websites, pose a cyber threat by propagating viruses and malicious software without even receiving a click from the user or directing them to an unwanted destination. This scam with sophisticated malware is known as malvertising and has already claimed victims on websites like Spotify and The New York Times. Ransomware
Another cyber threat associated with endpoints is ransomware, capable of encrypting the victim’s files that can only be accessed upon payment of a ransom. Often, this application simulates the legitimate program run by users, but some more current and sophisticated versions do not require any action on the part of the victim. To get a sense of the scope of this type of threat, in 2017, the WannaCry attack reached 150 countries, making global organizations such as Vivo, Nissan, Renault, Honda, and Hitachi become victims.
Unlike other attacks that target large organizations, ransomware can affect any person or institution, who is forced to pay ransom to unlock their files. This is often because the ransom amount is much lower than the incident recovery cost. Insurance companies have even created a cyber insurance product to cover expenses with ransomware infection data ransom payment. Attacks with Data Theft
One of the ways hackers have found to target large organizations is by exploiting vulnerabilities in their vendors’ endpoints, accessing servers, and stealing private or confidential information
.
This mode of action can also be applied to small companies, which have their business structures, financial data, and patents compromised.
Privileged Account Attacks
Another approach of hackers is to attack privileged accounts through escalation of privileges, lateral movement, and credential stuffing, which we detail below:
Escalation of Privileges
In this case, malicious agents have access to privileges and resources they would not have if they were using default permissions. In this way, they are able to execute commands and access sensitive data. They can also damage the operating system by dropping malware or ransomware.
There are two types of escalation, horizontal and vertical. In the first, the attacker uses low-level privileges. In the second, a user who has an account with few privileges may have more privileges than an administrator user. Lateral Movement
Lateral movement is related to strategies used by malicious agents to access systems and compromise the assets of a network, moving through devices.
In this sense, cybercriminals can take advantage of loopholes related to the routing of networks, ports, and protocols, and the application of legacy devices and personal devices.
Credential Stuffing
In this type of attack, criminals take advantage of data leaks to use leaked credentials and access accounts through tools that make it possible to automate login attempts. This type of attack can be used for numerous purposes and is often successful when users use the same credentials for multiple services. About senhasegura senhasegura is part of the MT4 Tecnologia group, created in 2001, intending to promote cybersecurity.
Currently, the organization is present in 54 countries, providing its customers with control of privileged actions and data and avoiding the action of malicious users and data leaks. The operations of senhasegura assume that digital sovereignty is a right of all and that this goal can only be achieved through applied technology. In summary: endpoints are connected to a network terminal;
This is the case for laptops, smartphones, and tablets;
It is critical to invest in cybersecurity and prevent an endpoint from opening gaps for a cyberattack;
Among the main risks associated with endpoints, we can highlight: phishing; outdated software; malware; ransomware; attacks with data theft, and privileged account attacks.
Comments