Network Intrusion


A network intrusion is any unauthorised activity on a computer network.

Network intrusions can be incredibly damaging, and can impact organisations in a number of ways. These can include:

- Further spreading of malicious software (malware) e.g. ransomware
- Data breaches
- Secondary crimes if customers are affected such as fraud
- Physical and environmental damage if critical national infrastructure is involved

Attackers use various methods to compromise networks. For example, Phishing emails delivering malware is a very common way for attackers to gain access to networks.

Accounts with weak passwords and outdated software are also easy ways in for attackers, as shown in one of our investigations involving a South West based retailer. The retailer hadn't patched their Magento ecommerce platform for 6 months, and coupled with an old admin account which had lain dormant for 2 years with a weak password, these vulnerabilities allowed attackers to compromise the company's web payment pages and fraudulently obtain credit card details entered by customers.

Intrusions can be especially sinister, as an attacker can lay dormant for months or even years gathering information on a company's infrastructure before launching further attacks.

ADVICE

Educate and train staff to defend against Phishing attacks
For advice on how to spot and defend against phishing, see the NCSC's guide on this at https://www.ncsc.gov.uk/phishing

Use Multi-Factor Authentication (MFA)
MFA should be a high priority for any and all organisations. MFA is like an additional layer of defence to stop attackers from gaining access to accounts. MFA means that access is only granted after successfully presenting more than one piece of evidence that you are who you say are. These pieces of evidence include one-time codes from authenticator apps, or biometrics.

MFA is fantastic for defending against Brute Force attacks, where attackers repeatedly trial and error huge numbers of possible passwords.

Use strong and separate passwords
Secure your website login account with a strong password, and do not reuse that password across different accounts. A strong password combines random words into a long phrase (e.g. 'ThreeRandomWords') - you can also misspell words or substitute symbols/numbers to strengthen a password (e.g. 'Thre1!Rando3!word5!')

Ensure that your firewalls are switched on
Most popular operating systems now include a firewall, so make sure it's switched on.

Install, enable and update anti-virus/anti-malware
All devices should have anti-malware/anti-virus software in place that can have, including mobiles/tablets/routers/anything that interacts with your corporate networks.

Updates and patching
As a minimum, organisations need to ensure that ALL devices and software are always fully patched. This should extend to third party solutions.

Principle of Least Privilege
For Network intrusions this more applies to administrators, but it's good advice that applies to all areas of your business. This principle states that people should only have the absolute minimum access that they need to do their role, and nothing more. If done right, this can prevent or minimise the damage an attacker can do if accounts are compromised or if certain people are socially engineered.

Reduce your attack surface
As a rule, if you don't need something, then disable or remove it. The fewer devices/pieces of software/accounts you have, then the fewer vulnerabilities you have.

For further advice on securing your organisation, check out the recently refurbished NCSC website at https://www.ncsc.gov.uk/

Reporting
If you've been affected by this or any other type of cyber crime, report the details to Action Fraud (0300 123 2040 / www.actionfraud.police.uk). Always keep an eye out for any suspicious follow up activity as well.

By using this website you agree to our use of cookies to enhance your experience. I understand