Who is attacking us?

Streamscan regularly helps organizations that have been victims of cyber attacks and ransomware to eradicate the incident and get back into production as quickly as possible.

When an organization is victim of a cyber attack, it is legitimate to ask questions.

In this article we will answer some of the questions we hear most often during cyber attacks.

Question 1: We don't want to hurt anyone, why were we attacked?

Answer: It's not personal, you were just unlucky! Today the vast majority of computer attacks are not launched by humans, but by automated bots/malware that scan the Internet 24/7 for vulnerable systems. These bots are very often computers of individuals or organizations that hackers infect (commonly called zombies or bots) and control remotely to launch attacks against third parties. There are millions of controlled zombies around the world and the number is growing.

Most of the time, these bots stumble upon your network while scanning the Internet. As soon as they spot a vulnerability on your exposed systems on the Internet, you are a great target. The bot will then try to exploit the vulnerability to take control of your system. If it succeeds, the hacker controlling the bot takes over and enters your network. You have just been the victim of a cyber attack. That's just bad luck!

Solution: do regular vulnerability scans on your exposed systems on the Internet. Fix your vulnerabilities quickly before a bot finds them. Remember, bots are running 24/7! You can't afford to wait until Monday to apply patches when a major vulnerability is reported on Friday!

Question 2: It seems to me that our network is well secured?

Answer: Unfortunately not. In many organizations that have been victims of cyber attacks, we see that the security tools in place are limited to antivirus and firewall. Some organizations use Office365 with very few security features enabled. Employees have little or no awareness of cybersecurity risks. And yet, these organizations still have the misperception that they have good security. This is due to the persistent myth that an antivirus and a firewall are sufficient to protect against cyber attacks. This was true in 1990, but not today!

Solution: adapt to the evolution of cyber attacks. You can't continue to protect yourself in 2022 with 1990 means. Today, in addition to antivirus and firewall, you need an intrusion detection system (IDS/IPS/NDR). You also need to monitor your network security 24/7 to detect and eradicate attacks at the source before they become a problem.

Question 3: Is this a difficult attack to detect?

Answer: Unfortunately not. Hackers are not yet at the stage of massively using Artificial Intelligence (AI) to attack networks. Basic attacks still work very well. For example, brute force attacks are still one of the most successful ways to hack into networks. In such an attack, via an automated tool, the hacker tries several password combinations hoping to find a valid password in your network. If he finds one, you have just been hacked.

Paradoxically, this type of attack makes a lot of noise and only minimal network monitoring is needed to detect them. If you don't monitor your network security, it's only a matter of time before you get hacked.

Solution: Don't just deploy security tools. You must constantly monitor your network security. Leave no blind spots. Attack bots work 24/7, your network must be monitored 24/7 as well.

How Streamscan can help you

Our Managed Detection and Response (MDR) monitoring service operates 24/7 and helps our partners stay safe from cyber attacks. Our long experience in incident response allows us to know what ways and methods are most used to hack networks. So we know exactly what to look out for to protect you effectively.

We also work with you on your day-to-day cybersecurity and make sure you're safe at all times.

Talk to one of our experts or call us at +1 877 208-9040.