System intrusion: What it is, why it matters, and how to combat it

System intrusion: What it is, why it matters, and how to combat it

Posted by HSSL Technologies on Nov 1st 2023

Most cyberattacks today begin with system intrusion. This occurs when an attacker uses stolen credentials, phishing attacks, or other means to gain access to your system.

Once inside, they, or the malware they place there, can go undetected for long periods of time — often for months — during which time they perform careful reconnaissance. They can take the time to understand your network architecture, scan for unprotected ports, discover where critical, high-value data is stored, exfiltrate that data, identify users with high access privileges, and much more.

All of this intelligence can then be put to use in planning a major data theft, system sabotage, or other form of potentially crippling attack.

Dwell time

Dwell time refers to the amount of time that intruders are able to spend inside your system without being detected. As mentioned above, this can be a very long time indeed, especially in systems that do not scan for anomalous internal traffic or employ sophisticated outbound-traffic scanning to prevent data loss.

The faster you are able to detect and mitigate a system intrusion, the more you can limit the ultimate damage that criminals can do. Robust intrusion detection systems (IDS) that employ machine learning to monitor internal and outgoing traffic and identify anomalies can go a long way toward minimizing an attacker’s dwell time in your system.

RDP and VPN intrusion

Remote desktop protocol (RDP) and virtual private network (VPN) connections are among the most common points of intrusion. The simplest reason for this is how common they are, especially in the post-COVID-19 era. The vast numbers of VPN and RDP connections in use by organizations of all types represent a massive attack surface that organized cybercrime gangs can’t resist probing.

What are they looking for? Well, a lot of these connections have weak or even nonexistent user authentication mechanisms, offering a lot of opportunities for brute force attacks that over time can find and leverage access credentials.

In addition, vast numbers of RDP and VPN credentials have already been stolen and are available for sale to criminals on the dark web — at very reasonable prices.

I’ve written before about how we are now living in the “post-breach era,” which simply means that there have been so many massive breaches of credentials that effective security strategies must start with the assumption that basic username-and-password access controls are no longer sufficient.

Zero Trust Access controls are one way to respond to this problem. By continuously monitoring for anomalous geolocation, IP address, time and date of connection attempts, resources being accessed, and more, Zero Trust systems provide a much stronger way of preventing intrusions than traditional credentials and even multifactor authentication schemes. Check out Barracuda Zero Trust Access to learn more about how this technology can help protect your organization.

Phishing and insider threats

Of course, exploiting poorly defended RDP and VPN connections is not the only way that criminals can launch system intrusions.

Phishing remains a very popular way to steal live credentials by simply tricking users into giving them away. Phishing is considered a core example of an insider threat — that is, a threat that comes from users being insufficiently trained on how to identify malicious or suspicious emails.

Insider threats come in many forms. For a more thorough discussion of this issue, check out this blog post from last year.

Modern security awareness training systems such as Barracuda Security Awareness Training that use frequent simulated phishing attacks have been shown to be a highly effective means of reducing your risk of system intrusion based on phishing. Well-trained users are transformed from an insider threat to an additional layer of security.

Unpatched systems and software

Surprisingly — or perhaps not — one of the things cybercriminals are always looking for, and frequently finding, is software or other system components that are not up to date on patches and updates.

Those patches and updates from software vendors are very often created to repair a newly discovered security vulnerability. If you don’t keep your software up to date, there’s a very good chance that criminals will find and exploit that vulnerability to infiltrate your system and begin the reconnaissance efforts that can eventually result in a data breach or other devastating and costly attack.

Understand and protect your entire attack surface

The bottom line is that you should do everything you can to prevent and detect system intrusions, and that means applying comprehensive security across your entire attack surface. The Barracuda Cybersecurity Platform combines integrated Email Protection, Application Protection, and Network Protection to optimize your system-wide defense against vulnerabilities that can lead to system intrusion.

In addition, consider outsourcing your cybersecurity management with Barracuda Managed XDR, an innovative cybersecurity-as-a-service platform that dramatically reduces your IT overhead while providing full-time monitoring and fast, expert incident response.