A cyberattack is any offensive action that targets computer information systems, computer networks, infrastructures, or personal computer devices. It can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks. There are different ways to compromise a system. Some of these are not well explored and need attackers to especially find a way to exploit them while others do not need as much effort. Attackers usually first find ways to use techniques and tools which require less customization and effort. They think, “Why take the hard way when we have an easy way?” A commodity attack is one such attack.
In this post, we’ll go more in-depth on commodity attacks. We’ll first understand in detail what commodity attacks are and the risks associated with them. And then we’ll learn how to mitigate commodity attacks.
Commodity attacks are the ones where attackers use readily available tools which require no customization. It requires less effort from an attacker but can still result in high gains.
Due to this nature of these attacks, a wide spectrum of attackers are able to use commodity attacks. From a script kiddie, who doesn’t acquire enough skills to go after complex security weaknesses, to a veteran attacker who wants to see what they can find while they’re working on complex attacks, commodity attacks are for everyone.
Commodity attacks depend on tools that are made for security professionals (ex: penetration testers) and tools built with malicious intent. Attackers can use them to target a specific vulnerability in operating systems and applications for malicious purposes. Poison Ivy is one such commodity tool that allows remote access and bypasses the security features of a program, computer, or network to give unauthorized access or control to its user.
Now that we know what commodity attacks are, the question arises as to why these attacks are rising and who is the target.
The number of data breaches and the cost of cyber incidents has rapidly increased worldwide. The key factors that compromise cybersecurity and increase the chances of cyberattacks are a lack of security assistance and system vulnerabilities. Even though organizations are now accelerating their defenses against cyber threats, vulnerabilities can be found within their own companies. And commodity threats are one of the most common ones.
There are tools available on the dark web for an affordable price and many more tools are easily available on the other part of the internet. Although these tools might not yield many results against a cyber-mature organization, there are enough organizations out there that are still lagging behind on cybersecurity. Especially, with the wave of startups taking over the world, the chances of these tools working in the attackers’ favor have increased.
All these put together in addition to the increase in malicious actors having access to these tools and targets have resulted in the rise of commodity specific attacks.
The outcome of a commodity attack can range from bypassing the need to purchase a product to continue using it, to bring a whole network down. Not to mention the effect on business. It depends on the security weakness and its effect on the system. On a high level, we can categorize the risks of commodity attacks as follows:
Every organization connected to the Internet is a potential victim of commodity attacks if they haven’t secured themselves. If an attacker is successful in a commodity attack on your organization, there are a lot of bad ways things could go. An attacker might steal/encrypt all your data and ask for ransom. They might try to get further into your network to create more vulnerabilities or might use your systems for future attacks. In some cases, you might also have to pay hefty fines or face lawsuits if you haven’t complied with regulations. Therefore, no matter what an attacker chooses to do, it’s a major security risk for your organization.
Commodity threats and attacks can cost business time. This time includes the time you’ll have to spend to mitigate the attack and get your systems back to normal. And as we all know, time is money. Think of a situation where an organization is hit by commodity ransomware attack. It not just majorly harms the operations of an organization, but you’ll also have to invest in bringing systems back online. And along with this, you might have to face losses in revenue and harm to your reputation.
So how do we avoid these risks?
Mitigating attacks can be simple if planned well due to the maturity of these attacks and tools. As commodity attacks usually target well-explored weaknesses and use tools without customization, you can find a lot of information readily available for mitigation. Here are some of the common approaches to mitigate commodity attacks:
Most vendors focus on providing security updates as soon as they can. One of the most effortless ways to mitigate commodity attack risks is keeping your systems up-to-date with recent patches. Using patch management policies can be of great help here.
This should often be the first step as it will help in covering all the possible loopholes in your systems. It also involves determining the threats, filling the gaps in security, and then taking steps to mitigate what could potentially lead to problems. As part of risk assessment processes, organizations should also realize whether they are likely to be the victim of a targeted or untargeted attack.
Humans are one of the weakest links of cybersecurity. Attackers very commonly target employees as their first step to launch a commodity attack. Therefore cybersecurity awareness training is a must for all employees to make them aware of cyberattack scenarios. Employees must be trained to follow secure practices, identify a malicious attempt by attackers, and steps to take when they come across such situations.
Setting up reliable detection and response solutions is not only important to prevent and stop commodity attacks but it can also help you understand what part of your organization is being targeted most and how. Using smart WAFs, IDS/IPS, EDR, and other solutions are recommended for enhanced protection against commodity attacks.
To mitigate commodity attacks, it’s important to first understand what weaknesses exist in your organization. Sometimes organizations fail to completely cover this aspect. Penetration testing helps in filling this gap. You can use pentesting to identify vulnerabilities in your systems, networks, and applications before the attackers do and then work on fixing them. Therefore it is important to perform pentesting as it lets you evaluate the overall security of an IT infrastructure.
These are some of the approaches to mitigate commodity attacks. It is important to remember that this is not the apex but a baseline.
The Internet will always be a hostile environment for the emerging threats around us. Therefore to ensure that we are safe and secure, one must scale up cybersecurity practices. You have probably understood the seriousness of commodity attacks. When implementing cybersecurity, you have to start somewhere. It is wise to first take care of issues that are wildly exploited and the ones that are most likely to affect you. And commodity attacks belong to this category of issues. So if you’re planning cybersecurity, it is recommended to add commodity attack mitigations in the initial phases of implementation.
301 Moodie Dr. Unit 108
Ottawa ON K2H 9C4