10 Strategies For Cyber Attacks On Corporations
Every single day of the week, in locations around the world, cyber events are going on. These occasions aren’t secret. Last month, for example, Cyber Intelligence Asia was held at the storied Heritage Hotel in Manila.
The last session of Cyber Intelligence Asia–a four-day affair full of workshops, presentations, and mini-conferences–was dedicated to cyberwarfare. Lecturing to a small roomful of attendees was Suresh Hungenahally, a security consultant from Surakssha. Before he concluded his talk, which spanned multiple topics related to the core subject matter, Hungenahally shared the 10 most common information risks for companies.
Because when the fecal matter does hit the proverbial fan in a real cyber war, nobody knows for sure how intense the digital combat is going to be. Government and corporate targets could be equally hammered. Or maybe just government-owned corporations, or corporations with government information, or corporations vital to governments.
It’s like the two are almost indistinguishable.
But let’s face it. Judging by the last few years of high-profile cyber attacks, corporations always have their pants down one way or another, i.e. their security is crap.
So here are Mr. Hungenahally’s pointers. Take note. Whether any of these strategies are still effective or not is a question mark. But their close resemblance to the OWASP Top 10 Critical Web Application Risks is no coincidence. The bottom line is what follows can hurt institutions very, very much.
Equally worth mentioning is the how behind these hacks are available online. To spare the reader from a tedious read, however, let them simply be writ.
- Injection Flaws
- Broken Authentication and Session Management
- Cross-site Scripting
- Cross-site Request Forgery
- Insecure Direct Object References
- Exploiting Security Configurations
- Sensitive Data Exposure
- Missing Function Level Access Control
- Unvalidated Redirects and Forwards
- Unpatched Vulnerabilities