Too Many Companies are Neglecting Servers in their Endpoint Security Strategy

By Sumit Bansal, MD, ASEAN & Korea, Sophos

Sumit Bansal, MD, ASEAN & Korea, Sophos

Cybercriminals are increasingly embracing more sophisticated approaches to attacks. We’ve seen ransomware lock down single computers to full networks, data breaches through a single front-end computer – compromising sensitive patient data and even tapping on eCommerce to execute fraudulent charges. These cyberthreats are not going away.

While these large scale malicious activities are undoubtedly devasting, they have diverted attention from the finer, more hygiene protection habits that organizations need to ensure they do not neglect.

All it takes for cybercriminals to infiltrate an organization is a single weak point of entry, and in this instance, servers. For example, the National University of Singapore (NUS) was a target of a cyberattack last year when criminals executed unauthorized intrusion through a single server. This attack drew national attention as it was the first attack on a university in Singapore; concerns grew as the university plays a fundamental role within research, with the faculty serving more than 1,900 industry and government bodies.

According to news reports, NUS claims that no staff or student information was compromised, but that the intent of the attackers was to steal information related to government bodies or research, however, NUS worked quickly with authorities to implement mitigating measures.

What this incident highlighted is that servers, regardless of the type of organization, are the keys to the kingdom when it comes to an organization’s information technology infrastructure. Servers have a system-wide organizational purpose, making them a high-value target for malicious attackers.

Servers = the bullseye for cybercriminals Think of a server in terms of a tree, with the individual endpoints being the leaves and branches and the server itself the trunk. That “trunk” holds all the vitality of the entire plant and without it, the branches and leaves wouldn’t exist.

For organizations today, the server holds mission critical data.

Servers have a system-wide organizational purpose, making them a high-value target for malicious attackers

This could be sensitive corporate information, sensitive government data, credentials and passwords, or other personally identifiable information (PII) such as credit card or medicare details, social security identifiers, and drivers’ license numbers. For hackers, this provides a number of options:

1. Execute malware attacks

A server provides a ready path for cybercriminals into the rest of an organizations network. Once a server is compromised, hackers have access to the entire organization’s information resources. They can then use the server to launch malware attacks, obtain sensitive data, or to point incoming traffic to other malicious resources.

2. Hold an organiZation to ransom

Hackers can also hold an organization to ransom, or they can sell the data they find, including all that corporate information and personally identifiable data, on the dark web or to private customers. Add to this, once a server is compromised, there’s no way of getting the lost data back. Even if a ransom is paid there’s no guarantee that the hackers will return it to the organization, without copying or selling it first. Perhaps even worse, there’s no promise that they’ll refrain from stealing it again.

3. Install cryptominers

The rise of cryptocurrencies has seen another wrinkle in terms of server vulnerabilities. Contemporary hackers are now installing cryptominers onto compromised server hardware, generating profits for themselves, while stealing an organization’s electricity and compute cycles. Cryptomining software can become so disruptive that it will completely take over a server or series of servers, preventing the organization from getting any work done at all.

Too often overlooked

Despite their clear value to attackers, servers are often overlooked in organizations’ endpoint security strategies. With Singapore’s direction to fully integrate into a smart nation that is connected, it’s not enough to simply install traditional endpoint protection on servers. Servers have very different operating characteristics and requirements compared to other computers and as such they need their own set of security criteria.

The solution for all companies wanting to protect their servers—and that should be everyone—is to adopt a next-generation solution that uses deep learning and artificial intelligence to pre-emptively spot malicious code or suspicious activity and block it before it becomes a problem.

With several companies moving to the cloud, servers demand additional security tools such as cloud workload discovery. Further, considering the manner in which hackers leverage servers to launch powerful attacks on an organization, anti-exploit technology should be a part of any security solution on the server.

Without advanced server protection, hacks on organizations like NUS will become even more common. Hackers are motivated to attack servers, whether it’s for gain on the dark web, through ransom or via cryptocurrency mining. And just as hackers are motivated to attack, so too should companies be motivated to protect themselves.