Select Language : English

Americas

Brazil: English / 日本語 / Português do Brasil
United States: English

Europe, Middle East, Africa (EMEA)

EMEA:
(Belgium, France, Germany, Netherlands, Spain, United Arab Emirates, United Kingdom)
English / 日本語 / Español / Deutsch / Français
Russia: English / 日本語 / русский

Asia Pacific

Japan(Business): English / 日本語
Japan(Residential): English / 日本語
Australia(NTT Com ICT Solutions): English
Mainland China: English / 日本語 / 簡體中文
Hong Kong & Macao: English / 日本語 / 繁体中文 / 簡體中文
India: English / 日本語
Indonesia: English
Korea: English / 日本語 / 한국어
Malaysia: English
Philippines(DTSI): English
Singapore: English / 日本語
Taiwan: English / 日本語 / 繁体中文
Thailand: English / 日本語
Vietnam: English / 日本語

Designing Security Measures for a New Era, From Scratch

Cyber attacks are a constant threat these days, with many businesses falling prey to criminal attempts to access and steal confidential information and money. We have been using information learned from these cyber attacks to develop new security measures that help protect your business.

Risk of Targeted Attacks is Growing

Malware first appeared in the mid-1990s and early 2000s, as the Internet gained wider adoption. This early malware was developed to show off the creator's technical skills and to cause as much disruption as possible. However, in the latter half of the 2000s, malware began to change. Instead of simply causing disruption, malware was developed to steal online banking credentials and gain access to bank account funds. The development of bots, another type of malware that allowed remote access and operation of infected computers, enabled criminals to send huge amounts of spam email and gain access to private information. Malware was increasingly associated with illegally gaining access to money online.

Malware attacks were not only aimed at individuals but also at businesses and even at entire countries. These highly targeted attacks began to attract a lot of attention. Specific businesses were targeted with malware that was unknown to anti-virus software, giving the attackers access to internal systems and confidential information. In 2011, it was discovered that the Japanese defense industry was subject to a targeted malware attack.

There are many different types of targeted attack, but one example is sending emails designed to look like they are from a customer or colleague. A URL in the main body of the email infects the system with malware when clicked. The attacker can then remotely operate the malware-infected computer to access and steal confidential information saved on company servers.

Ransomware – The Scourge of Businesses

Recently, there has been a proliferation of crimes using a form of malware known as ransomware. Ransomware encrypts files saved on infected computers, rendering the content of those files inaccessible. The attacker is then able to hold files hostage. The target of the attack must pay a ransom to restore access to the files.

Ransomware uses legitimate encryption techniques against the target of an attack. Encryption was developed to prevent information leaks. Once a file has been encrypted, its content cannot be accessed unless the user knows the decryption key. Even if a third party got hold of an encrypted file, the content could not be accessed without the decryption key. Ransomware allows criminals to use this same mechanism to extort money from the target of the attack.

DDoS attacks have harmed a great many companies

A distributed denial of service (DDoS) attack involves an extremely large number of access requests to an online public server coming in at the same time. This causes the server to become inaccessible. This attack renders servers inaccessible by the public. Services like e-commerce sites can suffer lost business while the attacks are taking place.

In one instance, the website of a major manufacturer was rendered inaccessible for as long as a week. The company announced publicly that it had been the target of a DDoS attack and relaunched later with improved security measures in place. This attack was thought to be carried out by hacktivists, a term given to groups and individuals who carry out cyber attacks to raise awareness about issues they feel are important.

Time to Upgrade Security Measures

Anti-virus software and firewalls are good security measures and can prevent conventional cyber attacks. However, cyber attacks evolve on a daily basis. It is likely that products and services used in the past will not be sufficient to protect against future attacks.

Essential information
Cyber attacks on public servers

What are DDoS attacks?

A large volume of access requests to the server come in at the same time, causing the website to crash.

Unauthorized access to websites

The attacker gains unauthorized access to servers using vulnerabilities in the system. They then use this access to steal private client data, etc.. This kind of attack can significantly damage a company's brand. It can also lead to situations where significant compensation has to be paid to the victims of the data breach, severely impacting the company's ability to continue operations. Measures need to be taken for this as soon as possible.

DDoS attacks mitigation

Distributed denial of service (DDoS) attacks have harmed a great many companies and are extremely difficult to counter. This is because the aim of these attacks is to simply overload a network, by sending huge numbers of access requests from multiple machines at the same time. Setting up countermeasures on the server end can lead to genuine users not being able to access websites properly, due to communications issues with the server. Content Delivery Network (CDN) protects websites and applications from downtime and data theft caused by opportunistic and targeted web attacks.

Protection from unauthorized website access

Web application firewall (WAF) is used by a number of businesses as a security solution for protecting their websites. It detects attacks targeting vulnerabilities in web applications and databases operating on business web servers. It can even examine the business's website to see if there are any pre-existing vulnerabilities in its setup, enabling the business to open their site to the public with more peace of mind.

Essential information
Malware (ransomware) and targeted attacks

What is ransomware?

Encrypts files on infected computers so that the owner cannot view or access them.

What are targeted attacks?

Targeted attacks generally consist of malware-infected emails, made to look as though they were sent by a client or customer. If a link or file contained in the email is opened, the malware infects the user's computer. This allows the attacker to remotely access the company's internal systems and steal confidential information.

Countermeasures against Malware and targeted attacks

In the past, the typical solution for preventing infection by malware was to install anti-virus software on your computer. The anti-virus software of the past was only able to detect and remove already known types of malware, but nowadays, there are solutions which can deal with unknown types as well. It is essential to implement solutions that monitor not only on a computer level, but also on a network level. This includes solutions which prevent infection through websites and other sources, as well as those which prevent malware from leaking information.

* A command and control (C&C) server is a server which acts as the control tower for cyber attacks

NTT Communications Global managed security services

WideAngle

Our WideAngle global integrated security service is built on 25 years experience providing risk management services to over 8,000 customers, worldwide. We offer a combination of professional services, security solutions and managed security, powered by a security information and event management (SIEM) engine.

Content Delivery Network (CDN)

Content Delivery Network (CDN) service uses a performance-optimized network of cache servers to send web data to your end-users from geographically optimal network locations. This eases demand on your web servers and increases overall system performance.

Total Security Package

Three types of security packages are available in NTT Com (Thailand).

Virus Scan Services

NTT Com (Thailand) provides system integration of virus scan solutions and virus scan management service to protect your PC network environment from computer virus.

Back to Top