As cyberattacks become more advanced, the need to prepare for a digital breach is equally more urgent than ever before. But despite a general risk awareness, even the most savvy DevOps at companies fail to safeguard themselves against data breaches or potential cybercriminal attacks.
Such is the case with Salesforce. Not long ago, in 2019, the company experienced a serious data breach where hackers accessed information from about ten thousand salesforce users, selling it to dark web criminals. According to Statista the amount of these attacks and money lost is going to grow exponentially. In 2022 companies lost $8.4 trillion due to cybercrime, it is projected to reach $23 trillion by 2023.
Our digital footprint grows every day, making it ever more important that DevOps upgrade their cybersecurity to protect their business and employees against unwanted digital threats and breaches such as identity theft.
In this guide, we'll go over 3 cybersecurity threats DevOps should prepare for in 2023 (and how to avoid them).
1) Password Authentication without Multi-Factor
Very few apps and websites actually require multi-factor authentication. And while a username with a strong password at first might seem like a good idea, passwords have been proven time and again to be one of the least effective methods of securing data.
The underlying problem with passwords is its inherent weakness. Passwords are easily guessed by hackers either by using brute force or social engineering attacks (such as phishing emails or phone calls that trick users into willingly providing login credentials). And it’s important to note that situations as such can happen even if you’re using an advanced password manager.
Use Multi-Factor Authentication
Multi-factor authentication (MFA) is a type of security feature that requires users to verify their identity with two or more factors. It increases the security of your accounts by requiring you to provide multiple proofs of identity when you log in.
As you probable know big corporations such as Apple, Google, Dropbox, etc. are big users of this capability (with Apple’s facial recognition technology evolving every day to help protect its users from cyber attacks).
How Do I Implement Multi-Factor Authentication?
There are different ways to implement multi-factor authentication:
Time-Based One-Time Password (TOTP)
A one-time password (OTP) is a temporary, algorithm-generated passcode. It uses a shared secret key to generate codes at regular intervals (usually 60 seconds). When you log in, the app generates a new six-digit code that you must enter in addition to your username and password. As the name says, the code is only valid for one-time use, making it harder for hackers to get into your accounts.
Short Message Service (SMS)
The SMS multi-authentication factor is when a unique one-time code is generated on the server and sent to the registered phone number. Remember to not mistake these for spam texts which are very often trying to get information from you by sharing a fake code over text.
Electronic Mail (Email)
In this case, your one-time code is sent via email, where you can retrieve your unique code from your inbox to confirm your account ownership.
Push Notifications
Push notification works in combination with 3rd party apps on your mobile device. All you need to do is accept the request you’ll automatically be logged in. It’s very common with online bank tokens.
2) Cross-Site Scripting Attacks
Let's go over one of the most common types of cyberattacks.
What is Cross-Site Scripting Attack?
Cross-Site Scripting (XSS) is when hackers inject malicious code into benign web pages. In simpler words, an attacker can insert malicious code into your browser and monitor your online interactions. This allows attackers to steal information from users, launch phishing attacks, and even take over user accounts (stealing sensitive data or performing actions on behalf of the victim).
A situation as such happens when you click a compromised link under the assumption it’s coming from a trusted source and type in sensitive information (such as passwords, bank information, etc). When this happens, hackers can easily steal this information from you without you ever suspecting it.
How Do I Prevent Cross-Site Scripting?
According to IBM, Cross-Site Scripting can be prevented by performing security testing on your web applications and websites, as well as training your employees on how to identify and report suspicious activity they see online.
Ensure all-level employees know how to validate the input data and filter everything based on what is expected in the valid input. This ensures that all variable output in a page is encoded before it is returned to the user.
3) XEE Attacks on your XML
Chances are you are using XML (Extensible Markup Language) on your website right now. XMLs are widely used in most aspects of web development, and XEE attacks target XML processors to inject malicious content into code that isn’t correctly configured.
These attackers use maliciously untrusted data or uploads from unreliable sources that cause an XML parser to consume excessive resources or memory until it crashes or becomes unusable. Once this happens, the attacker can control the memory space of the application and execute arbitrary commands or code on the server hosting it.
How do I prevent XEE Attacks?
Here are two best ways you can prevent or mitigate XEE attacks:
Avoid data serialization
Data serialization is a method of encoding data as text, often used in software development.
The problem is that there are various vulnerabilities that could lead to data breaches and other cyber-attacks. Attackers leverage the serialization vulnerability to gain access to the applications, systems, networks ,andor exfiltrate data.
Use simple formats like JSON vs. XML when possible
JSON and XML are two ways to organize complex data in a way that makes it readable and understandable to programming languages such as Python, Ruby, and JavaScript. Both are essential for sharing data because they structure it so that it can be read more easily.
Security-wise, XML is enabled by default, which makes it more vulnerable to some attacks (disabling these settings makes XML safer). JSON, on the other hand, is usually safe at all times since it does not support Padding attacks or other vulnerabilities that might expose your system to malicious activity.
Conclusion
Cybersecurity threats are more sophisticated and dangerous every day, and companies should take preventative measures to avoid information breaches and protect their data and employees alike.
No matter where the future leads, it's safe to say that your DevOps teams will need to continue to bring their A game in terms of security.
Stay ahead of the cyberattacks. It's no longer a matter of if a breach will occur, but when.
Top comments (0)