Work at office

Too Many Companies are Overlooking Servers in their Endpoint Security Strategy

By Sumit Bansal, Managing Director of ASEAN and Korean at Sophos

 Earlier this year, it was revealed that Malaysia’s central bank, Bank Negara Malaysia fell victim to a cyber-attack where hackers attempted to steal money by falsifying wire-transfer requests through its SWIFT bank messaging network.

According to its official statement, Bank Negara stopped all authorised transactions and did not experience any financial loss from the incident. That said, the hacker is still on the loose and there is no clear indication of how the bank’s SWIFT servers were accessed.

What the Bank Negara incident does highlight is that servers are the keys to the kingdom when it comes to an organisation’s information technology infrastructure. Servers have a system-wide organisational purpose, making them a high-value target for malicious actors.

Servers = the bullseye for cyber criminals

Think of a server in terms of a tree, with the individual endpoints being the leaves and branches and the server itself the trunk. That “trunk” holds all the vitality of the entire plant and without it, the branches and leaves wouldn’t exist.

For businesses today, the server holds mission critical data. This could be sensitive corporate information, credentials and passwords, or other personally identifiable information (PII) such as credit card or Medicare details, social security identifiers, and drivers’ license numbers. For hackers this provides a number of options:

  1. Execute malware attacks

A server provides a ready path for cyber criminals into the rest of a company’s network. Once a server is compromised, hackers have access to the entire organisation’s information resources. They can then use the server to launch malware attacks, or to point incoming traffic to other malicious resources.

  1. Hold an organisation to ransom

Hackers can also hold an organisation to ransom, or they can sell the data they find, including all that corporate information and personally identifiable data, on the dark web or to private customers.

Add to this, once a server is compromised, there’s no way of getting the lost data back. Even if a ransom is paid there’s no guarantee that the hackers will return it to the organisation, without copying or selling it first. Perhaps even worse, there’s no promise that they’ll refrain from stealing it again.

  1. Install cryptominers

The rise of cryptocurrencies has seen another wrinkle in terms of server vulnerabilities. Contemporary hackers are now installing cryptominers onto compromised server hardware, generating profits for themselves, while stealing an organisation’s electricity and compute cycles. Cryptomining software can become so disruptive that it will completely take over a server or series of servers, preventing the organisation from getting any work done at all.

Too often overlooked

Despite their clear value to attackers, servers are often overlooked in organisations’ endpoint security strategies. It’s not enough to simply install traditional endpoint protection on servers. Servers have very different operating characteristics and requirements compared to other computers and as such they need their own set of security criteria.

The solution for all companies wanting to protect their servers – and that should be everyone – is to adopt a next-generation solution that uses deep learning and artificial intelligence to pre-emptively spot malicious code or suspicious activity and block it before it becomes a problem.

With many companies moving to the cloud via Amazon Web Services or Microsoft Azure, servers demand additional security tools such as cloud workload discovery. Further, considering the manner in which hackers leverage servers to launch powerful attacks on an organisation, anti-exploit technology should be a part of any security solution on the server.

Without advanced server protection, hacks like the one at Bank Negara will become even more common. Hackers are motivated to attack servers, whether it’s for gain on the dark web, through ransom or via cryptocurrency mining. And just as hackers are motivated to attack, so too should companies be motivated to protect themselves.