Too many companies are overlooking servers in their endpoint security strategy

By Marty Ward, Sophos

Earlier this year, it was revealed that hackers had successfully infiltrated the IT systems at the Australian National University.  The threat actors gained access to ANU’s servers and networks, raising national security concerns with the university home to the National Security College, which trains defence and intelligence officials.   

According to news reports, ANU claims that no staff, student or research information was stolen from the compromised servers, however it also said that it had been working to contain the threat for several months. 

What the ANU incident does highlight is that servers are the keys to the kingdom when it comes to an organisation’s information technology infrastructure. Servers have a system-wide organisational purpose, making them a high-value target for malicious actors. 

Servers = the bullseye for cyber criminals 

Think of a server in terms of a tree, with the individual endpoints being the leaves and branches and the server itself the trunk. That “trunk” holds all the vitality of the entire plant and without it, the branches and leaves wouldn’t exist.

For businesses today, the server holds mission critical data. This could be sensitive corporate information, credentials and passwords, or other personally identifiable information (PII) such as credit card or Medicare details, social security identifiers, and drivers’ license numbers. For hackers this provides a number of options:

1. Execute malware attacks

A server provides a ready path for cyber criminals into the rest of a company’s network. Once a server is compromised, hackers have access to the entire organisation’s information resources. They can then use the server to launch malware attacks, or to point incoming traffic to other malicious resources.

2. Hold an organisation to ransom

Hackers can also hold an organisation to ransom, or they can sell the data they find, including all that corporate information and personally identifiable data, on the dark web or to private customers. 

Add to this, once a server is compromised, there’s no way of getting the lost data back. Even if a ransom is paid there’s no guarantee that the hackers will return it to the organisation, without copying or selling it first. Perhaps even worse, there’s no promise that they’ll refrain from stealing it again.  

3. Install cryptominers

The rise of cryptocurrencies has seen another wrinkle in terms of server vulnerabilities. Contemporary hackers are now installing cryptominers onto compromised server hardware, generating profits for themselves, while stealing an organisation’s electricity and compute cycles. Cryptomining software can become so disruptive that it will completely take over a server or series of servers, preventing the organisation from getting any work done at all.

Too often overlooked 

Despite their clear value to attackers, servers are often overlooked in organisations’ endpoint security strategies. It’s not enough to simply install traditional endpoint protection on servers. Servers have very different operating characteristics and requirements compared to other computers and as such they need their own set of security criteria. 

The solution for all companies wanting to protect their servers – and that should be everyone – is to adopt a next-generation solution that uses deep learning and artificial intelligence to pre-emptively spot malicious code or suspicious activity and block it before it becomes a problem. 

With many companies moving to the cloud via Amazon Web Services or Microsoft Azure, servers demand additional security tools such as cloud workload discovery. Further, considering the manner in which hackers leverage servers to launch powerful attacks on an organisation, anti-exploit technology should be a part of any security solution on the server.

Without advanced server protection, hacks like the one at ANU will become even more common. Hackers are motivated to attack servers, whether it’s for gain on the dark web, through ransom or via cryptocurrency mining. And just as hackers are motivated to attack, so too should companies be motivated to protect themselves.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags sophosIT systemsAustralian National University (ANU)malicious attacks

More about AmazonAmazon Web ServicesAustralian National UniversityMicrosoftMicrosoft Azure

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Marty Ward

Latest Videos

More videos

Blog Posts