Being an Internet Service Provider (ISP) is demanding enough even without someone messing with your work – be it directly or indirectly through attacking your clients. Here are some ways attacking your users actually affects your life and work as an ISP, and what can you do to prevent it.
Threat: C&C attacks, spamming, DDoS
The phrase Command & Control basically means that the hackers try to take control of other people’s devices to do their dirty work. Taking control of computers in your network may not only cause trouble for your clients, but to you as well.
Why does it concern you?
No matter the entry point, in C&C attacks the hacker uses your client’s devices to conduct some malicious activity. It can be as banal as spamming, as blunt as DDoS attack, or very subtle – spreading malware and trying to quietly infect other devices, such as IoT ones with notoriously poor protection.
The user might not even notice, but you might find that your network reputation got much worse – and that is an issue worth dealing with, and one taking a lot of time and effort to resolve. Publicly accessible services such as Spamhaus or Barracuda monitor malicious activity and provide the data about networks’ reputation. Ultimately, a large amount of compromised users in your network could lead to blacklisting of your IP which.
What to do?
Monitoring your network is crucial in this case, as well as taking steps to get automated notifications of suspicious behavior, large amount of traffic from some specific user, etc. Severing the link between the user and the attacker is vital once the attack starts – for example via blocking the DNS traffic.
Threat: Hackers trying to brute-force/AI guess the user’s password to your interface
If you have set-up proper requirements for your clients’ passwords, you might not be as concerned about brute-force attacks (even though there might still be some “Password1!” people out there). Nevertheless, with a little help from AI and some social engineering, the hackers might guess your users’ passwords – and some of those could lead them to your user portal.
Why does it concern you?
With the access to your user portal, the hacker might of course try to steal as much data about the user as possible, but also poke around trying to find an exploit to get into your network or devices. The direct contact to your interface, possibility of uploading files or access fill-in forms opens a whole new world of possibilities to those who aim to do harm.
What to do?
Once again, it is vital to monitor traffic to prevent any bots trying to guess your clients’ credentials. The sooner you know about the attack, the better – and of course it is possible, automated blocking of such traffic saves the day.
Threat: Tech-support scams
A combination of scareware and phishing, the tech-support scams try to get the users’ credentials through impersonating you as an ISP. What is concerning is that many of these fake “tech-support technicians” managed to impersonate even major ISPs like Comcast and AT&T, which dedicate vast amount of time and resources to their security. The scam can be administered via telephone, e-mail, or pop-up “ads” impersonating a security alert.
Why does it concern you?
We have already established the problem of your user’s credentials being stolen, for financial or other gain. In this case, the damage is even worse since the attackers pretended to be your tech support, thus damaging your reputation and your relationship with the customer.
What to do?
The best solution is not to let your users fall victim to the attack. Blocking access to potentially malicious domains and suspicious traffic is a good way to reduce risk of successful scamming.
Threat: Various malware, coinminers, spammy traffic
There is no end to malware. Cyberattacks are as old as the internet itself and SPAM was sent via post long before the computers have taken off. Even the less dire ones, which do not attempt to steal your client’s money or data, can prove harmful to you – by their sheer volume alone.
Why does it concern you?
Frankly, mostly because it concerns the users. If their connection speed suddenly drops, they mostly do not think about their device being infected – they blame their provider for having an unstable network. If the problem persists, this might result in your team physically stopping by. For smaller ISPs, this little trip could costs in manhours alone as much as the user pays per a few months, making the revenue from the client effectively void. Of course, the perceived drop in connection speed makes the client more liable to being poached by your competition.
What to do?
Unfortunately, there is not cure for users acquiring malware. Nevertheless, protecting them with a network-wide security solution can drastically limit the amount of successful threats and save you time and money.
What should I do now?
If there would be one solution to all of abovementioned problems, we would all know. So far, the closest is a good combination of security measures, covering as many threat vectors as possible.
But do not worry, we can help – our DNS security solution Peacemaker saves your time and energy via monitoring and filtering DNS traffic from (and to) suspicious domains.
If you want to know more about Peacemaker, which provides you a deep insight into your network and blocks malicious traffic without a need to install anything on your clients’ devices, read more here or contact us – you can have free trial version of Whalebone Peacemaker up and ready in a matter of hours.
