Personal tools

Current Top Cybersecurity Threats

Vienna_Austria_Jacek_Dylag_101020A
[Vienna, Austria - Jacek Dylag]
  

 

- Phishing

Phishing attacks are a kind of social engineering attack where the attacker generates a fraudulent email, text, or website to trick a victim into surrendering sensitive information - such as login credentials for work, passwords to online accounts, credit card info, etc. 

Phishing occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information. An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identify theft.

Of all the threats, phishing emails are among the gravest because they can trick an employee into giving up their legitimate access credentials, and then abuse those privileges to wreak havoc on your business’ systems. Plus, as time goes on, more attackers are using phishing strategies because of how cheap, effective, and easy they can be to pull off. It's a low-risk, high-reward strategy for cybercriminals that can they can use with only a minimal investment to time and effort.

Moreover, phishing is often used to gain a foothold in corporate or governmental networks as a part of a larger attack, such as an advanced persistent threat (APT) event. In this latter scenario, employees are compromised in order to bypass security perimeters, distribute malware inside a closed environment, or gain privileged access to secured data. 

An organization succumbing to such an attack typically sustains severe financial losses in addition to declining market share, reputation, and consumer trust. Depending on scope, a phishing attempt might escalate into a security incident from which a business will have a difficult time recovering.


- Malware

“Malware” refers to various forms of harmful software, such as viruses and ransomware. Once malware is in your computer, it can wreak all sorts of havoc, from taking control of your machine, to monitoring your actions and keystrokes, to silently sending all sorts of confidential data from your computer or network to the attacker's home base. 

There are many different types of malware, and most organizations will find themselves fighting different variants at different times. As technology is continually advancing, so are viruses and malware. These cybersecurity threats are always evolving and becoming more dangerous, making it harder for computer users to keep their data protected.

Attackers will use a variety of methods to get malware into your computer, but at some stage it often requires the user to take an action to install the malware. This can include clicking a link to download a file, or opening an attachment that may look harmless (like a Word document or PDF attachment), but actually has a malware installer hidden within.

If you've ever seen an antivirus alert pop up on your screen, or if you've mistakenly clicked a malicious email attachment, then you've had a close call with malware. Attackers love to use malware to gain a foothold in users' computers—and, consequently, the offices they work in—because it can be so effective. 

This malware works by encrypting your files and asks you to pay a certain ransom amount to have them decrypted. It is one of the most dangerous and feared ransomware variants, and it mostly targets window users. This advanced security threat starts by blocking most of the Windows processes, so you will not detect when it does the encryption. It will disable most essential security applications such as Windows defender, so your computer will have no chances of protecting the files from encryption. 

The first step towards protecting yourself is identifying the possible threats so you can come up with an effective solution. The viruses are getting harder to detect, but with the right strategy at hand, you will be in a better position to beat the threats. 

 

- Hacking

More than 80% of confirmed breaches involve hacking, through brute force or the use of lost or stolen credentials. The major attack vector is through web applications, which is on the rise in part due to the increasing popularity of cloud applications. Vulnerability exploitation, backdoors, and command and control functionality are also major hacking techniques.

Amid COVID-19, hackers are presented opportunity on multiple fronts. They play on people’s concerns about the virus by presenting phishing schemes or malware disguised in fake Centers for Disease Control and Prevention (CDC) alerts that talk about the latest vaccine or treatment developments. Hackers quickly used the pandemic and related anxiety to lure people into phishing schemes and malware attacks. There is also pressure on healthcare companies and researchers to safeguard their vaccine and treatment data. 

Meanwhile, millions of workers have turned their homes into their new, remote office, including state government employees, which brought a host of risks through use of unsecured Wi-Fi and poor access controls. This shift toward home as well as the underlying panic brought on by COVID-19 altered hackers’ focus and targets aimed at the remote worker.

 

LOFOTEN_NORWAY_120320A
[LOFOTEN, NORWAY - danny.rest]

- Insider Privilege & Misuse

An insider threat is a security risk that originates within the targeted organization. This doesn’t mean that the actor must be a current employee or officer in the organization. They could be a consultant, former employee, business partner, or board member.

The two main types of insider threats are turncloaks and pawns, which are malicious insiders and unwilling participants, respectively.

  • Turncloaks: A turncloak is an insider who is maliciously stealing data. In most cases, it’s an employee or contractor – someone who is supposed to be on the network and has legitimate credentials but is abusing their access for fun or profit. We’ve seen all sorts of motives that drive this type of behavior: some as sinister as selling secrets to foreign governments, others as simple as taking a few documents to a competitor upon resignation.
  • Pawns: A pawn is just a normal employee – a do-gooder who makes a mistake that is exploited by a bad actor or otherwise leads to data loss or compromise. Whether it’s a lost laptop, mistakenly emailing a sensitive document to the wrong person, or executing a malicious Word macro, the pawn is an unintentional participant in a security incident.


- Targeted Intrusions

A targeted attack refers to a type of threat in which threat actors actively pursue and compromise a target entity’s infrastructure while maintaining anonymity. These attackers have a certain level of expertise and have sufficient resources to conduct their schemes over a long-term period. They can adapt, adjust, or improve their attacks to counter their victim’s defenses.

Cyber espionage remains a major concern, although the majority of incidents seem to be moving away from government-sponsored actors to those seeking purely financial gain. Targeted intrusions differ from general hacking as the perpetrators will work hard to avoid detection and may change their approach as they continue to focus on their victim.

 

- Ransomware

Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin.

There are a number of vectors ransomware can take to access a computer. One of the most common delivery systems is phishing spam -- attachments that come to the victim in an email, masquerading as a file they should trust. Once they're downloaded and opened, they can take over the victim's computer, especially if they have built-in social engineering tools that trick users into allowing administrative access. Some other, more aggressive forms of ransomware, like NotPetya, exploit security holes to infect computers without needing to trick users. 

There are several things the malware might do once it’s taken over the victim's computer, but by far the most common action is to encrypt some or all of the user's files. In some forms of malware, the attacker might claim to be a law enforcement agency shutting down the victim's computer due to the presence of pornography or pirated software on it, and demanding the payment of a "fine," perhaps to make victims less likely to report the attack to authorities. But most attacks don't bother with this pretense. There is also a variation, called leakware or doxware, in which the attacker threatens to publicize sensitive data on the victim's hard drive unless a ransom is paid. But because finding and extracting such information is a very tricky proposition for attackers, encryption ransomware is by far the most common type.

Ransomware is one of the most common malware breaches variety. Credentials can also be compromised in a ransomware attack. Automation of attacks through online services means that ransomware will likely remain a growing problem.

 

- IoT-Based Attacks

The internet of things (IoT) is easily one of the most versatile technologies in existence today. The ubiquity of the internet, the growing capacity of network connection, and the diversity of connected devices make the IoT scalable and adaptable. Food production, manufacturing, finance, healthcare, and energy are just a few of the industries that the IoT has revolutionized -- specifically through its extension, the industrial internet of things (IIoT). At the same time, it has also led to the realization of smart homes, buildings, and even cities. 

However, the growing reality of the IoT also means recognizing its possible consequences. In an enterprise setting, for example, the IoT is often seen in the office automation (OA) and operational technology (OT) areas. This translates to multiple IoT and IIoT devices deployed within an organization. Such a setup increases the possibility of threats in spaces that had never posed cybersecurity risks before. IoT devices in these common spaces can have an effect on critical systems, like the intranet and database servers, through the IoT systems’ data collection and monitoring capabilities.

Threats to IoT systems and devices translate to bigger security risks because of certain characteristics that the underlying technology possesses. These characteristics make IoT environments functional and efficient, but they are likely to be abused by threat actors.
 

- DDOS Attacks

Distributed denial of service (DDoS) attacks remain a significant cyber threat to many organizations. These attacks are designed to overwhelm a victim’s network resources so they cannot process legitimate traffic on their network. The methodology of these attacks can vary from one to the next, and may involve varying levels of complexity.  

The ability of DDoS attacks to paralyze operations for businesses of all sizes alone make them a credible threat. However, that’s not the only reason these cyberattacks are considered highly dangerous. DDoS attacks can impact anyone and are often used as camouflage, often being started, stopped and restarted to hide other breaches in progress.

By using DDoS attacks as a distraction, attackers can distract your cybersecurity team - much like how a stage magician redirects the attention of his audience so they can’t see through the trick.

 

 

[More to come ...]

 

 

Document Actions