How can we be expected to keep up to date with all the potential Cyber Security threats that are emerging? It’s becoming increasingly difficult to discern between genuine threats to our infrastructure and the ones exacerbated by the media. Which experts can we follow to learn about the most recent trends in these online attacks, so that we can protect ourselves?
It is vital that we keep our online presence and systems as secure as possible, hence there are several Best Practices that we encourage to prevent exposure to these malicious attacks.
Our 'How YOU Can Defend Yourself Against The Most Common Methods Of Cyber Attacks [Short Video]' will describe common methods of attacks that you and your organisation may face in the digital world.
As an ever present threat, Cyber Attacks must be proactively understood and defended against to ensure your systems retain their integrity and protect your organisation from data breaches and cyber theft.
In recent years, there has been an increase in the frequency and severity of individuals and groups attempting to expose flaws in security systems and compromise organisational infrastructures for a number of reasons so we would like to present the 10 most likely threats you may be open to in 2017...
Dame Dido Harding - CEO Of TalkTalk
‘We have to keep building our security walls higher and higher, because these Cyber Criminals are building longer and longer ladders.’
A few years ago, Phishing was barely out of its infancy but now it is becoming harder to distinguish the authentic communication from the malicious. Phishing has been purported as one of the greatest risks to system integrity. Thanks to a mixture of ingenuity on the part of the scammers and a lack of awareness on the part of those who fall victim to this threat, there seems to be no shortage of people from all walks of life falling prey to this form of attack.
When you think of Phishing, we generally think of those with limited experience or understanding of computer systems being victimised but as we stride into an age where technology is connected to almost every part of our lives - it’s getting even tougher to distinguish the secure from the harmful.
In 2016, A Seagate employee fell victim to a Phishing attack and released the W-2 records (US equivalent of a P60) for all current and previous US employees to the attackers.
In 2016, The CEO of FACC AG, Mr Waltar Stephan, succumbed to a Phishing attempt after he received an email. Cyber Criminals pretended to be a senior member of the organisation and convinced Mr Stephan to transfer approximately £39 million from the company accounts.
These attacks rely on the trust we hold with colleagues and organisations. Scammers have become experts in the field of digital impersonation. It has been reported that Phishing scams have risen exponentially. In 2015, there were almost 100,000 reports of Phishing emails being received in the UK alone, the equivalent of 8,000 per day and it is believed that 50% of these attempts are successful.
The general consensus on how to avoid the risk of being caught out by these attacks follow a familiar pattern of not opening emails and other communications that you are not certain of the authenticity. Although, this is probably the most commonly used preventative measure, could this really mean there is nothing else we can do to defend ourselves? Not quite.
With the ever-growing dependence on information and communications, the scope of security practices has had to evolve from IT Security to Information Security and now on to Cyber Security and Cyber Resilience.
Mike Danseglio - Program Manager At Microsoft
‘Phishing is a major problem because there really is no patch for human stupidity’
2. Hacking (DDOS, Key Logging, Cookie Theft)
Yeah that’s the one. The big ‘H’. The one word that gets thrown around far too often when discussing cyber threats, when a word is used as frequently as “Hacking” it tends to lose its impact and the true nature becomes blurred.
We try to differentiate between the types of hacking by adjusting the name.
- White Hat: The Good Kind
- Black Hat: The Not So Good Kind
- Hacktivist: “Thinks They’re Doing Good Kind” as well as many more.
What are the real risks posed by individuals and groups whom we refer to as Hackers?
By July 2016, there had been four attacks on the UK National Rail Network, all of these Cyber Attack came to light upon discovery by Cyber Security Contractor - DarkTrace.
In July 2015, the personal details (names, home addresses and credit card information) of over 30 millions Ashley Madison users were released and distributed across the Internet.
Are you even aware of the methodology used to employ a successful hack? You may be wondering; why do I even need to know this?
I’m not interested in developing this particular set of skills. Well, if you want to beat a hacker then you need to start thinking like one! Some brave hackers will take a chance and go straight for the exploit but following the proper methodology tends to be successfully and lessens the risk of being caught red-handed.
Step 1. Perform Reconnaissance
This is the first pre-attack phase where hackers will gather, identify and record information about the target whether that is an individual or corporation. Social Engineering is a technique that can be used to coerce key employees to give up private information.
Step 2. Scanning & Enumeration
Scanning and Enumeration is another pre-attack phase, novice hackers could utilise vulnerability scanners to search for holes in your network. Fortunately for us, applications like this are not reliable hacking tools and generate an explosion of detectable network traffic.
Step 3. Infiltrate
After the pre-attack phases have proven to be fruitful, it would be the opportune time for a network intruder to penetrate weaknesses in your web server software spreading damage from system to system.
I couldn’t tell you which method that a hostile force will use to infiltrate your systems, it would depend entirely on their level of skill and how well-structured your network is.
Step 4. Privilege Escalation
Privilege Escalation occurs when Cyber Criminals obtain access to more resources or functionality than they are normally allowed to keep control, this can often go unnoticed by genuine administrators or users.
Step 5. Maintain Control
A rootkit is a clandestine software tool enabling a script specialist to hide their presence and remain in command. It can be a demanding process trying to detect a rootkit but it’s not impossible. There are different ways you can search for a rootkit, you could scan for signatures or analyse a memory dump. The only other option is to rebuild your entire system from scratch.
Step 6. Covering Tracks & Backdoors
Cyber-Terrorists will wipe all event logs and install their own backdoor which will allow them to come and go as they please with remote access. Forms of Malware like remote access Trojan's can then be used to extrapolate your precious data.
Richard Clarke - White House Cyber Security Advisor
‘If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked.’
The robot uprising may still be a while off and AI is nothing more than a basis for Science Fiction movies, the threat of Bots is ever present. Typically, these clever little programs are deployed by hackers to complete a job as quickly as possible.
To put it simply, bots are efficient little blighters designed to scan a system and find specific information such as credit card information, weak points in new software patches or previously unknown access points that can then be exploited. At which point the hacker(s) then do whatever it is they have set their mind upon.
It can be a challenge to defend your organisation against bots given their efficiency and ability to complete a singular task very, very well. If you would like to avoid an incident where a bot has identified a compromise is to deploy your own - think of it as self-awareness, if you know where the weakest link is then you can resolve the issue
Don’t relax just yet though. Whilst bots are very good at one thing it does mean that they are very bad at anything else and at the end of the day they are just tools in the arsenal of a hacker. They are used in the early stages of an attack to locate the simplest method of access. It is unlikely you will locate many articles specifying that bots have been used in an system breach with absolute certainty but this does not mean that they should be taken lightly as defending against them can place you lower down the list of potential targets.
As with most methods of cyber defence against breaches the harder you make it for an outside party to gain access, the less likely they are to even try and will move on to another, easier target. One of the main benefits of employing your own bots to scan your systems integrity is that they can be used repeatedly and usually at a low cost. They cannot be relied upon to protect you from any attack (e.g bots are close to useless against DDoS attacks) but they can be a valued asset when used correctly.
James Snook - Deputy Director For Cyber Security, Cabinet Office
‘My message for companies that think they haven’t been attacked is: You’re not looking hard enough'
4. Compliance With Cyber Security Policies
Rules are what makes civilization, well civil. We should already know by now not steal from others, vandalise property or install third party software on company systems. As simple as that last one might seem… It is frequently overlooked, along with several other common practices.
A few examples include; signing in to personal social media accounts, emailing sensitive data to work from a home machine, connecting company devices to unsecured networks or storing passwords on Word Documents.
After reading the individual practices, they would seem like common sense to most people but during the working day when we are entirely focused on efficiency – the more complex risks can be ignored.
I guess what I’m trying to say is reinforcing the fundamentals is paramount when trying to create and maintain a secure system.
David Mount - Director Of Micro Focus
‘Understand what data you hold, how you are using it, and make sure that you are practising good data hygiene’
5. Misuse Of Employee Privileges
You may believe that this should still come under compliance of Cyber Security policies however it does need to be addressed as a separate threat. The most common issues that arise tend to fall around company devices being used for non-work purposes or in fact for work but in insecure locations. The security of these devices can be fragile if not used correctly by your employees.
Similarly to the earlier threat, using company owned devices for non work purposes can quickly develop into serious risks to the digital infrastructure of an organisation. Some common practices to ensure your workforces privileges are not misused are; blocking access to websites that pose a potential threat through malware or phishing, ensuring administrator privileges remain with the IT department, automated monitoring of device usage (most often this is also done with an alert system should certain activities be attempted).
It may appear that when ensuring your staff follow strict guidelines that there is a lack of trust between employer and employee but this is simply not the case. When dealing with risks and threats of the level we have discussed earlier in this article, adherence to policies is paramount.
Robert Morris - Former Chief Scientist, US NSA
‘It's not good enough to have a system where everyone (using the system) must be trusted, it must also be made robust against insiders!’
6. BYOD (Bring Your Own Device)
Let’s imagine, you have just back to work from being on annual leave and you want to show your holiday photos off to your colleagues. You could just plug in your USB Flash Drive and begin your presentation but why is this usually considered to be a bad idea?
It’s simple, you have no way of knowing what could be lurking on that pen drive and it could be harmful. Your home computers security software may have not detected a virus like Malware, it has now infected your storage device and will continue to propagate across any enterprise network that you connect it to.
A study conducted by HP identified that 97% of employees devices contained privacy issues and 75% did not have sufficient data encryption.
This doesn't just refer to storage devices; laptops, mobile phones, tablets and even wearable technology all have the capacity to become hazards. Many organisations have created BYOD policies as there can be benefits such as using personally owned, company enabled devices can reduce expenditure from issuing employees with solely company owned devices. The risks present themselves when a personally owned device is used for both work and non work purposes simultaneously - in short, if the device is compromised by a third party then your software could easily become compromised too allowing the perpetrators to access sensitive documents and files.
The most common way of reducing these risks is to ensure any BYOD policies also contain addition security measures to be installed on any devices. This does allow protection for the personal usage of the device but most importantly increases the security of company operated applications and software.
Serene Davis - Underwriter At Beazley
‘A breach alone is not a disaster, but mishandling it is’
7. Cyber Security Mini Quiz
It would seem that reinforcing policies with newsletters and staff meetings can be beneficial to ensure that all of your employees are up to date with the latest Cyber Security threats but even this can fall short of what is required to provide a more secure environment. Training your staff appropriately is an essential part of developing awareness and providing your teams with the right skills to deal with potential threats before they mature into an imminent risk to your systems integrity.
Cyber Security can no longer just be focused on technology but it requires a collaborative approach driven from the boardroom down and includes EVERYONE within your organisation.
Can you protect your organisation against the latest threats? Find out how much you actually know about Cyber Security with our 10-question 'Cyber Security Mini Quiz'.
Stewart Kirkpatrick - Digital Strategy Consultant
‘Hoaxes use weaknesses in human behaviour to ensure they are replicated and distributed. In other words, hoaxes prey on the Human Operating System.’
8. Insufficient Recovery Planning
Once your organisation has suffered from a Cyber Attack, how do you intend to respond or fully recover?
Primarily, you need to analyse the information that you have regarding the events leading up to attack and obtain data from all network logs, error reports and personal observations that could indicate the cause of the data breach. Then review the data breach itself, what preventative measures were put in place to stop it and what immediately followed the termination of the threat.
If you’ve experienced a data breach, I would also suggest that you seek legal advice, stolen customer information or critical files may result in law suits against you. It could also become extremely challenging to perform contracted activities (the delivery of products or services) within a certain time frame due to damaged technology.
Schrodinger’s Backup, Anonymous
‘The condition of any backup is unknown until a restore is attempted.’
9. Password Cracking
It's exactly what it sounds like, Password Cracking is a classic form of attack. These Cyber Criminals will guess at your password repeatedly and will check it against a cryptographic hash of the password. This will be used to enter your system, cause mischief and steal stored data. There is only one surefire way to defend against this kind of attack - create a strong, memorable password containing a combination of upper/lower case letters, numbers and symbols and don't forget to change it regularly with no obvious patterns.
We all can understand the frustration of Google requiring your password to contain eight lower/upper case letters, three numbers, one symbol, five hieroglyphics and two mathematical formulas before you can do a password reset. It does have value, it ensures that your password is more complex and increases the workload required to hack it so external parties are more likely to seek alternative means of access.
If everyone in a company has particularly strong passwords(the more complex, the stronger it is) then it can reduce the probability of an attack being successful using this method. With the added benefit of accountability should an individuals work space be compromised. Should this occur you can quickly identify the cause and resolve it.
Generally accepted guidance when creating a strong password include:
- Avoid information about your family (for example: names or date of birth) and this includes your own name or date of birth.
- Ensure all passwords are significantly different by adding unusual symbols.
- Avoid using the same password for different applications.
Chris Pirillo - Founder & CEO Of LockerGnome
'Passwords are like underwear: you don't let people see it, you should change it very often, and you shouldn't share it with strangers.'
Yes, I'm positive that you've heard about ransomware before but it's a threat I couldn’t help but quickly mention!
Enterprises of any size can come under threat from aggressive ransomware attacks, it’s a type of software designed to block access to a machine and files until a sum of money is paid out, it has the ability to cause massive disruption to productivity within the workplace.
I’ve taken the liberty to include five helpful security practices to safeguard against these brutal assaults…
- Ensure that you backup your critical files frequently, keep your backup activity diversified and encrypt the back so it makes unauthorised access harder to accomplish.
- Scan compressed and archived files that can hide the infection with your anti-ransomware application.
- The best kind of prevention is actually to use common sense, if you are dubious about an unsolicited attachment then leave it well alone until you have identified the source.
- If you notice a suspicious process running on your machine, turn off the internet connection immediately as the ransomware will be stopped in it’s early stages before it has the chance to finish the encryption routine.
James Scott - Co-Founder & Senior Fellow Of ICIT
‘Ransomware is unique among Cyber Crime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact’
The images contained within this article are not owned by Purple Griffon and are the property of their respective owners.
So, Where Do We Go From Here?
With new attacks being reported every week it can seem that the war on cyber crime is an uphill battle that cannot be won, but by following best practices and developing your organisations overall understanding of the risks posed you can find yourselves in a much more secure position. There is no way to completely ensure your system is impenetrable, but you can make your company less of a target and ensure that you are in the best position to thwart attacks that may be attempted.
If you're interested in Cyber Security threats, take a look at our top security threats of 2018!