Thought leadership. Threat analysis. Cybersecurity news and alerts.
Artificial intelligence (AI) is becoming one of the most powerful tools in the cybersecurity arsenal. As the volume and sophistication of cyber threats continue to increase, AI has the potential to help organizations detect and respond to attacks more quickly and effectively. However, as with any new technology, there are challenges and risks associated with using AI in cybersecurity.
What are the opportunities in the cybersecurity industry?
One of the main opportunities for using AI in cybersecurity is its ability to sift through vast amounts of data and identify patterns and anomalies that might indicate a security breach. This is particularly useful in detecting advanced persistent threats (APTs), which are cyberattacks that are designed to evade traditional security systems. By using machine learning algorithms, AI systems can learn to identify the characteristics of an APT and flag it for further investigation.
Another opportunity of AI in cybersecurity is its ability to automate many of the repetitive and time-consuming tasks that security teams currently perform manually. For example, AI systems can be used to monitor network traffic and identify suspicious activity, scan for vulnerabilities in systems and applications, and respond to security incidents. By automating these tasks, AI can free up security teams to focus on more complex and strategic tasks, such as incident response and threat hunting.
Are there any challenges and risks in using AI?
However, there are also risks and challenges associated with using AI in cybersecurity. One of the main concerns is that AI systems may only sometimes be able to distinguish between legitimate and malicious activity. This can lead to false positives, which can overwhelm security teams and lead to a loss of trust in the AI system. Additionally, AI systems are only as good as the data they are trained on, and if the training data is biased or complete, the AI system may make correct decisions.
Another challenge with AI in cybersecurity is the need for more transparency and interpretability of the decision-making process. With traditional cybersecurity tools, it is relatively straightforward to understand how they work and why they flag certain activities as suspicious. However, with AI systems, the decision-making process may be opaque and difficult to understand. This can make it difficult for security teams to trust the system's decisions and take appropriate action.
Finally, there is a risk that cyber attackers may use AI to develop new and more advanced attack techniques. For example, attackers may use AI to create malware that can evade detection by traditional security systems or launch more sophisticated phishing campaigns. Futhermore, AI can be used to automate tasks that human attackers, such as reconnaissance and lateral movement, typically perform.
To conclude, AI has the potential to be a powerful tool in the cybersecurity arsenal, but it also presents new challenges and risks.
Organizations that are considering using AI in cybersecurity should be aware of these challenges and take steps to mitigate them. This includes ensuring that the training data is unbiased and complete, developing interpretable models and implementing transparency mechanisms, and having a robust incident response plan.
Additionally, organizations should stay informed of the evolving threat landscape and be prepared to adapt their AI systems as new threats emerge.
Please speak with our cybersecurity experts today to mitigate cybersecurity and IT risks for your business.
#cybersecurity #AI #business #risk
As a business executive, your responsibility is to protect your company from all threats, including cyberattacks. While there are many advanced technologies and solutions available to prevent cyber attacks, there are also some straightforward steps that you can take to safeguard your business. This article will discuss six shockingly simple tips that your employees need to know to protect your business from cyberattacks.
#1: Use Strong Passwords. Change Them Regularly.
One of the most basic yet essential steps to protect your business from cyberattacks is to use strong passwords and change them regularly. A strong password must contain a mix of letters, numbers, and special characters and must not be a dictionary word or easily guessable. You must also avoid using the same password for various accounts or systems.
To ensure that your employees follow this practice, you can implement a password management system that requires them to use strong passwords and change them every few months. You can also encourage them to use two-factor authentication (2FA) whenever possible, adding an extra security layer to their accounts.
#2: Enable Firewalls and Antivirus Software
Firewalls and antivirus software are crucial tools for protecting your business from cyberattacks. A firewall helps to block unauthorized access to your network, while antivirus software prevents the execution of malicious software on your systems.
You must ensure that all your devices, including computers, servers, and smartphones, have these security measures enabled. You should also keep these tools updated with the latest patches and definitions to ensure they are effective against the latest threats.
#3: Back Up Your Data Regularly
One of the most common tactics cybercriminals use is to hold your data hostage by encrypting it and demanding a ransom to decrypt it. To protect yourself from such attacks, you should regularly back up your data to a secure location, such as an external hard drive or a cloud-based storage service.
If your data is compromised, you can restore it from the backup, minimizing the attack's impact.
You should also ensure that your employees know this practice and encourage them to back up their data regularly.
It’s also a good idea to set up automated backups of employees' devices and retain the data following your internal policy while complying with local regulations.
#4: Limit Access to Sensitive Data
To prevent unauthorized access to sensitive data, you should implement access controls that limit access to specific individuals or groups. For example, you can set up different user roles and permissions based on the level of access required for each employee.
This way, you can ensure that only authorized personnel can access sensitive data, reducing the risk of data leaks or breaches. You should also regularly review and update these access controls to ensure they are still relevant and practical.
If a contractor or a vendor needs access to your network, systems or data to maintain it, create temporary access and restrict them using a predefined timeslot.
For example, if a vendor tells you it would take them 3 hours to complete the maintenance, make sure that their access expires in 3-hours. In addition, make sure that you have a chance management entry to identify why the access was given in the first place. It will help you if there are either technical or security-related issues.
#5: Educate Your Employees on Cybersecurity Best Practices
One of the most effective ways to protect your business from cyberattacks is to educate your employees on cybersecurity best practices. This includes teaching them how to identify and avoid phishing attacks, create strong passwords, and recognize and report suspicious activity.
You must conduct regular training sessions or workshops to keep your employees updated on the latest threats and how to protect against them. You can also consider hiring a cybersecurity expert to provide training and guidance to your employees and automate attack simulations to ensure your employees are aware and prepared.
#6: Use Encryption for Data Transmission
Encryption is a powerful tool for protecting your data from cyberattacks, especially when transmitting it over the internet. By encrypting your data, you will ensure that it is secure and can only be accessed by authorized parties.
You should use encryption when sending sensitive data over the internet, such as via email or online forms. Consider using a virtual private network (VPN) to encrypt traffic, making it invisible at any time.
Recent statistics have a chilling story to tell about ransomware attacks. An organization becomes a victim of ransomware every 11 seconds. Further, by the end of 2022, ransomware's damage is expected to reach $21 billion.
The rise in cybersecurity crime has many businesses on edge. In fact, even start-ups invest in cybersecurity from day one to ensure it does not disrupt their business or even shut them down completely.
Another recent statistic suggests that one out of every eight small businesses will need to file for bankruptcy this year because they fell victim to a cyberattack.
The best way to defend your business from ransomware attacks is with education. When you understand what it is and how it happens, you can create the necessary security measures to prevent them.
Here is what to know about ransomware and cybersecurity.
What Are Ransomware Attacks?
From crypto-virology, ransomware is a kind of malware. The ransomware threatens a victim with publishing their personal data. They also threaten to permanently block a user’s access unless the user pays a ransom fee.
Some forms of ransomware may not damage files, but only lock the user’s system. There is more advanced malware on the attack today that uses a technique technology experts call cryptoviral extortion.
There are many ransomware variants, including:
The way ransomware implements itself varies. However, they attack at these common core stages.
First, they will infect and disrupt vectors. Next, they will encrypt the files on your machine. Last, the cybercriminal demands a ransom.
How to Stop Ransomware Attacks
The best thing to do about ransomware attacks is to stop them before they start. You want to leverage best practices with proper preparation. This will not only decrease how a ransomware attack with impact your company, but it will decrease the cost that is associated with fixing cyberattacks.
There are plenty of security benefits when you follow these best practices.
Educate Employees on Cyber Awareness
The primary source for ransomware to be attacked is a user receiving a phishing email. Employees need to identify a phishing email and not click on its content. A phishing email will ask the user to click on a malicious link, so avoiding such links will prevent ransomware attacks.
Backup Data Often
The way ransomware works are that it will restore a user’s access if they pay a ransom. However, if you back up your data often, you can recover your data following an attack with minimal data loss and you do not need to pay the ransom. Regular backups must be routine.
Cybercriminals will find vulnerabilities in a system and target it before a developer can create a patch. That is why patches are so important and your technology team must keep up to date with them. When they apply patches to your systems, it reduces potential vulnerabilities.
Weak passwords create vulnerabilities. First, it is important to choose a strong password that another person cannot guess; but second, it helps to add two-factor authentication.
Two-factor authentication requires two factors to verify your identity. You would need two of the following three factors to gain access to your account:
Essentially, two-factor authentication goes beyond just the username and password.
How Can You Remove Ransomware?
If a ransom message appears, this means that ransomware was successful in infecting your machine. When you experience an active ransomware infection, you will need to respond to it. You must decide whether or not you will pay the ransom.
Mitigate the Infection
Often, a user will only detect ransomware after data encryption completes. You will know because you will see a display of the ransom note. While you cannot recover your encrypted files, there are still steps you can take to lessen the potential damage.
First, place the machine with the infection in quarantine. Ransomware usually attempts to spread to other machines and connected drives. That is why it is important to stop the spread by quarantining.
Next, it may tempt you to turn the computer off, especially because it will appear unstable. However, this will decrease the likelihood of recovery, including a loss of volatile memory. Leave your computer on while you sort this out.
Backups and Decryption
Then, create a backup. It is possible sometimes to decrypt the files even when you do not pay the ransom. Grab a removable media and make a copy of your encrypted files, particularly in case a future decryption attempt fails.
If you want to try to decrypt your files, you can check out the No More Ransom Project. They may have a decryptor available for free. Another option is to seek the help of a digital forensics expert.
Finally, you will want to wipe and restore your machine. You can use an operating system installation or a clean backup. This way, the malware will be removed from your device completely.
Investing in Cybersecurity
Choosing a trusted partner to help you with compliance and cybersecurity will reduce risks and improve your infrastructure. Discover the security benefits of working with The Driz Group!
Unfortunately, no business is immune to cybersecurity challenges when you have digital assets. That is why you need a partner to help you solve complex information security problems.
The professionals at The Driz Group help their customers every day to prevent and mitigate ransomware attacks by proactively managing their cybersecurity programs.
Prevent data breaches before they happen and contact The Driz Group today!
By 2025, cybercrime is expected to reach damages of $10.5 trillion globally. Organizations around the world are noting this, just like you should. Between the years 2021 to 2025, cybersecurity spending across the globe will climb over $1.75 trillion cumulatively.
Cyber security awareness is a popular business aim, high on the list of priorities. Now, how are you leveraging it as a competitive advantage?
If you are not, you are really missing the boat on some major opportunities. Here is why.
The Canadian government reports that 97.9% of their businesses are small businesses. Small businesses employ approximately 68.8% of the private labour force.
The biggest challenge with cyber security is that large corporations have the budget to invest in it, while small companies view it as something that would be nice to have, but won’t make the budget. Therefore, 97.9% of Canadian businesses may not make cyber security a “must-have” priority.
Cyber security means business continuity, giving your business (big or small) the upper hand in production. All businesses should prepare for hackers with fail-safes. Organizations need to prepare for disaster recovery and create protection from troublesome employees.
A breach in security can be a PR nightmare for any company, and possibly even put them out of business completely. How do you believe a potential customer will view your organization if they feel your organization lacks data protection? Will a customer want to do business with you if they fear their data is unsafe?
As a competitive advantage, with your public relations, show that you mean business for cyber security awareness. You want to let your clients and prospects know you take data protection seriously, more so than your competitors.
You can build a brand image and an entire marketing campaign around the measures you are taking for data protection. No matter what industry you serve, and whether you sell B2B or B2C, your customers will appreciate your efforts and love doing business with you for it.
When you lock down your company’s data and keep it away from cybercriminals, you can also keep it away from your competitors too. An example is when a salesperson jumps ship and gets hired by a competitor. You do not want your intellectual property in the hands of your competition.
There are IT security measures you can take to avoid this. You can implement software, configurations, and policies as a preventative measure.
What else can you do to protect your business from malicious actors? Work with an IT provider and ask how they protect your email, edge, and endpoints. Specifically, ask about:
Work with an IT provider that can help with training and education for your users in the business. You can run tests too, to see if your employees can spot a phishing email.
Business Continuity and Disaster Recovery Plan
If you do not have a plan in place already, you will need a plan immediately. Any delay puts your business at risk.
An important piece of data protection is having the ability to reverse time. Again, if you cannot quickly and easily turn back the clock for the complete system, you may risk significant damage in case of a cyber attack. In fact, an attack may render your business unable to operate.
Image-based backups can help. They take snapshots hourly of your system. They back up in two locations that are totally separate, with an operating system that differs from what your business uses daily.
The reason for this is that a virus can spread when using the same operating system. Having a different operating system as a backup adds a layer of protection.
Use Data Encryption
Any business can encrypt its data today with the rollout of modern technology. There are multiple programs available that will encrypt and decrypt your data, simply, for emails, files, and hard drives.
Speaking of hard drives, if you have old devices, you will want to do one of the following:
Keep in mind that data protection does not require a genius to do it, but it needs a company with the right tools and training for success.
Stay Up to Date with Patches and General Software Updates
The sooner you make updates, the sooner you can feel more confident about cyber security and digital safety. Unfortunately, hackers love software vulnerabilities. It is how they thrive.
A software vulnerability in a software program or operating system is a weakness or security hole. Hackers use it to their advantage and write malware to target the vulnerability. Opening a compromised message, visiting a rogue website, or playing infected media can be an entry point for an employee to exploit your system.
Malware will steal data. The hacker can now control the device and encrypt files.
When your business devices continually update their software, including patches, it is a way to cover security holes. This keeps hackers out.
Cyber Security Awareness Means a Competitive Advantage
If you are not currently using cyber security awareness to grow your business, you can leave money on the table. Whether it is for productivity, public relations, marketing, employee retention, or in case of a disaster, cyber security matters to your business.
At The Driz Group, we are your trusted partner for cyber security and compliance. We reduce risk to your business with web application protection services, fully managed infrastructure, and delivery of cyber security consulting.
Big or small, The Driz Group can help your business. Contact us today to learn more.
Download your own copy of this article and become cybersecurity awareness champion.
52 Cybersecurity Tips for Personal or Business Application You Need in 2022
Looking for quality cybersecurity tips?
Here are 52 cybersecurity tips that you can apply to improve your online safety whether you’re using the Internet for personal or business purpose.
Cybersecurity Tip #1: Cyberattack isn’t a matter of if, but when
Yes, there are people and businesses who have deeper pockets than you or have more interesting data than you. This doesn’t mean cybercriminals don’t find you attractive.
Most of cyberattacks aren’t targeted for the rich and famous. Cybercriminals simply automate their attacks and victims are hit not by how deep their pockets or how famous they are but by how weak their cyber defenses are. Don’t be an easy target.
Cybersecurity Tip #2: Malware 101
Malware comes from the words malicious and software. A malicious software is one that’s maliciously injected by cyber criminals into your desktop, laptop, smartphone, tablet or internet of things (IoT) devices like wi-fi router, CCTV camera or smart TV.
Cyber criminals have found and are continuously finding creative means to deliver malware into computers using website, ads and email to name a few, causing damage to the devices, stealing data and committing other cybercrimes.
Cybersecurity Tip #3: Don’t trust public charging stations
You’re long away from home or from the office and your smartphone’s battery is about to die. You spot a public charging station.
Hold up, public charging stations are ripe places for the cyberattack called “juice jacking” – a form of cyberattack that compromises public charging stations, stealing all the data on a smartphone that connects to it or installing a malware into the smartphone.
Charge your phone before you go out or get your own portable charger, also known as a power bank.
Cybersecurity Tip #4: Use 2-Factor Authentication
Who can blame you if you use the name of your dog as your password or use the monumental 12356789 password? There are just too many passwords to remember, from email accounts, bank accounts to your Netflix account.
While it isn’t advisable to use easily hacked passwords like 12356789, it’s best to use 2-factor authentication for your sensitive accounts like your primary emails.
The 2-factor authentication ensures that you're the only person who can access your account, even if someone knows your password. It will add a second step to your login process sending a verification code to your mobile that hackers won’t have access to. It’s easy to setup with virtually every online service.
Cybersecurity Tip #5: Never use a public computer to input your private data
In public spaces like airports and hotels, public computers are offered to guests to use free of charge.
While these public computers are beneficial to search for something, these public computers shouldn’t be used, for instance, to shop online where you’ve to input your private data or even check personal or work email.
The public computer that you’re using can be tampered with a keylogger – a malware that records every keystroke made by a computer user. Your passwords and other confidential information can be accessed this way and then used by cybercriminals to steal your information and your identity.
Cybersecurity Tip #6: Use an antivirus or a complete endpoint protection software
An antivirus won’t protect you from all malware in this world but it’s a cyber defense that you should have to improve your online safety. A complete endpoint protection on the other hand will provide a better protection against most online threats.
There are many options to choose from and since it’s a commodity, annual subscription prices are generally very affordable.
Cybersecurity Tip #7: Delete old, unnecessary apps
Similar to cleaning out your closet regularly, same thing has to be done with your laptop, smartphone and tablet apps.
Old apps, especially those that are unsupported – software that’s no longer updated by the software maker – make your devices vulnerable to cyberattacks.
Cybercriminals are particularly making malware that attacks old and unsupported software and apps to steal your personal information and evade your privacy.
Cybersecurity Tip #8: Keep all your software up-to-date
If there’s an available update for any of your software, install the update as soon as possible!
A software update means that the software vendor found security vulnerability in the software and provides a patch – piece of software code that fixes the security vulnerability.
The security update may interrupt your normal usage of your device, but this is a small price to pay compared to being a victim of a cyberattack as a result of failing timely to update your software.
Cybersecurity Tip #9: Stay away from websites without “HTTPS”
What does “HTTPS” even mean?
A website address that starts with “https” is a sign that whatever you input in the website is encrypted – a process that jumbles the data (for instance, credit card details) that you’ve input in the website into some incoherent form so that this data can’t be read by cybercriminals when data travels online.
Cybersecurity Tip #10: Don’t overshare
Your social media accounts are filled with photos of your furry family member. There’s no harm in sharing these photos.
Don’t overshare the details of your other family members like full names or dates of birth. Any of this data could be the secret answer in resetting your online account passwords without your knowledge.
Cybersecurity Tip #11: Protect your primary emails as if your life depended on them
Your online existence depends on your primary emails. Your online bank accounts are attached to your primary emails.
When your primary emails are compromised, this could lead to the compromise of your other important online accounts. So, protect them as if your life depended on them (really). Protect them with strong passwords that are not based on a dictionary words and use 2-factor authentication. Remember, “Linda123” is a weak password that could and will be easily guessed by cybercriminals.
Cybersecurity Tip #12: Free your primary emails from spam emails
Similar to the origin of the word “spam” – canned meat that clogs your arteries, spam emails are similarly harmful to your online health or security.
A spam email is an unsolicited email, a copy of which is sent to hundreds of thousands, if not, millions of recipients. Majority of malware – malicious software - is delivered through spam emails.
Never open an unsolicited email even when the subject line is catches your attention. Delete it automatically.
Cybersecurity Tip #13: Watch out for fake ads
Who can resist a 70% off sale? Not many. But if this is an online advertisement, be wary of it. Cybercriminals are getting their hands on what appears to be legitimate online advertisements but are, in fact, fake ones.
Known as malvertisement, from the words malware and advertisement, these fake ads install malware on your device once you click on it.
Use an adblocker to protect your devices from malvertisements.
Cybersecurity Tip #14: Download an app from official sources
Want to learn a new language? There’s an app for that. Almost everything nowadays has an app.
Only download an app from the official website or from official app stores including Apple and Google.
Cybersecurity Tip #15: Scan apps for malware
Not all apps from official app stores, Apple or Google, are free from malware. While these official app stores make it a point to screen out apps with malware, some malicious apps aren’t screened out.
Use an antivirus or endpoint protection software that screens apps prior to installing into your device.
Cybersecurity Tip #16: Fish out phishing emails
A phishing email is an email that looks like it comes from a trusted source, but it isn’t. Cybercriminals use phishing emails to gain your trust for you to reveal sensitive data or convince you to do something.
For instance, you may receive an email that looks like it comes from your bank, asking you to reveal your account login details. A close scrutiny though reveals that the email address of your bank is slightly modified to fool you into thinking that it’s a legitimate email from your bank.
Never throw away caution whenever an email asks for your sensitive data. Remember that login details are your personal information. Your bank will never ask for your login details via email or over the phone.
Cybersecurity Tip #17: Monitor your email activity log
If you’ve a Google email account, you can monitor who have access to it – what browsers, devices, IP addresses they are using and when they accessed it.
You can terminate unwanted access to your email account with a single click.
Cybersecurity Tip #18: Be careful what you click
Something pops-up in your computer screen: a box where there’s a “Download Now” button to download the latest version of Adobe Flash.
But you don’t even know what an Adobe Flash is. Never click on pop-ups like this. Cybercriminals lure victims to click on pop-ups like this in order to install malicious software on your computer that would allow them to use it against other computer users like you.
Cybersecurity Tip #19: Put a tape over your laptop's camera
Mark Zuckerberg does it, so should you – put a tape over your laptop's camera, that is.
A malicious software can turn your laptop, smartphone or tablet camera into a spy camera. Better be safe than sorry by putting a tape over that camera.
Cybersecurity Tip #20: Have more than one email account
Never rely on one email account. Create different emails for different purposes.
For instance, the email account that links to your Netflix account should not be the same as the email account you use for your bank account.
Cybersecurity Tip #21: Never trust an email attachment, even from a friend
You’ve just received an email from a friend with the subject line "ILOVEYOU". You’ve scrutinized the email address and indeed it’s from a friend – one that you’re fond of.
Your friend’s email says, "kindly check the attached LOVELETTER coming from me." Should you open the attachment?
In 2000, millions of email recipients opened an email with the subject line "ILOVEYOU" and downloaded the attachment assuming that it was a love letter. What was downloaded was, in fact, a malware that wiped out all computer files.
So, even if the email address appears to be from a friend, never open an attachment. An email address nowadays can be spoofed.
To be safe, directly contact your friend to verify if he or she indeed sent the email. Don’t use the Reply button. Create a new email using the email address that you’ve saved in your contacts.
Cybersecurity Tip #22: Don’t forget to do a factory data reset
Feeling generous or running out of cash? Your laptops, smartphones and tablets are valuable products to giveaway or earn cash.
Before selling or giving them away, don’t forget to do a factory data reset or even “sterilize” your device using specialized tools. This will delete all your personal data like email details, sites that you’ve visited and photos and videos that you’ve taken.
Cybersecurity Tip #23: Stay away from USBs and external hard drives
Anything that’s plugged into your laptop like USBs and external hard-drives is a potential source of malicious software.
As such, stay away from them or find excuses not to use them, especially if they come from untrusted source. If you must use them, first disable the auto-run option and use an antivirus to scan the content.
Never plugin any USB thumb-drives that you find on the street, at the mall or at the airport. Cyber criminals use this clever technique to infect your computer with malware.
Cybersecurity Tip #24: Avoid public wi-fi
Almost all coffee shops and retail locations nowadays have public Wi-Fi. Know that whatever you access online by using a public Wi-Fi can be read or tracked by others.
You can better protect yourself buy using an inexpensive VPN service or ask your company’s IT for a recommendation when away from the office.
Cybersecurity Tip #25: Use a burner phone if you want to be reckless online
If you want to visit sites that are notoriously unsafe, or you want to download an app that you’re not sure it’s safe, then a burner phone is a must.
A burner phone should be a separate phone. Your primary phone is one that you use for sensitive information like your primary emails and bank accounts.
With your burner phone, no sensitive data should be entered. As no sensitive data is at stake, you can do whatever you want on this phone.
Cybersecurity Tip #26: Slow performance of a device is a sign of a cyberattack
Ever wondered why your laptop, smartphone or tablet is running slow? This could be a sign that your device is has been hacked and/or tempered with.
Slow performance is one of the signs that a device is infected with a malicious software.
Cybersecurity Tip #27: Watch your back from disgruntled employees
Some people can’t seem to move on. This is the case mostly by fired employees.
Make sure that before firing someone, his or her access to your organization’s data must first be disabled.
Cybersecurity Tip #28: Never re-used a password
The name of your dog as a password for all your online accounts isn’t advisable.
Cybercriminals have long discovered that people re-used their passwords. Stolen passwords are sold in the online black market as these are used to access other online accounts.
Cybersecurity Tip #29: Use a separate credit or debit card for online shopping
Trust no one online. This should be the case every time you shop online. The risk of cyberattack on your most trusted online store can’t be dismissed.
Don’t give cyber criminals the opportunity to access your hard-earned money. Get a separate credit or debit card solely for online shopping use. Only put in the amount that you’ll use and only leave the required minimum balance.
Cybersecurity Tip #30: Never turn on out of office or vacation reply
Excited about your upcoming tropical vacation? Don’t turn on that out of office or vacation reply.
In your personal or office email, there’s an option to turn on the out of office or vacation reply. When this feature is turned on, every time people email you, they’ll receive an automatic email reply that you won’t be able to reply to them right away.
While this is mindful to legitimate email senders, this is a security risk. Criminals may take your absence as an opportunity to attack your office or your home. Fortunately, some email providers allow restricting the out of office replies to your contacts only.
Cybersecurity Tip #31: Never reveal your real location
It’s tempting to post on social media those lovely vacations photos immediately right after they’re taken or to go live via Facebook to share the beautiful scenery where you’re vacationing.
Revealing your exact whereabouts via social media postings is a cybersecurity risk. Criminals may take advantage of your absence and may do something sinister in your office or home.
The delayed postings of your vacation photos and videos will bring the same reaction from your frenemies. They’ll either love or hate you more.
Cybersecurity Tip #32: Turn off your geo-location
Turning on geo-location in your Google, Facebook, Instagram and other social media accounts can tip criminals of your exact whereabouts.
Always turn this off to protect your privacy.
Cybersecurity Tip #33: Never use the following abused passwords
A Google and UC study revealed that passwords listed below are the most commonly used and abused passwords:
Cybersecurity Tip #34: Mind your IoT devices
IoT devices like your wi-fi router, CCTV camera and smart TV are computers too. Protect them like your other devices such as laptops and smartphones as IoT devices are similarly targeted by cybercriminals.
Your insecure IoT device can be used by cybercriminals to form a botnet – a group of insecure IoT devices that are infected with malware and controlled by a cybercriminal or a group of cybercriminals to conduct cybercrimes such as spreading spam emails.
Changing the default passwords to stronger passwords and keeping the software of your IoT devices up-to-date are two of the best cybersecurity practices to protect your IoT devices from cyber criminals.
Cybersecurity Tip #35: Cybercriminals may be making money out of using your computers
Your desktop, laptop, smartphone, tablet and IoT are money-making machines for cybercriminals who are engaged in the cyberattack called cryptocurrency mining.
A number of cryptocurrencies, including Bitcoin, need to be mined. Cryptocurrency mining refers to the process by which transactions are verified and also a means of releasing a new digital coin.
In the past, ordinary computers were used to mine Bitcoin. Today, to mine Bitcoin, one needs a specialized and powerful computer. Other cryptocurrencies like Monero, however, can be mined using ordinary computers and even small devices such as smartphones and IoT devices.
The computational power of your devices may be small but when they are combined with thousands, if not, millions of other devices, the resulting computing power is enormous.
According to a security company Avast, more than 15,000 IoT devices would be needed to mine $1,000-worth of Monero coins in just 4 days.
The thing about cryptocurrency mining attack is that this is done without the knowledge of the IoT device owner. High energy bills, poor device performance and a shortened device lifespan are signs that your IoT devices are used by cybercriminals for cryptocurrency mining.
Using strong passwords and keeping the software of your IoT devices up-to-date are 2 of the effective means to protect your devices from cryptocurrency mining.
Cybersecurity Tip #36: Your IoT devices can be used for DDoS attack
In a distributed denial-of-service (DDoS) attack, an attacker may take advantage of the weak security of your IoT device like your CCTV camera, inject a malicious software into it, control it and send huge amounts of data to a website, making a website unusually slow or making it inaccessible to visitors.
Protect your IoT devices from being used for DDoS attacks by changing the default password to a stronger one and keep the IoT’s software up-to-date.
Cybersecurity Tip #37: Backup important data
Have an extra copy or copies of your important data or use a secure online storage. This way, if anything happens to your laptop, smartphone or tablet with your important data on it, you’ve something to fall back on.
Cybersecurity Tip #38: Prevent ransomware
Real-life crimes are mirrored online. In a ransomware attack, a cyber attacker injects a malicious software in your desktop, laptop, smartphone or tablet, encrypts all the files, locking you out of your device and asks a ransom payment from you to unlock the device.
Keeping all your software, especially your operating system, up-to-date is one of the effective means to prevent ransomware attacks. Backing up your important data ensures that ransomware attacks won’t have an effect on you as you can simply ignore the ransom threat as you’ve another copy of the data.
Cybersecurity Tip #39: To pay or not to pay in case of a ransomware attack
If you’ve a backup copy of the data that ransomware criminals are holding hostage, then there’s no point in paying the ransom.
Backing up your data is, therefore, very important so that ransomware criminals won’t have any leverage on you.
Dilemma often comes from ransomware attack victims who haven’t backed up their data. Paying the criminals, however, doesn’t guarantee that you’ll get your data back.
The software code of infamous WannaCry ransomware, for instance, was written in such a way that even the criminals themselves can’t unlock the locked data even if the victims pay ransom.
Cybersecurity Tip #40: Install adblocker
Many online ads install malware on your computer.
To prevent malicious ads from appearing on web pages, install an adblocker – software that blocks online advertisements from appearing on web pages that you visit.
Cybersecurity Tip #41: Don’t be a victim of social engineering
Social engineering is a form of manipulation that convinces you to ignore normal security procedures.
In your personal life, you may receive a call from someone pretending to be from your bank, asking for your bank login details.
At work, you may receive a call and an email from someone pretending to be from your company’s supplier, asking you to transfer money to the supplier’s new bank account.
In both situations, you’re asked to do something that’s not within the normal security procedures. Your bank wouldn’t call you to ask for your login details. And company protocols for money transfer to a new bank account are more exhaustive than a mere phone call or simple email.
The scam at the office is what is called business email compromise (BEC) scam. It’s a form of social engineering where scammers try to convince you, especially if your work at the office is related to finance, to ignore normal office security procedures.
BEC scammers see to it that your boss is out in the office when the scam happens. Scammers will call you, email you, pretend that they represent your regular supplier and convince you to make money transfer to the new bank account of the supplier.
The scammers may send a spoof email that looks like it comes from your boss, convincing you to release money to the new bank account.
The best way to avoid being a victim of the BEC scam is to verify the authenticity of the money transfer request by talking face-to-face to your CEO or by speaking to him or her directly on the phone.
Cybersecurity Tip #42: Legitimate website may be a carrier of malware
A legitimate website doesn’t mean it’s a safe site. Cyber criminals are using insecure sites to spread malware through a cyberattack called drive-by attack.
The attack is called “drive-by” as this requires no action from the victim, other than visiting a website.
Criminals may plant the malware on the site visited by the victim or the criminals may redirect the victim to another site and from there infects the computer of the visitor with a malware.
Typical victims of drive-by attacks are computers with outdated software. To prevent drive-by attacks, it’s important then to keep all your software up-to-date by installing updates as soon as it becomes available.
Cybersecurity Tip #43: Delete potentially unwanted apps
Potentially unwanted apps (PUA) are software that you haven’t intentionally downloaded. They’re just downloaded along with an app that you intentionally downloaded.
These unwanted apps could display pop-ups, install browser extensions and even change your current browser. They may be harmless at first, but once cyber criminals get hold of them, they could become malicious overtime.
One way to prevent unwanted apps from entering your computer is by going to advanced setting whenever you download an app. In the advanced setting, uncheck the apps that you don’t want to be installed on your computer. In case you’ve missed this advanced feature, delete these unwanted apps manually.
Cybersecurity Tip #44: Stay off-grid
Whenever you aren’t using your laptop, smartphone or tablet, disconnect your device from the internet.
Whenever you notice that a cyberattack is about to happen through unwanted pop-up ads or a rogue email, disconnect your computer from the internet immediately and use your end point protection software to scan your device.
Cybersecurity Tip #45: Exercise caution when visiting notorious sites
Torrent sites (include porn sites to the list) are notorious for being hotbeds for drive-by attacks.
Stay away from sites like these. If you need to visit these notorious sites, use a burner phone, one that’s cheap and can easily be discarded.
Cybersecurity Tip #46: Use your laptop as standard user, not as administrator
In your operating system, in Windows 10 for instance, you’ve the option to run your computer as a standard user or as an administrator.
As a standard user, you can perform common daily tasks like surfing the internet, checking emails and running software programs. As an administrator, you can add, remove software and even reset the PC to factory setting.
Setting your PC to standard user ensures that you won’t unintentionally add or delete software. Only set your PC to administrator mode if you need to make conscious clean-up of the existing apps on your PC. Setting your PC to standard user will also minimize the risks of malicious installation of malware into your PC.
Have a Guest account on your computer? If you really need it, make sure you use a strong account password.
Cybersecurity Tip #47: No one could address ALL cybersecurity issues
If someone tells you that he has an all-in-one fix to all cybersecurity problems, know that he’s blowing smoke.
Fifty-two cybersecurity tips are particularly listed here as there are more than one solution to preventing cyberattacks and data breaches.
Cybersecurity Tip #48: Not all hackers are bad
Every day hackers, the good ones and the bad ones are always looking for security vulnerabilities on widely-used software programs.
Good hackers, also known as white hat hackers or ethical hackers, regularly test software programs for security vulnerabilities. Once a white hat hacker discovers any security vulnerability on a particular software, this is then reported directly to the software maker in order for the software maker to issue a security update fixing the newly discovered security vulnerability.
Software makers like Google, Apple and Microsoft give monetary rewards to white hat hackers for their discovery and for directly reporting the security vulnerability.
Many software companies are also employing in-house hackers to test the security vulnerabilities of their software products.
Bad hackers, also known as black hat hackers, regularly test widely-used software for security vulnerabilities. Once they discover it, they don’t report this to the software maker and instead use it for personal gains like launching cyberattacks using the newly discovered security vulnerability or selling via online black market the information or the malicious software created specifically to exploit the newly discovered security vulnerability.
Like in the real world, there are gray areas. Same thing in the world of hacking, there are gray hat hackers. They are often a mix of white and black hat hackers. Gray hat hackers often search for security vulnerabilities for widely-used software. Once they discover a vulnerability, they’ll contact the software owner, demand a payment for the discovery or for the security fix if they’ve one. If the software maker doesn’t pay up, a gray hat hacker threatens the software maker to expose the security vulnerability to the public.
Cybersecurity Tip #49: Stay away from anything that’s free online
Like in real life, nothing is free. Stay away from free apps, free antivirus, free VPN (virtual private network), free Wi-Fi.
Free stuff online almost always has a caveat, that is, free service for stealing your data, for instance. Remember Facebook’s data breaches? Well, after all it’s a free service.
Cybersecurity Tip #50: Do your own research in choosing any software, internet service provider or any online services
Always do your own research when it comes to choosing anything that connects your primary devices like your main laptop and main smartphone to the internet.
Your main laptop and main smartphone are devices where you access your sensitive information like your important emails, bank accounts and other important accounts.
It’s, therefore, essential that you spend time choosing the most trusted, credible software, internet service provider and other online services. A simple online search will tell you whether such online service is credible or not. If you have a friend or a family member who works in cybersecurity or IT fields, always ask for their opinion.
Cybersecurity Tip #51: What to do in case of a cyberattack?
In case of a cyberattack, your immediate reaction should be to go off the grid. Immediately disconnect your computer from the internet. Then use an uninfected device, another laptop or another smartphone to change your passwords and activate 2-factor authentication of your primary emails and important accounts like bank accounts.
What to do with the attacked device? Conduct a full scan of the device and if possible perform a factory reset.
A full scan will aid you in discovering and deleting hidden malware, while the factory reset will erase all the data, including the malware injected into your device. The problem with factory reset though is that it’ll erase even your important data.
This is why it’s a good practice to backup all your important files so that if anything happens you can still have access to your important data despite the failure of one device.
There are plenty of online services that will sync your data and will keep it safe in the Cloud. Check with your IT prior to installing anything on your work computer or company issues mobile device. You could be violating company’s policy.
Cybersecurity Tip #52: Cybercrime is a growing business
Here are few numbers:
$16 Million-worth of ransom payment was paid by nearly 20,000 ransomware victimsduring a 2-year period, a study conducted by researchers from Princeton University, New York University, University of California, San Diego, Google and Chainalysis showed.
3 Billion was lost to BEC scammers from January 2015 to February 2017, according to the Federal Bureau of Investigation (FBI).
More and more hackers are using distributed denial-of-service (DDoS) attacks to hold businesses to ransom.
In June 2021, the Canadian Centre for Cyber Security issued an alert to raise awareness of increased DDoS extortion activity. One notable case occurred in September of that year, with ITWorld Canada reporting that a voice-over-IP provider in Canada had been targeted.
The perpetrator was believed to have demanded one bitcoin (equal to around $45,000) as payment to end the assault. Numerous other companies have been hit since.
With ransom DDoS incidents becoming more common, it’s crucial that organizations understand how serious this threat is, how it could affect them, and what defensive measures they can use to stay safe.
But before we explore what a ransom DDoS attack is and how you can stop it, we’ll cover the basics.
What is a DDoS Attack?
A DDoS attack floods a specific network, server, website, or application with an overwhelming amount of traffic. This disrupts the normal flow of traffic and prevents the target from operating as it should.
Perpetrators tend to use botnets to launch DDoS attacks. A botnet is a network comprising many connected systems, all of which have been infected with malware, to generate disruptive traffic. These devices may be computers, IoT (Internet of things) gadgets, or mobile devices.
A hacker can leverage these “zombie” systems to attack their target with enough traffic to cause serious problems. Attackers may aim to:
But with ransom DDoS attacks, hackers are driven more by greed than anything else.
What is a Ransom DDoS Attack?
A ransom DDoS attack (often referred to as a RDDoS attack) is essentially the same, but with a few key differences. The attacker’s goal is to extort money from the target through threats and even brief demonstrations of their power.
A hacker may launch a DDoS attack against a business then contact the victims to demand payment. They will expect the target to pay the ransom, and if they remain unpaid, the attacker will continue the DDoS assault.
Alternatively, hackers may threaten the target before they begin the attack. Their objective will be to inspire panic in the potential victims and receive money without needing to act.
However, an inexperienced or unequipped perpetrator may lack the resources or knowhow to follow through on their threat. In this case, an organization could emerge from the incident unscathed even if they refuse to pay the ransom.
How Does a Ransom DDoS Attack Disrupt Businesses?
A ransom DDoS attack could disrupt your business in various ways, assuming the perpetrator launches the attack instead of simply issuing a threat.
Preventing an attack, and being prepared to handle one just in case, is vital to reduce your risk of experiencing these issues.
What Can You Do To Prevent a Ransom DDoS Attack?
Keep the following measures in mind to help prevent a ransom DDoS attack against your organization:
Refuse to Pay the Ransom
Your first instinct may be to pay the ransom, but you have no way of knowing whether that will stop the attack. It may continue, or the perpetrator could retarget your business again because they know you’re likely to pay a second time.
Train Employees to Handle Threats Responsibly
Educate your workers on what a ransom DDoS attack involves, how they usually unfold, and what actions to take if they receive a threatening message. They should know who to report an incident to and how to recognize early signs of an attack.
Look Out for Warning Signs of Impending Attacks
Common early signs of a DDoS attack include:
These could indicate other problems, too, such as outdated equipment. However, it may be best to have any of these signs investigated by cybersecurity specialists just in case.
Ensure Your Security Measures are Updated and Effective
If you haven’t updated your firewalls and other IT security measures in a while, review them to identify potential weaknesses. Outdated cybersecurity software may lack the features to protect your business.
Work with Professional Cybersecurity Specialists
Reviewing, updating, and testing your cybersecurity setup is complicated. But it’s critical to reduce your risk of being affected by a ransom DDoS attack. For many companies in Canada, the simplest way to combat threats is to work with a team of cybersecurity professionals.
At The Driz Group, we’re dedicated to providing unparalleled cybersecurity solutions for businesses in all sectors.
Our experienced, trained, reliable team will perform a comprehensive IT audit and vulnerability assessment to accurately determine your unique security requirements. And we’ll implement the best security available to always defend your organization.
Start protecting your business — schedule your free consultation with The Driz Group today.
Did you know that the amount of money lost to cyberattacks in the US rose to a record $4.2 billion in 2020 and there were 800,000 cybercrime complaints made to the FBI? Phishing was the most common way used by cybercriminals to get confidential data from unsuspecting recipients.
Are you worried about the different cyberattacks that businesses have to watch out for? Do you want to learn about this cybersecurity threat so you can protect yourself and your business better? Keep reading to find out more.
1. Phishing Attack
The weakest link when it comes to your business's cybersecurity is your employees. They are vulnerable to many different kinds of cyberattacks, the most common of these being phishing attacks.
In this attack, cybercriminals trick your employees into revealing their login credentials. They might send an email with a malicious link in it, which when clicked asks them for their login details. If the employee is tricked into it, the cybercriminals can get access to their important accounts.
It's a cheap and efficient way for cybercriminals to get lots of sensitive and confidential data from people. This can leave your organization vulnerable to losing customers and future business because your reputation is degraded and negatively affected.
That's why people are always told never to click links in an email that seems suspicious and to never give out any sensitive or confidential information in an email.
2. Malware-Based Attack
Using a common delivery method like email, cybercriminals will install malware on the person's computer which will allow them access to the login details and other important data on the user's system. This kind of attack uses your weak link, i.e. employees, yet again. That's why training and informing your employees about various security threats is so crucial.
Sometimes the cybercriminals will select their targets carefully from the employee roster at an organization, but other times, they will send an email en masse and see what they get back.
3. Attacks Through Uploading Files
This file upload attack is used commonly on websites that allow users to upload files, like contact form attachments, social media posts, profile photos, etc. This allows cybercriminals to write a huge chunk of malicious code onto your server and get access to your entire website.
The problem is most websites have this file upload option on them, such as code in a user profile or contact form. No website seems safe from this vulnerability.
4. Outdated And Vulnerable Software
Sofware technology comes with a short life cycle and it needs constant updating, patches, and upgrades to ensure that it runs safely. And is also compatible with other software. It's important to ensure all the software your employees are updated and upgraded regularly.
Attacks on outdated software or those that haven't been patched happen primarily by attacks through SQL injection and brute force. So if you have a WordPress site, ensure that you update it to the latest version as soon as it's available to keep it safe from cyberattacks.
5. Password Attacks
The most common password used in the world in 2021 is still 123456! That leads to a situation where your sensitive accounts, databases, and servers are easily vulnerable to cybercriminals.
Even if you are using a complicated password for your login credentials, cybercriminals can use a bot to randomly generate passwords. They try logging into your account using those passwords until they get the correct one. That's called brute force attack.
Another way a cybercriminal can guess your password and get at your account is a dictionary attack where they analytically enter words in a dictionary as a password until they get the right one. Password spraying is where they use the few common passwords most people use and get access to your account that way.
That's why it's so important to choose a complicated password that's 8 characters or longer with alphanumeric characters and symbols.
Also, prompt your employees to change their password at least every six months. And make it mandatory so they can't log in without changing their password. This way they won't procrastinate on this very important task.
6. DNS Spoofing
How do you know you are going to the right website when you click on a particular link? You just assume you are, since you trust the internet and everything that happens on it (or most things that happen on it).
But through DNS spoofing, a cybercriminal submits false information into a DNS cache. This returns incorrect responses on a DNS query and lands the user on the wrong website. In this manner, the user submits their login information and other sensitive information to the wrong website, giving access to such important data to a cybercriminal.
7. Accidental Exposure Of Sensitive Data
Unfortunately, most people aren't too careful with their sensitive data. They leave it out in the 'open', making it vulnerable to data breaches, and unauthorized access to cybercriminals.
It's akin to leaving your laptop in a cafe and walking over to the bathroom to wash your hands. And being surprised when your laptop isn't anywhere to be found when you come back.
Ensure that anything that's publicly accessible doesn't contain any sensitive information on it. This includes files on public servers, error messages, database tables, and log files. All information online is vulnerable to a cyberattack and must be treated as such.
Cyberattacks Are Getting More Insidious As Time Goes On
Cybercriminals are becoming savvier and more dangerous as time goes on. They manipulate both online data and offline people to get access to sensitive information. If you are worried about cyberattacks and feel vulnerable to such security threats, putting your head in the sand won't help.
Speak to a cybersecurity cybersecurity experts at The Driz Group today.. We can help you build a solid plan for your business and employees to protect yourself from cyber threats of all kinds.
We are informed of all the latest to do with cybersecurity and will keep your system safe from all emerging threats. Our emergency response team is available 24/7 to protect you and your business.
Emerging Threat: Blockchain-Enabled Botnet
Google, together with Internet infrastructure providers and hosting providers, recently disrupted the operation of a blockchain-enabled botnet, taking down the operation’s servers – for now.
In partnership with Internet infrastructure providers and hosting providers such as Cloudflare, Google said it has taken down the servers of the Glupteba botnet.
Glupteba is a malicious software (malware) that has been around for less than a decade. Through the years, this malware uses many common cybercrime tricks. Similar to other malware, Glupteba is a zombie malware, also known as bot (short for software robot), that can be controlled remotely.
The group being Glupteba also operates a botnet – a group of computer devices each infected with the Glupteba malware and hijacked to carry out various scams and cyberattacks.
In the blog post “New action to combat cyber crime”, Royal Hansen, Vice President for Security at Google, and Halimah DeLaine Prado, Google General Counsel, said Glupteba botnet currently hijacked approximately one million Windows devices worldwide, and at times, grows at a rate of thousands of new devices per day.
“Botnets are a real threat to Internet users, and require the efforts of industry and law enforcement to deter them,” Hansen and Prado said.
In another blog post “Disrupting the Glupteba operation”, security researchers Shane Huntley and Luca Nagy from Google Threat Analysis Group said that individuals operating the Glupteba botnet offered multiple online services, including selling access to virtual machines loaded with stolen credentials, proxy access, and selling credit card numbers to be used for other malicious activities such as serving malicious ads and payment fraud on Google Ads.
Computer devices that form part of the Glupteba botnet are also used for unauthorized cryptocurrency mining, enabling the group behind this malware to earn cryptocoins, while owners of hijacked computer devices unknowingly pay the high electric bills resulting from the cryptocurrency mining.
Glupteba malware distributes itself automatically across victims’ networks via two different variants of the ETERNALBLUE exploit – a Windows exploit used in the 2017 WannaCry ransomware attack. ETERNALBLUE exploits outdated computer devices. Glupteba has also been known to exploit unprotected and outdated popular home and small business routers.
The group behind Glupteba often hides its zombie malware behind pirated software. Computer devices, even those patched against ETERNALBLUE, are attacked by Glupteba malware via pirated software from well-known piracy sites.
While Glupteba has been known to use many common cybercrime tricks, it’s known for using the Bitcoin blockchain for its malicious activities. Just like in the Cold War era when spies communicated using the “Personals” section in a print newspaper, the group behind the Glupteba botnet communicates using the Bitcoin blockchain.
“Glupteba uses the fact that the Bitcoin transactions are recorded on the Bitcoin blockchain, which is a public record of transactions available from a multitude of sources that are unexceptionably accessible from most networks,” security researcher Paul Ducklin from SophosLabs said in the write-up "Glupteba – the malware that gets secret messages from the Bitcoin blockchain".
Ducklin from SophosLabs added, “Bitcoin ‘transactions’ don’t actually have to be about money – they can include a field called RETURN, also known as OP_RETURN, that is effectively a comment of up to 80 characters.”
Security researchers from SophosLabs decrypted the secret message “venoco___ol.com” in one of the Bitcoin wallets used by the group behind Glupteba. This secret message means that the new command-and-control server used by the Glupteba is moved to venoco___ol.com.
“The current command-and-control servers used by the crooks, known as C2 servers or C&Cs, might get found out and blocked or killed off at any moment, so zombie malware often includes a method for using an otherwise innocent source of data for updates,” Ducklin added. “After all, to tell a bot to switch from one C&C server to another, you typically don’t need to send out much more than new domain name or IP number, and there are lots of public messaging systems that make it easy to share short snippets of data like that.”
Security researchers Huntley and Nagy from Google Threat Analysis Group said that the group behind Glupteba is likely to attempt to regain control of the Glupteba botnet by using a backup command and control mechanism that uses data encoded on the Bitcoin blockchain.
Royal Hansen, Vice President for Security at Google, and Halimah DeLaine Prado, Google General Counsel, meanwhile, admitted that taking down the command and control infrastructure of Glupteba isn’t the end game for the group behind Glupteba. Before the U.S. District Court for the Southern District of New York, Google filed the first lawsuit against a blockchain-enabled botnet, in particular, suing two named individuals and 15 unidentified individuals.
“However, due to Glupteba’s sophisticated architecture and the recent actions that its organizers have taken to maintain the botnet, scale its operations, and conduct widespread criminal activity, we have also decided to take legal action against its operators, which we believe will make it harder for them to take advantage of unsuspecting users,” Hansen and Prado said.
Best Practices to Mitigate the Risks
Here are some of the cybersecurity best practices to protect your organization’s computer devices from being hijacked as part of a botnet like the Glupteba botnet:
Top Cloud Security Threat: Unauthorized Cryptocurrency Mining
Google's Cybersecurity Action Team recently published a report naming unauthorized cryptocurrency mining, also known as cryptojacking, as the top threat to Google Cloud Platform.
What Is Cryptocurrency Mining?
Cryptocurrency mining refers to the process of creating a new coin. Aside from creating new coins, cryptocurrency mining also refers to validating cryptocurrency transactions.
In many countries, cryptocurrency mining is legal. With the rise of cryptocurrency prices, malicious actors are stealing computing resources such as cloud resources from Google Cloud Platform. The skyrocketing value of cryptocurrencies like Bitcoin has prompted threat actors to shift their focus from stealing data to stealing compute power in organizations’ public cloud environments.
Aside from mining Bitcoin, threat actors also mine other cryptocurrencies that are particularly developed to evade transaction tracing.
According to Google's Cybersecurity Action Team, out of 50 recently compromised Google Cloud Platform instances, 86% were used to perform cryptocurrency mining.
Unauthorized cryptocurrency mining, specifically, cloud resources is nothing new. In February 2018, RedLock reported that Tesla was once a victim of unauthorized cryptocurrency mining.
“The hackers had infiltrated Tesla’s Kubernetes console which was not password protected,” RedLock said. “Within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry.”
Google's Cybersecurity Action Team, meanwhile, said that compromised Google Cloud Platform instances were compromised through the following:
Google's Cybersecurity Action Team also found that in 58% of situations, the cryptocurrency mining software was downloaded to the system within 22 seconds of being compromised.
“This suggests that the initial attacks and subsequent downloads were scripted events not requiring human intervention,” Google's Cybersecurity Action Team said. “The ability to manually intervene in these situations to prevent exploitation is nearly impossible..”
Threat actors easily find vulnerable internet-facing applications and exposed cloud accounts through the process called scanning.
Google's Cybersecurity Action Team reported that the shortest amount of time between deploying a vulnerable Cloud instance exposed to the internet and its compromise was as little as 30 minutes, with 40% of instances, the time to compromise was under eight hours.
“This suggests that the public IP address space is routinely scanned for vulnerable Cloud instances,” Google's Cybersecurity Action Team said.
An earlier study conducted by researchers from Palo Alto Networks' Unit 42 found that vulnerable internet-exposed applications are compromised in just 24 hours. Between July 2021 and August 2021, Unit 42 researchers set up 320 honeypots (network-attached computers purposely set up to lure threat actors) to verify how fast threat actors compromise four vulnerable internet-exposed applications. These four apps were purposely configured with weak passwords.
Palo Alto Networks' Unit 42 researchers found that 80% of the 320 honeypots were compromised in just 24 hours and all of the honeypots were compromised within a week. For these honeypots, Palo Alto Networks' Unit 42 researchers applied firewall policies to block IPs from known network scanners.
Unit 42 researchers found that applying firewall policies to block IPs from known network scanners doesn’t work as 85% of the attacker IPs were observed only on a single day. The researchers identified a daily average of 75,000 unique scanner IP addresses globally.
According to Google's Cybersecurity Action Team, Google Cloud customers with non-secure Cloud instances will likely be detected and attacked in a relatively short period of time. “Given that most instances were used for cryptocurrency mining rather than exfiltration of data, Google analysts concluded the Google Cloud IP address range was scanned rather than particular Google Cloud customers being targeted,” Google Team said.
Unauthorized Cryptocurrency Mining Risk Mitigation
Unauthorized cryptocurrency mining of cloud resources is bad for business. Cryptocurrency mining is resource-intensive. With unauthorized cryptocurrency mining, threat actors earn money while your organization unknowingly ends up paying the rented cloud computing bill.
In the case of unauthorized cryptocurrency mining done on your organization’s internet-exposed networks, negative impacts include the substantial increase in electrical consumption and an increase in the wear and tear on the hardware.
Here are some of the cybersecurity best practices to protect your organization’s internet-exposed networks and cloud accounts:
Monitor cloud configurations, network traffic, and suspicious user behavior via automated solutions. It’s important to have automated solutions. As shown by Google's Cybersecurity Action Team’s report, cryptocurrency mining software is downloaded to the system within 22 seconds of being compromised, making human intervention impossible.
Contact us today to assess your cybersecurity posture and mitigate the risks.
Vulnerable Internet-Exposed Applications Compromised in 24 Hours, Report Shows
A study conducted by researchers from Palo Alto Networks' Unit 42 found that vulnerable internet-exposed applications are compromised in just 24 hours.
Vulnerable internet-exposed applications once compromised pose a security risk to cloud environments within the same infrastructure.
Between July 2021 and August 2021, Unit 42 researchers set up 320 honeypots to verify how fast threat actors compromise four vulnerable internet-exposed applications, namely, secure shell protocol (SSH), remote desktop protocol (RDP), Samba, and Postgres.
Honeypots are network-attached computers that are purposely set up to lure threat actors to access these network-attached computers. Honeypots are set up to study the attackers’ methodologies.
SSH is a protocol that allows users to open remote shells on other computers. Samba is a free software re-implementation of the Server Message Block (SMB) networking protocol. SMB is a communication protocol used for sharing access to files, printers, serial ports for Windows computers on the same network or domain.
RDP, meanwhile, is a network communications protocol developed by Microsoft, allowing users to remotely connect to another computer. Postgres, also known as PostgreSQL, is an enterprise-class open source database management system.
Access to any of these four standard applications allows attackers to remotely connect to the victim’s network and perform malicious activities such as further compromising cloud environments within the same network.
The honeypots deployed by the Unit 42 researchers had vulnerable SSH, Samba, RDP, and Postgres. For instance, they intentionally use weak usernames and weak passwords.
Weaknesses in SSH, Samba, RDP, and Postgres are often exploited by cyberattackers. Ransomware groups, including REvil and Mespinoza, are known to exploit internet-exposed applications to gain initial access to victims' environments.
In Q3 2021, Digital Shadows reported that RDP and SSH are among the top access of choice of Initial Access Brokers – individuals or groups that act as intermediaries in identifying vulnerable organizations and selling access to the networks of these vulnerable organizations to the highest bidder.
Unit 42 researchers found that 80% of the 320 honeypots were compromised within 24 hours and all of the honeypots were compromised within a week. Out of the four vulnerable internet-exposed applications, SSH was the most attacked application and on average, each SSH honeypot was compromised 26 times daily.
The researchers also found that one threat actor compromised 96% of 80 Postgres honeypots globally within 30 seconds. The researchers’ honeypots applied firewall policies to block IPs from known network scanners. They found that blocking known scanner IPs is ineffective in mitigating attacks as 85% of the attacker IPs were observed only on a single day.
"This number indicates that Layer 3 IP-based firewalls are ineffective as attackers rarely reuse the same IPs to launch attacks,” Unit 42 researchers said. “A list of malicious IPs created today will likely become outdated tomorrow.”
The researchers also found that vulnerable internet-exposed applications were compromised multiple times by multiple different attackers. As attackers competed for the victim’s resources, tools such as Rocke or TeamTNT were used to remove the malicious software (malware) left by other cyberattackers.
"The speed of vulnerability management is usually measured in days or months,” Unit 42 researchers said. “The fact that attackers could find and compromise our honeypots in minutes was shocking. When a misconfigured or vulnerable service [application] is exposed to the internet, it takes attackers just a few minutes to discover and compromise the service.”
The speed at which threat actors find vulnerable internet-facing applications is achieved through the process called scanning. Threat actors aren’t alone in finding vulnerable internet-facing applications through scanning.
Legitimate scanning service providers, such as Shodan, Censys, and Shadowserver, allow users to find vulnerable internet-facing applications. These legitimate scanning service providers have fixed IP addresses. Threat actors, on the other hand, as shown in the findings of the Unit 42 researchers, don’t use fixed IP addresses, but rather change their IP addresses every day.
Unit 42 researchers identified an average of 75,000 unique scanner IP addresses globally that enumerated more than 9,500 different ports every day. The researchers found that Samba, Telnet (a protocol that allows users to connect to remote computers over a TCP/IP network, such as the internet), and SSH were the three most scanned services, accounting for 36% of scanning traffic globally.
Scanning, per se, doesn’t compromise vulnerable internet-facing applications. This method, however, is used by cybercriminals to identify potential victims.
Cybersecurity Best Practices
Here are some of the cybersecurity best practices to protect your organization’s vulnerable internet-exposed applications:
Keep to a bare minimum the exposure of applications to the internet. If internet-exposed applications aren’t used, disable them.
If there’s a need to expose these applications to the internet, secure them by applying in a timely manner the security updates, by using strong passwords, multi-factor authentication (MFA), and other security measures such as virtual private network (VPN).
In using a Firewall, use the whitelisting approach, rather than the blacklisting approach. In whitelisting, only the approved or whitelisted entities are given access to your organization’s network, blocking all others. Blacklisting, on the other hand, blocks known malicious IP addresses. As shown in the study conducted by Unit 42 researchers, cyberattackers regularly change their IP addresses defeating the purpose of blacklisting.
Steve E. Driz, I.S.P., ITCP