Thought leadership. Threat analysis. Cybersecurity news and alerts.
2021 Top 25 Most Dangerous Software Weaknesses
Software has weaknesses.
The most dangerous software weaknesses are those that are often easy to find, easy to exploit, and can allow attackers to completely take over a system, prevent an application from working, or steal data.
MITRE recently released the 2021 top 25 most dangerous software weaknesses – a demonstrative list of the most dangerous software weaknesses over the previous two calendar years. To create the 2021 list, MITRE used the Common Vulnerabilities and Exposures (CVE) data found within the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD), and the Common Vulnerability Scoring System (CVSS) scores associated with each CVE record.
The Software Weaknesses List
Here are the top 25 most dangerous software weaknesses over the previous two calendar years:
1. Out-of-Bounds Write
Out-of-bounds write, also known as memory corruption, occurs when the software writes data past the end or before the beginning of the intended buffer. This software weakness can result in code execution, corruption of data, or a crash.
2. Improper Neutralization of Input During Web Page Generation
Improper neutralization of input during web page generation, also known as cross-site scripting (XSS), occurs when the software doesn’t neutralize or incorrectly neutralizes user-controllable input before it’s outputted as a web page.
3. Out-of-Bounds Read
Out-of-bounds read occurs when the software reads data past the end or before the beginning of the intended buffer. This software weakness can cause a crash or allow attackers to read sensitive information from other memory locations.
4. Improper Input Validation
Improper input validation occurs when the software receives input or data, but it doesn’t validate or incorrectly validates the input. When a software doesn’t validate input properly, attackers can craft the input in a form that isn’t expected by the rest of the application. This can result in altered control flow, arbitrary code execution, or arbitrary control of a resource.
5. Improper Neutralization of Special Elements used in an OS Command
Improper neutralization of special elements used in an OS command, also known as OS command injection or shell injection, occurs when the software doesn’t neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it’s sent to a downstream component. This can allow attackers to execute dangerous commands directly on the operating system.
6. Improper Neutralization of Special Elements used in an SQL Command
Improper neutralization of special elements used in an SQL command, also known as SQL injection, occurs when the software doesn’t neutralize or incorrectly neutralizes special elements that can modify the intended SQL command when it’s sent to a downstream component. This can allow attackers to alter query logic to bypass security checks, execute system commands, or insert additional statements that modify the back-end database.
7. Use After Free
Use after free occurs when the use of previously-freed memory can cause the software to crash, cause corruption of valid data, or result in the execution of arbitrary code.
8. Improper Limitation of a Pathname to a Restricted Directory
Improper limitation of a pathname to a restricted directory, also known as path traversal, occurs when the software doesn’t properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that’s outside of the restricted directory. This can allow attackers to escape outside of the restricted location to access files or directories that are elsewhere on the system.
9. Cross-Site Request Forgery (CSRF)
Cross-site request forgery occurs when the web application doesn’t or can’t sufficiently verify a valid request provided by the user. This can allow attackers to trick a client into making an unintentional request to the web server which will then be treated as a valid request.
10. Unrestricted Upload of File with Dangerous Type
Unrestricted upload of file with dangerous type occurs when the software allows the uploading or transferring of files of dangerous types which can be automatically processed within the software’s environment.
11. Missing Authentication for Critical Function
Missing authentication for critical function occurs when the software doesn’t perform any authentication for functionality that requires a valid user identity. This can allow attackers to read or modify sensitive data, access administrative or other privileged functionality, or execute arbitrary code.
12. Integer Overflow or Wraparound
An integer overflow or wraparound occurs when the software performs a calculation in which the logic assumes that the resulting value will always be larger than the original value. This can allow attackers to introduce other weaknesses when the calculation is used for execution control or resource management.
13. Deserialization of Untrusted Data
Deserialization of untrusted data occurs when the software deserializes untrusted data without sufficiently verifying that the resulting data will be valid. An assumption that the code in the deserialized object is valid is susceptible to exploitation. Attackers can change unexpected objects or data that was assumed to be safe from modification.
14. Improper Authentication
Improper authentication occurs when the software doesn’t prove or insufficiently proves that the user’s identity is correct.
15. NULL Pointer Dereference
NULL pointer dereference occurs when the software dereferences a pointer that it expects to be valid, but is NULL, causing an exit or crash.
16. Use of Hard-coded Credentials
The use of hard-coded credentials creates a software weakness that allows attackers to bypass the authentication that has been configured by the software administrator.
17. Improper Restriction of Operations within the Bounds of a Memory Buffer
Improper restriction of operations within the bounds of a memory buffer, also known as buffer overflow, occurs when the software performs operations on a memory buffer, but it can write to or read from a memory location that’s outside of the intended boundary of the buffer. This can allow attackers to change the intended control flow, execute arbitrary code, cause the system to crash, or read sensitive information.
18. Missing Authorization
Missing authorization occurs when a software doesn’t perform an authorization check when a user attempts to access a resource. This can allow attackers to read sensitive data, modify sensitive data, or gain privileges by modifying or reading critical data directly, or by accessing privileged functionality.
19. Incorrect Default Permissions
Incorrect default permissions occur when during the installation of the application, installed file permissions are set to allow anyone to modify those files. This can allow attackers to read or modify application data.
20. Exposure of Sensitive Information to an Unauthorized Actor
Exposure of sensitive information to an unauthorized actor, also known as information leak, occurs when the software exposes sensitive information to a user that isn’t explicitly authorized to have access to that information.
21. Insufficiently Protected Credentials
Insufficiently protected credentials occur when the software transmits or stores authentication credentials, but it uses an insecure method. This can allow attackers to gain access to user accounts and access sensitive data.
22. Incorrect Permission Assignment for Critical Resource
Incorrect permission assignment for critical resource occurs when the software specifies permissions for a security-critical resource, allowing the resource to be read or modified by attackers.
23. Improper Restriction of XML External Entity Reference
Improper restriction of XML external entity reference occurs when the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control. Common consequences of this software weakness include attackers being able to access arbitrary files on the system, or can cause consumption of excessive CPU cycles or memory using a URI that points to a large file, or a device that always returns data such as /dev/random.
24. Server-Side Request Forgery (SSRF)
According to MITRE, in server-side request forgery, the “web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.” A real-world example of server-side request forgery attack allowed attackers to request a URL from another server, including other ports, which allowed proxied scanning.
25. Improper Neutralization of Special Elements used in a Command
Improper neutralization of special elements used in a command occurs when data from an untrusted source enters the application and the data from an untrusted source is executed as a command by the application. This gives attackers privileges or capabilities that they would not otherwise have.
How Does the Cybersecurity Skill Gap Affect Your Organization and What can You Do to Make it Right?
“There are only two types of companies: those that have been hacked, and those that will be.”
— Robert Mueller, FBI Director
What cybersecurity measures does your organization have in place? And who manages them?
Chances are, you’re struggling to appoint an in-house, qualified cybersecurity specialist. Research by CyberEdge Group reveals that four in five organizations are in the same boat.
This skills gap has decreased in the past couple of years, but it continues to impact different sectors in a major way. Education is the area affected most, with 87.1 percent of organizations having difficulty finding qualified experts, followed by telecommunications & tech (85.1 percent).
The lack of suitable candidates available to help organizations safeguard their systems in an age of ransomware, DDoS attacks and more is concerning. Cybercriminals continue to employ ever-more-sophisticated techniquesto disrupt businesses and organizations of different sizes, across all industries (even healthcare). Sensitive data and processes must be protected to minimize threats.
Understaffed organizations on tight budgets are especially vulnerable. 43 percent of cyberattacks target small businesses and just 14 percent of these are prepared — costing them $200,000 on average.
And it makes sense. Leading brands and massive institutions can at least invest in cutting-edge software and external consultations to set-up efficient cybersecurity defenses. Smaller ones, particularly startups and none-profits, may be unable to afford either.
Any organization without the finances for a full-time in-house IT specialist can use managed cybersecurity services to protect their system instead. A vulnerability assessment is perhaps the best place to start, to identify your biggest risks and take steps to mitigate them.
But what else can you do to tackle cybersecurity flaws in your organization when you can’t find or afford an in-house specialist?
1. Invest in quality training to make your workforce more cybersecurity-aware
Cybersecurity is a complex area. This means it’s daunting for almost anyone without qualifications or experience in IT to grasp without extensive training.
But this creates an opportunity to empower your staff with the skills, insights and practical knowledge to help your organization stay safe. Determine where your biggest vulnerabilities are and what attacks may pose the biggest risk to your operations.
For example, you might buy high-end hardware and reliable software — yet have no idea how to maximize their performance.
Alternatively, your workforce could consist of people without even basic computer skills or awareness of digital dangers. The mere mention of ransomware or malware could fly right over their heads.
Investing in cybersecurity training obviously incurs expense, but it will pay off when your organization is less susceptible to major disruptions. 60 percent of small- and medium-sized businesses close their doors within six months of being hacked. And the fallout of this can be severe when mammoth investments have been made into trying to keep an organization afloat.
You may already have an idea of which types of training will suit specific employees, based on their work experience, attitude or technical skills. But even if you don’t, taking the time to align the right knowledge upgrades with the right people will ensure organizations maximize the value of their training.
2. Make raising awareness of cybersecurity threats and trends an ongoing part of your company culture
Cybersecurity trends change as hackers’ techniques and technologies evolve. Any organizations relying on outmoded measures leave their systems more vulnerable than they need to be. That’s why it’s so important to stay in touch with the latest attacks, the ways in which they penetrate systems and how businesses deal with them.
For example, companies falling prey to a ransomware scheme may agree to pay the attacker(s) immediately out of desperation to get back on track. But there’s no guarantee that those responsible will honor their word and return your system to normal. They could take the money and leave the organization locked out of its own network.
A failure to research and keep track of the latest developments in ransomware — as well as the wider world of cybersecurity — means organizations would be more likely to hand over the cash without considering the potential fallout. As a result, it might spend thousands of dollars and still be forced to close up shop when its data remains out of reach.
Cultivate a greater awareness of cybersecurity in your organization. Share news stories, articles and updates related to the industry on a regular basis. Encourage staff to get involved with local initiatives or conferences designed to increase cybersecurity education. Offer incentives for anyone interested in growing their skill set.
Building a workforce with a deeper understanding of common cybersecurity threats, and the measures required to combat them, can make a significant difference to your organization’s safety in the future.
And don’t overlook the basics, either. Encourage staff to stay safe and remain vigilant whenever they’re online. This includes:
Another key issue to consider in your organization’s cybersecurity strategy is updating systems when employees leave, including shutting down any open sessions, something that is often overlooked by IT departments.
Change login details to stop them gaining access to sensitive data or allowing others to do so. Even workers who seem trustworthy could still go on to compromise your organization’s security, intentionally or not.
Every organization must take cybersecurity seriously. While the skill gap may make finding a qualified, experienced expert to manage your cybersecurity in-house difficult (if not impossible, depending on your budget), following the tips explored above can make a real difference.
Managed cybersecurity services are a cost-effective, simple way to identify your organization’s gaps and fill them. Reliable specialists will perform a vulnerability assessment, reduce your chances of suffering a data breach and protect cloud & on-premise environments — safeguarding your systems on all fronts.
Take action. Make a stand. Protect your organization against cyber-attacks. Contact our experts now.
52 Cybersecurity Tips for Personal or Business Application You Need in 2021
Looking for quality cybersecurity tips?
Here are 52 cybersecurity tips that you can apply to improve your online safety whether you’re using the Internet for personal or business purpose.
Cybersecurity Tip #1: Cyberattack isn’t a matter of if, but when
Yes, there are people and businesses who have deeper pockets than you or have more interesting data than you. This doesn’t mean cybercriminals don’t find you attractive.
Most of cyberattacks aren’t targeted for the rich and famous. Cybercriminals simply automate their attacks and victims are hit not by how deep their pockets or how famous they are but by how weak their cyber defenses are. Don’t be an easy target.
Cybersecurity Tip #2: Malware 101
Malware comes from the words malicious and software. A malicious software is one that’s maliciously injected by cyber criminals into your desktop, laptop, smartphone, tablet or internet of things (IoT) devices like wi-fi router, CCTV camera or smart TV.
Cyber criminals have found and are continuously finding creative means to deliver malware into computers using website, ads and email to name a few, causing damage to the devices, stealing data and committing other cybercrimes.
Cybersecurity Tip #3: Don’t trust public charging stations
You’re long away from home or from the office and your smartphone’s battery is about to die. You spot a public charging station.
Hold up, public charging stations are ripe places for the cyberattack called “juice jacking” – a form of cyberattack that compromises public charging stations, stealing all the data on a smartphone that connects to it or installing a malware into the smartphone.
Charge your phone before you go out or get your own portable charger, also known as a power bank.
Cybersecurity Tip #4: Use 2-Factor Authentication
Who can blame you if you use the name of your dog as your password or use the monumental 12356789 password? There are just too many passwords to remember, from email accounts, bank accounts to your Netflix account.
While it isn’t advisable to use easily hacked passwords like 12356789, it’s best to use 2-factor authentication for your sensitive accounts like your primary emails.
The 2-factor authentication ensures that you're the only person who can access your account, even if someone knows your password. It will add a second step to your login process sending a verification code to your mobile that hackers won’t have access to. It’s easy to setup with virtually every online service.
Cybersecurity Tip #5: Never use a public computer to input your private data
In public spaces like airports and hotels, public computers are offered to guests to use free of charge.
While these public computers are beneficial to search for something, these public computers shouldn’t be used, for instance, to shop online where you’ve to input your private data or even check personal or work email.
The public computer that you’re using can be tampered with a keylogger – a malware that records every keystroke made by a computer user. Your passwords and other confidential information can be accessed this way and then used by cybercriminals to steal your information and your identity.
Cybersecurity Tip #6: Use an antivirus or a complete endpoint protection software
An antivirus won’t protect you from all malware in this world but it’s a cyber defense that you should have to improve your online safety. A complete endpoint protection on the other hand will provide a better protection against most online threats.
There are many options to choose from and since it’s a commodity, annual subscription prices are generally very affordable.
Cybersecurity Tip #7: Delete old, unnecessary apps
Similar to cleaning out your closet regularly, same thing has to be done with your laptop, smartphone and tablet apps.
Old apps, especially those that are unsupported – software that’s no longer updated by the software maker – make your devices vulnerable to cyberattacks.
Cybercriminals are particularly making malware that attacks old and unsupported software and apps to steal your personal information and evade your privacy.
Cybersecurity Tip #8: Keep all your software up-to-date
If there’s an available update for any of your software, install the update as soon as possible!
A software update means that the software vendor found security vulnerability in the software and provides a patch – piece of software code that fixes the security vulnerability.
The security update may interrupt your normal usage of your device, but this is a small price to pay compared to being a victim of a cyberattack as a result of failing timely to update your software.
Cybersecurity Tip #9: Stay away from websites without “HTTPS”
What does “HTTPS” even mean?
A website address that starts with “https” is a sign that whatever you input in the website is encrypted – a process that jumbles the data (for instance, credit card details) that you’ve input in the website into some incoherent form so that this data can’t be read by cybercriminals when data travels online.
Cybersecurity Tip #10: Don’t overshare
Your social media accounts are filled with photos of your furry family member. There’s no harm in sharing these photos.
Don’t overshare the details of your other family members like full names or dates of birth. Any of this data could be the secret answer in resetting your online account passwords without your knowledge.
Cybersecurity Tip #11: Protect your primary emails as if your life depended on them
Your online existence depends on your primary emails. Your online bank accounts are attached to your primary emails.
When your primary emails are compromised, this could lead to the compromise of your other important online accounts. So, protect them as if your life depended on them (really). Protect them with strong passwords that are not based on a dictionary words and use 2-factor authentication. Remember, “Linda123” is a weak password that could and will be easily guessed by cybercriminals.
Cybersecurity Tip #12: Free your primary emails from spam emails
Similar to the origin of the word “spam” – canned meat that clogs your arteries, spam emails are similarly harmful to your online health or security.
A spam email is an unsolicited email, a copy of which is sent to hundreds of thousands, if not, millions of recipients. Majority of malware – malicious software - is delivered through spam emails.
Never open an unsolicited email even when the subject line is catches your attention. Delete it automatically.
Cybersecurity Tip #13: Watch out for fake ads
Who can resist a 70% off sale? Not many. But if this is an online advertisement, be wary of it. Cybercriminals are getting their hands on what appears to be legitimate online advertisements but are, in fact, fake ones.
Known as malvertisement, from the words malware and advertisement, these fake ads install malware on your device once you click on it.
Use an adblocker to protect your devices from malvertisements.
Cybersecurity Tip #14: Download an app from official sources
Want to learn a new language? There’s an app for that. Almost everything nowadays has an app.
Only download an app from the official website or from official app stores including Apple and Google.
Cybersecurity Tip #15: Scan apps for malware
Not all apps from official app stores, Apple or Google, are free from malware. While these official app stores make it a point to screen out apps with malware, some malicious apps aren’t screened out.
Use an antivirus or endpoint protection software that screens apps prior to installing into your device.
Cybersecurity Tip #16: Fish out phishing emails
A phishing email is an email that looks like it comes from a trusted source, but it isn’t. Cybercriminals use phishing emails to gain your trust for you to reveal sensitive data or convince you to do something.
For instance, you may receive an email that looks like it comes from your bank, asking you to reveal your account login details. A close scrutiny though reveals that the email address of your bank is slightly modified to fool you into thinking that it’s a legitimate email from your bank.
Never throw away caution whenever an email asks for your sensitive data. Remember that login details are your personal information. Your bank will never ask for your login details via email or over the phone.
Cybersecurity Tip #17: Monitor your email activity log
If you’ve a Google email account, you can monitor who have access to it – what browsers, devices, IP addresses they are using and when they accessed it.
You can terminate unwanted access to your email account with a single click.
Cybersecurity Tip #18: Be careful what you click
Something pops-up in your computer screen: a box where there’s a “Download Now” button to download the latest version of Adobe Flash.
But you don’t even know what an Adobe Flash is. Never click on pop-ups like this. Cybercriminals lure victims to click on pop-ups like this in order to install malicious software on your computer that would allow them to use it against other computer users like you.
Cybersecurity Tip #19: Put a tape over your laptop's camera
Mark Zuckerberg does it, so should you – put a tape over your laptop's camera, that is.
A malicious software can turn your laptop, smartphone or tablet camera into a spy camera. Better be safe than sorry by putting a tape over that camera.
Cybersecurity Tip #20: Have more than one email account
Never rely on one email account. Create different emails for different purposes.
For instance, the email account that links to your Netflix account should not be the same as the email account you use for your bank account.
Cybersecurity Tip #21: Never trust an email attachment, even from a friend
You’ve just received an email from a friend with the subject line "ILOVEYOU". You’ve scrutinized the email address and indeed it’s from a friend – one that you’re fond of.
Your friend’s email says, "kindly check the attached LOVELETTER coming from me." Should you open the attachment?
In 2000, millions of email recipients opened an email with the subject line "ILOVEYOU" and downloaded the attachment assuming that it was a love letter. What was downloaded was, in fact, a malware that wiped out all computer files.
So, even if the email address appears to be from a friend, never open an attachment. An email address nowadays can be spoofed.
To be safe, directly contact your friend to verify if he or she indeed sent the email. Don’t use the Reply button. Create a new email using the email address that you’ve saved in your contacts.
Cybersecurity Tip #22: Don’t forget to do a factory data reset
Feeling generous or running out of cash? Your laptops, smartphones and tablets are valuable products to giveaway or earn cash.
Before selling or giving them away, don’t forget to do a factory data reset or even “sterilize” your device using specialized tools. This will delete all your personal data like email details, sites that you’ve visited and photos and videos that you’ve taken.
Cybersecurity Tip #23: Stay away from USBs and external hard drives
Anything that’s plugged into your laptop like USBs and external hard-drives is a potential source of malicious software.
As such, stay away from them or find excuses not to use them, especially if they come from untrusted source. If you must use them, first disable the auto-run option and use an antivirus to scan the content.
Never plugin any USB thumb-drives that you find on the street, at the mall or at the airport. Cyber criminals use this clever technique to infect your computer with malware.
Cybersecurity Tip #24: Avoid public wi-fi
Almost all coffee shops and retail locations nowadays have public Wi-Fi. Know that whatever you access online by using a public Wi-Fi can be read or tracked by others.
You can better protect yourself buy using an inexpensive VPN service or ask your company’s IT for a recommendation when away from the office.
Cybersecurity Tip #25: Use a burner phone if you want to be reckless online
If you want to visit sites that are notoriously unsafe, or you want to download an app that you’re not sure it’s safe, then a burner phone is a must.
A burner phone should be a separate phone. Your primary phone is one that you use for sensitive information like your primary emails and bank accounts.
With your burner phone, no sensitive data should be entered. As no sensitive data is at stake, you can do whatever you want on this phone.
Cybersecurity Tip #26: Slow performance of a device is a sign of a cyberattack
Ever wondered why your laptop, smartphone or tablet is running slow? This could be a sign that your device is has been hacked and/or tempered with.
Slow performance is one of the signs that a device is infected with a malicious software.
Cybersecurity Tip #27: Watch your back from disgruntled employees
Some people can’t seem to move on. This is the case mostly by fired employees.
Make sure that before firing someone, his or her access to your organization’s data must first be disabled.
Cybersecurity Tip #28: Never re-used a password
The name of your dog as a password for all your online accounts isn’t advisable.
Cybercriminals have long discovered that people re-used their passwords. Stolen passwords are sold in the online black market as these are used to access other online accounts.
Cybersecurity Tip #29: Use a separate credit or debit card for online shopping
Trust no one online. This should be the case every time you shop online. The risk of cyberattack on your most trusted online store can’t be dismissed.
Don’t give cyber criminals the opportunity to access your hard-earned money. Get a separate credit or debit card solely for online shopping use. Only put in the amount that you’ll use and only leave the required minimum balance.
Cybersecurity Tip #30: Never turn on out of office or vacation reply
Excited about your upcoming tropical vacation? Don’t turn on that out of office or vacation reply.
In your personal or office email, there’s an option to turn on the out of office or vacation reply. When this feature is turned on, every time people email you, they’ll receive an automatic email reply that you won’t be able to reply to them right away.
While this is mindful to legitimate email senders, this is a security risk. Criminals may take your absence as an opportunity to attack your office or your home. Fortunately, some email providers allow restricting the out of office replies to your contacts only.
Cybersecurity Tip #31: Never reveal your real location
It’s tempting to post on social media those lovely vacations photos immediately right after they’re taken or to go live via Facebook to share the beautiful scenery where you’re vacationing.
Revealing your exact whereabouts via social media postings is a cybersecurity risk. Criminals may take advantage of your absence and may do something sinister in your office or home.
The delayed postings of your vacation photos and videos will bring the same reaction from your frenemies. They’ll either love or hate you more.
Cybersecurity Tip #32: Turn off your geo-location
Turning on geo-location in your Google, Facebook, Instagram and other social media accounts can tip criminals of your exact whereabouts.
Always turn this off to protect your privacy.
Cybersecurity Tip #33: Never use the following abused passwords
A Google and UC study revealed that passwords listed below are the most commonly used and abused passwords:
Cybersecurity Tip #34: Mind your IoT devices
IoT devices like your wi-fi router, CCTV camera and smart TV are computers too. Protect them like your other devices such as laptops and smartphones as IoT devices are similarly targeted by cybercriminals.
Your insecure IoT device can be used by cybercriminals to form a botnet – a group of insecure IoT devices that are infected with malware and controlled by a cybercriminal or a group of cybercriminals to conduct cybercrimes such as spreading spam emails.
Changing the default passwords to stronger passwords and keeping the software of your IoT devices up-to-date are two of the best cybersecurity practices to protect your IoT devices from cyber criminals.
Cybersecurity Tip #35: Cybercriminals may be making money out of using your computers
Your desktop, laptop, smartphone, tablet and IoT are money-making machines for cybercriminals who are engaged in the cyberattack called cryptocurrency mining.
A number of cryptocurrencies, including Bitcoin, need to be mined. Cryptocurrency mining refers to the process by which transactions are verified and also a means of releasing a new digital coin.
In the past, ordinary computers were used to mine Bitcoin. Today, to mine Bitcoin, one needs a specialized and powerful computer. Other cryptocurrencies like Monero, however, can be mined using ordinary computers and even small devices such as smartphones and IoT devices.
The computational power of your devices may be small but when they are combined with thousands, if not, millions of other devices, the resulting computing power is enormous.
According to a security company Avast, more than 15,000 IoT devices would be needed to mine $1,000-worth of Monero coins in just 4 days.
The thing about cryptocurrency mining attack is that this is done without the knowledge of the IoT device owner. High energy bills, poor device performance and a shortened device lifespan are signs that your IoT devices are used by cybercriminals for cryptocurrency mining.
Using strong passwords and keeping the software of your IoT devices up-to-date are 2 of the effective means to protect your devices from cryptocurrency mining.
Cybersecurity Tip #36: Your IoT devices can be used for DDoS attack
In a distributed denial-of-service (DDoS) attack, an attacker may take advantage of the weak security of your IoT device like your CCTV camera, inject a malicious software into it, control it and send huge amounts of data to a website, making a website unusually slow or making it inaccessible to visitors.
Protect your IoT devices from being used for DDoS attacks by changing the default password to a stronger one and keep the IoT’s software up-to-date.
Cybersecurity Tip #37: Backup important data
Have an extra copy or copies of your important data or use a secure online storage. This way, if anything happens to your laptop, smartphone or tablet with your important data on it, you’ve something to fall back on.
Cybersecurity Tip #38: Prevent ransomware
Real-life crimes are mirrored online. In a ransomware attack, a cyber attacker injects a malicious software in your desktop, laptop, smartphone or tablet, encrypts all the files, locking you out of your device and asks a ransom payment from you to unlock the device.
Keeping all your software, especially your operating system, up-to-date is one of the effective means to prevent ransomware attacks. Backing up your important data ensures that ransomware attacks won’t have an effect on you as you can simply ignore the ransom threat as you’ve another copy of the data.
Cybersecurity Tip #39: To pay or not to pay in case of a ransomware attack
If you’ve a backup copy of the data that ransomware criminals are holding hostage, then there’s no point in paying the ransom.
Backing up your data is, therefore, very important so that ransomware criminals won’t have any leverage on you.
Dilemma often comes from ransomware attack victims who haven’t backed up their data. Paying the criminals, however, doesn’t guarantee that you’ll get your data back.
The software code of infamous WannaCry ransomware, for instance, was written in such a way that even the criminals themselves can’t unlock the locked data even if the victims pay ransom.
Cybersecurity Tip #40: Install adblocker
Many online ads install malware on your computer.
To prevent malicious ads from appearing on web pages, install an adblocker – software that blocks online advertisements from appearing on web pages that you visit.
Cybersecurity Tip #41: Don’t be a victim of social engineering
Social engineering is a form of manipulation that convinces you to ignore normal security procedures.
In your personal life, you may receive a call from someone pretending to be from your bank, asking for your bank login details.
At work, you may receive a call and an email from someone pretending to be from your company’s supplier, asking you to transfer money to the supplier’s new bank account.
In both situations, you’re asked to do something that’s not within the normal security procedures. Your bank wouldn’t call you to ask for your login details. And company protocols for money transfer to a new bank account are more exhaustive than a mere phone call or simple email.
The scam at the office is what is called business email compromise (BEC) scam. It’s a form of social engineering where scammers try to convince you, especially if your work at the office is related to finance, to ignore normal office security procedures.
BEC scammers see to it that your boss is out in the office when the scam happens. Scammers will call you, email you, pretend that they represent your regular supplier and convince you to make money transfer to the new bank account of the supplier.
The scammers may send a spoof email that looks like it comes from your boss, convincing you to release money to the new bank account.
The best way to avoid being a victim of the BEC scam is to verify the authenticity of the money transfer request by talking face-to-face to your CEO or by speaking to him or her directly on the phone.
Cybersecurity Tip #42: Legitimate website may be a carrier of malware
A legitimate website doesn’t mean it’s a safe site. Cyber criminals are using insecure sites to spread malware through a cyberattack called drive-by attack.
The attack is called “drive-by” as this requires no action from the victim, other than visiting a website.
Criminals may plant the malware on the site visited by the victim or the criminals may redirect the victim to another site and from there infects the computer of the visitor with a malware.
Typical victims of drive-by attacks are computers with outdated software. To prevent drive-by attacks, it’s important then to keep all your software up-to-date by installing updates as soon as it becomes available.
Cybersecurity Tip #43: Delete potentially unwanted apps
Potentially unwanted apps (PUA) are software that you haven’t intentionally downloaded. They’re just downloaded along with an app that you intentionally downloaded.
These unwanted apps could display pop-ups, install browser extensions and even change your current browser. They may be harmless at first, but once cyber criminals get hold of them, they could become malicious overtime.
One way to prevent unwanted apps from entering your computer is by going to advanced setting whenever you download an app. In the advanced setting, uncheck the apps that you don’t want to be installed on your computer. In case you’ve missed this advanced feature, delete these unwanted apps manually.
Cybersecurity Tip #44: Stay off-grid
Whenever you aren’t using your laptop, smartphone or tablet, disconnect your device from the internet.
Whenever you notice that a cyberattack is about to happen through unwanted pop-up ads or a rogue email, disconnect your computer from the internet immediately and use your end point protection software to scan your device.
Cybersecurity Tip #45: Exercise caution when visiting notorious sites
Torrent sites (include porn sites to the list) are notorious for being hotbeds for drive-by attacks.
Stay away from sites like these. If you need to visit these notorious sites, use a burner phone, one that’s cheap and can easily be discarded.
Cybersecurity Tip #46: Use your laptop as standard user, not as administrator
In your operating system, in Windows 10 for instance, you’ve the option to run your computer as a standard user or as an administrator.
As a standard user, you can perform common daily tasks like surfing the internet, checking emails and running software programs. As an administrator, you can add, remove software and even reset the PC to factory setting.
Setting your PC to standard user ensures that you won’t unintentionally add or delete software. Only set your PC to administrator mode if you need to make conscious clean-up of the existing apps on your PC. Setting your PC to standard user will also minimize the risks of malicious installation of malware into your PC.
Have a Guest account on your computer? If you really need it, make sure you use a strong account password.
Cybersecurity Tip #47: No one could address ALL cybersecurity issues
If someone tells you that he has an all-in-one fix to all cybersecurity problems, know that he’s blowing smoke.
Fifty-two cybersecurity tips are particularly listed here as there are more than one solution to preventing cyberattacks and data breaches.
Cybersecurity Tip #48: Not all hackers are bad
Every day hackers, the good ones and the bad ones are always looking for security vulnerabilities on widely-used software programs.
Good hackers, also known as white hat hackers or ethical hackers, regularly test software programs for security vulnerabilities. Once a white hat hacker discovers any security vulnerability on a particular software, this is then reported directly to the software maker in order for the software maker to issue a security update fixing the newly discovered security vulnerability.
Software makers like Google, Apple and Microsoft give monetary rewards to white hat hackers for their discovery and for directly reporting the security vulnerability.
Many software companies are also employing in-house hackers to test the security vulnerabilities of their software products.
Bad hackers, also known as black hat hackers, regularly test widely-used software for security vulnerabilities. Once they discover it, they don’t report this to the software maker and instead use it for personal gains like launching cyberattacks using the newly discovered security vulnerability or selling via online black market the information or the malicious software created specifically to exploit the newly discovered security vulnerability.
Like in the real world, there are gray areas. Same thing in the world of hacking, there are gray hat hackers. They are often a mix of white and black hat hackers. Gray hat hackers often search for security vulnerabilities for widely-used software. Once they discover a vulnerability, they’ll contact the software owner, demand a payment for the discovery or for the security fix if they’ve one. If the software maker doesn’t pay up, a gray hat hacker threatens the software maker to expose the security vulnerability to the public.
Cybersecurity Tip #49: Stay away from anything that’s free online
Like in real life, nothing is free. Stay away from free apps, free antivirus, free VPN (virtual private network), free Wi-Fi.
Free stuff online almost always has a caveat, that is, free service for stealing your data, for instance. Remember Facebook’s data breaches? Well, after all it’s a free service.
Cybersecurity Tip #50: Do your own research in choosing any software, internet service provider or any online services
Always do your own research when it comes to choosing anything that connects your primary devices like your main laptop and main smartphone to the internet.
Your main laptop and main smartphone are devices where you access your sensitive information like your important emails, bank accounts and other important accounts.
It’s, therefore, essential that you spend time choosing the most trusted, credible software, internet service provider and other online services. A simple online search will tell you whether such online service is credible or not. If you have a friend or a family member who works in cybersecurity or IT fields, always ask for their opinion.
Cybersecurity Tip #51: What to do in case of a cyberattack?
In case of a cyberattack, your immediate reaction should be to go off the grid. Immediately disconnect your computer from the internet. Then use an uninfected device, another laptop or another smartphone to change your passwords and activate 2-factor authentication of your primary emails and important accounts like bank accounts.
What to do with the attacked device? Conduct a full scan of the device and if possible perform a factory reset.
A full scan will aid you in discovering and deleting hidden malware, while the factory reset will erase all the data, including the malware injected into your device. The problem with factory reset though is that it’ll erase even your important data.
This is why it’s a good practice to backup all your important files so that if anything happens you can still have access to your important data despite the failure of one device.
There are plenty of online services that will sync your data and will keep it safe in the Cloud. Check with your IT prior to installing anything on your work computer or company issues mobile device. You could be violating company’s policy.
Cybersecurity Tip #52: Cybercrime is a growing business
Here are few numbers:
$16 Million-worth of ransom payment was paid by nearly 20,000 ransomware victimsduring a 2-year period, a study conducted by researchers from Princeton University, New York University, University of California, San Diego, Google and Chainalysis showed.
3 Billion was lost to BEC scammers from January 2015 to February 2017, according to the Federal Bureau of Investigation (FBI).
Why is Segregation of Duties Between IT and Cybersecurity Critical for Your Business?
Neglecting your cybersecurity means neglecting your business’s future.
It’s that simple. Every company has to take effective action to minimize its risk of a data breach, leveraging the latest, most effective measures to combat hackers. Software specialists Citrix is just one of the latest brands to come under attack: it’s believed as much as 10TB may have been stolen.
Furthermore, the criminals are said to have gained access to the system through ‘password spraying’, or simply guessing weak, common passwords.
It’s paramount to ensure your business is protected and prepared to deal with any serious cyberattack sent your way. One key aspect of safeguarding your company is Segregation of Duties between IT and cybersecurity. What does that mean and how do you do it?
Segregation of Duties (or SoD) revolves around keeping multiple people involved with achieving a specific goal, whatever the task at hand may be. Though it started as a process to minimize the danger of mistakes or fraudulent activities, SoD has evolved into an important security issue.
All tasks covered require authorization from two parties to prove integrity and defend against breaches. All individuals involved in undertaking a process of any size would have to be in agreement before the task can be completed.
Segregation of Duties is so important because it takes absolute power out of the hands of any one person within your company, offering greater peace of mind and caution. SoD spreads the privileges for everyone’s benefit and makes cybercriminals’ ‘work’ a little harder
Key Benefits of Segregation of Duties
Segregation of Duties offers businesses numerous compelling benefits, including the following:
Reduce the risk of inside attacks
You trust your employees to work with your system every day. You expect them to be respectful, careful and loyal. You put your faith in them to help steer your company toward success.
And yet, inside attacks are a sad reality of cybersecurity breaches. Not only can an issue caused from the inside be more difficult to detect until it’s too late, but it can be particularly devastating on an emotional level if the attack was intentional.
Dealing with a mistake is one thing. But knowing that an employee you paid and supported facilitated an attack can leave you, and their colleagues, struggling to trust others in the future.
Oversights may cause accidental inside attacks too. This may be down to an employee downloading an attachment from a suspicious email, failing to follow standard practice when making company payments or something equally minor.
Segregation of Duties takes care of all this. For example, if one worker is preparing to download a new tool but requires another’s agreement first, they may discover a security risk before any harm is done.
This reduces the danger of genuine accidents caused by ignorance and acts as a deterrent for insiders looking to sabotage the business.
Should any attacks take place, it’s far easier to determine which party must have been responsible just by addressing those individuals with access. This is much more difficult when everyone in the company uses every aspect of the system without restraint.
Less power is up for grabs
Imagine if a hacker manages to gain access to your system by cracking an employee’s login details. Imagine if said employee has full access to every tool, every database, every service — a criminal could basically take control of your business and cause monumental damage before they’re shut down.
With Segregation of Duties, you can minimize the power any hacker would wield should they find a way into your network. Accounts are shared between a small group of people and only they have authorized entry. Any sign of unexpected activity within those accounts would indicate a potential issue.
Furthermore, all aspects of your company which require a different set of credentials to enter would be secure. This allows you to focus your attention on the problem areas rather than addressing the entire company.
Accounts and credentials are easier to manage
Businesses implementing SoD can manage access and credentials more easily in the event of a crisis.
Specifically, creating new logins for a compromised account is much easier with just two people to update. It’s a convenient, faster process with less room for error.
Segregation of Duties Between IT and Cybersecurity
Segregation of Duties between your IT department and cybersecurity specialists is vital for increasing your reinforcing business’s defense against hackers.
Your IT team may be experienced, well-trained and qualified, but they have to make sure they’re up-to-date on the latest risks, techniques and solutions in cybersecurity. Without this knowledge, they’re more likely to make mistakes when updating systems, maintaining your network or working with vendors.
Again, SoD means making sure your IT specialists are accountable and have to run their intentions by someone else. The smallest oversight could end up causing massive disruptions and effectively shut your business down on a temporary (or possibly permanent) basis.
Segregation of Duties demands a responsible approach: keep track of which individuals have access to specific accounts and which are authorized to perform certain tasks. Make sure to limit any crossover that could cause problems, such as putting the same person in two or three teams. This may lead to a conflict of interest and questionable choices.
Working with experienced cybersecurity experts is crucial for companies of all sizes, across all industries. Businesses have to take charge of their own protection and implement strategies designed to limit the damage a single attack is capable of.
All companies must stay organized and plan ahead when implementing a SoD strategy. Cybersecurity professionals can advise you on the major threats your business faces and how best to protect against them.
Cybersecurity experts will help you understand what that involves, how to implement Segregation of Duties and combat even the most creative cybercriminals.
Want to learn what The Driz Group can do for your company? Please don’t hesitate to reach out to our dedicated teamnow.
Trend Shows Cybercriminals Are Turning to Formjacking
A newly released global cyberthreat trend shows that cybercriminals are turning to formjacking as a new get-rich-quick scheme.
In the recently released Internet Security Threat Report, Symantec reported that on average, more than 4,800 unique websites are compromised with formjacking every month. According to Symantec, formjacking has increased dramatically since mid-August 2018. By the end of 2018, Symantec said it detected 3.7 million formjacking attacks, with nearly a third of all detections occurring during November and December – the busiest online shopping period.
Symantec said that while any organization, regardless of size and location, which processes payments online is a potential victim of formjacking, small and medium-sized retailers are, by and large, the most widely compromised by formjacking attackers.
What Is Formjacking?
Formjacking is a type of cyberattack that injects malicious code into website forms. This malicious code allows attackers to steal credit card details and other personal and financial information that are entered into the compromised forms as information is automatically sent to attackers. Stolen information could be used by attackers to perform payment card fraud or attackers could sell these details to other cybercriminals.
According to Symantec, attackers need only 10 stolen credit cards from each of the more than 4,800 compromised websites each month to earn up to $2.2 million per month considering that the current value for each card is $45 in underground selling forums.
How Are Formjacking Attacks Carried Out?
In recent months, two methods of formjacking attacks were observed: supply chain attack and redirection chain.
Supply Chain Attack
One of the ways by which formjacking attackers gain access to a website and change the code on its checkout page is through supply chain attack. In a supply chain attack, attackers gain access to a large organization’s website and change the code on its checkout page by exploiting the security vulnerabilities in a smaller business used by the larger company to provide different services.
The Ticketmaster formjacking case is an example of a formjacking attack carried out by means of a supply chain attack. In the Ticketmaster case, attackers injected malicious code into Ticketmaster’s checkout pages after compromising a chatbot used by Ticketmaster for customer support. This malicious code enabled the Ticketmaster attackers to capture payment card data and other information from customers and send them to their servers.
The chatbot used by Ticketmaster for customer support was hosted by Inbenta, an external third-party supplier to Ticketmaster. Inbenta chief executive Jordi Torras toldZDNetthat attackers exploited a number of vulnerabilities of Inbenta’s servers and in the process altered the chatbot code.
The Ticketmaster formjacking case, therefore, wasn’t directly an attack against Ticketmaster but an attack on a third-party supplier Inbenta. It’s worthy to note that supply chain attack was also used in the NotPetya attack in 2017 in which MEDoc, a tax and accounting software package, was used for the initial insertion of NotPetya malware into corporate networks.
Supply chain attacks show that cybersecurity hygiene shouldn’t only be implemented within an organization’s internal IT systems but also for third-party software and applications.
Redirection chain as a means of carrying out a formjacking attack is a new technique used by attackers in late 2018. In a redirection chain attack, a user that uses a checkout page of an online retailer is redirected to the checkout page of another online retailer which is injected with formjacking code. When this user enters payment information, the information is sent both to the retailer as well as to the attackers.
In December 2018, Symantecreported that it detected a checkout page of a retail store in Paris which was injected with a formjacking code. The injected formjacking code, Symantec said, collects the payment information entered by customers and posts it to the domain google-analyitics.org.
Symantec observed that popular online retailers’ checkout pages from different countries, such as the U.S., Japan, Australia, and Germany redirected to this one Paris checkout page. “This created an interesting redirection chain as customers of all these websites were being infected by formjacking at the same time,” Symantec said.
Symantec added that to make matters worse, the formjacking code in the above-mentioned redirection chain attack comes with Firebug, a debugging tool that prevents security researchers from analyzing the malicious code.
Formjacking attacks are becoming sophisticated and stealthy as shown in the above-mentioned examples. Users of compromised checkout pages may not realize they’re victims of formjacking as compromised checkout pages generally continue to operate as normal.
Here are some cybersecurity measures in order to prevent formjacking attacks:
Don’t have cybersecurity resources or dedicated CISO? Contact us today to mitigate IT risks, fast.
3 Most Common Web Application Security Vulnerabilities
Almost all organizations today have an online presence, mostly in the form of an official website. While these websites open a window of opportunities for organizations, these same websites are at times a bane to organizations as these are becoming attractive targets for cyber attackers.
What Are Web Application Security Vulnerabilities?
One of the ways by which cyber attackers wreak havoc on corporate websites is by exploiting the security vulnerabilities in web applications.
Web applications, also known as web apps, refer to software programs that run in a web browser. A web application can be as simple as a contact form on a website or a content management system like WordPress. Web application security vulnerabilities, meanwhile, refers to system flaw or security weakness in a web application.
Web applications are gateways to a trove of data that cyber attackers find attractive and easy to steal. Every time website visitors sign up for an account, enter their credentials or make a purchase via an official corporate website, all this data, including personally identifiable information, is stored on a server that sits behind that web application. Exploiting a security vulnerability in a web application allows attackers to access the data stored on that server.
Imperva, in its “State of Web Application Vulnerabilities in 2018”, reported that the overall number of new web application vulnerabilities in 2018 increased by 23%, that is, 17,308 web application vulnerabilities, compared to 2017 with only 14,082 web application vulnerabilities.
Most Common Web Application Security Vulnerabilities
Here are the 3 most common security vulnerabilities affecting web applications:
Based on Imperva’s data, the number one web application vulnerability in 2018 was injection, representing 19% of the web application vulnerabilities last year. In an injection attack, an attacker inserts or injects code into the original code of a web application, which alters the course of execution of the web app.
According to Imperva, the preferred method of attackers last year to inject code into web applications was remote command execution (RCE) with 1,980 vulnerabilities.
Remote command execution allows an attacker to remotely take over the server that sits behind a web application by injecting an arbitrary malicious code on the web app. The Equifax data breach that exposed highly sensitive data of millions of U.S. customers, as well as thousands of U.K. and Canadian consumers, is an example of a cyberattack that used the injection method, in particular, remote command execution.
Attackers gained access to the data of millions of Equifax’ customers by exploiting the vulnerability designated as CVE-2017-5638in the web application used by the company. At the time of the attack, Equifax then used an outdated Apache Struts, a popular open source framework for creating enterprise-grade web applications.
Despite the advisory from the Apache Software Foundation, the organization that oversees leading open source projects, including Apache Struts, to update the software to the latest version, Equifax failed to do so, leading the attackers to breach the sensitive data of millions of the company’s customers.
On March 7, 2017, the Apache Software Foundation issued a patch or security update for CVE-2017-5638 vulnerability. On May 13, 2017, just a few days after the CVE-2017-5638 patch was released, attackers started their 76-day long cyberattack on Equifax, this according to the findings of the U.S. House Oversight Committee.
2. Cross-Site Scripting
The second most common web application vulnerability is cross-site scripting. According to Imperva, cross-site scripting ranked as the second most common vulnerability in 2018, representing 14% of the web application vulnerabilities last year.
Cross-site scripting, also known as XSS, is a type of injection in which malicious code is inserted into a vulnerable web application. Unlike injection in general, cross-site scripting particularly targets web visitors.
In a cross-site scripting attack scenario, an attacker, for instance, embeds an HTML tag in an e-commerce website’s comments section, making the embedded tag a permanent fixture of a webpage, causing the browser to read the embedded tag together with the rest of the original code every time the page is opened, regardless of the fact that some site visitors don’t scroll down to the comments section.
The injected HTML tag in the comments section could activate a file, which is hosted on another site, allowing the attacker to steal visitors’ session cookies – information that web visitors have inputted into the site. With the stolen session cookies of site visitors, attackers could gain access to the visitors’ personal information and credit card data.
3. Vulnerabilities in Content Management Systems
Imperva’s State of Web Application Vulnerabilities in 2018 also showed attackers are focusing their attention to vulnerabilities in content management systems, in particular, WordPress.
Attackers are focusing their attention on WordPress as this content management system powers nearly one-third of the world’s website. Data from W3Techsshowed that as of late December, last year, WordPress usage account for 32.9% of the world’s websites, followed by Joomla and Drupal.
According to Imperva, the number of WordPress vulnerabilities increased in 2018 despite the slowed growth in new plugins. Imperva registered 542 WordPress vulnerabilities in 2018, the highest among the content management systems. The WordPressofficial website, meanwhile, reported that only 1,914 or 3% from the total 55,271 plugins were added in 2018.
Ninety-eight percent of WordPress vulnerabilities are related to plugins, Imperva reported. Plugins expand the features and functionalities of a website. WordPress plugins are, however, prone to vulnerabilities as with this content management system (being an open source software), anyone can create a plugin and publish it without security auditing to ensure that the plugins adhere to minimum security standards.
Web Application Attack Prevention
A web application firewall (WAF) is one of the best cybersecurity solutions that your organization can employ against web application vulnerabilities.
Trust the experienced team that protects hundreds of sites and applications. Protect your web application within 10-minutes and keep cybercriminals at bay. Get started today!
Look Back into the First Major Cyberattack: The Morris Worm
Thirty years ago, the Morris worm, dubbed as the first major cyberattack, was unleashed into the wild, crashing or slowing to a crawl 10% or 6,000 of the 60,000 computers then connected to the “Internet”.
What Is Morris Worm?
Morris worm is named after its creator Robert Tappan Morris. A worm, meanwhile, refers to a type of malicious software (malware) that has the ability to spread itself within networks without user interaction.
Courtdocuments showed that Morris, then a first-year graduate student at Cornell University's computer science Ph.D. program, released the worm on November 2, 1988 through a computer at the Massachusetts Institute of Technology (MIT), which Morris hacked using a Cornell University's computer.
Morris worm was released into the wild a year before the world wide web came into existence. The term “Internet” then referred to a U.S. computer network, composed of connected computers from prestigious colleges, research centers, governmental and military agencies.
In less than 24 hours on November 2, 1988, Morris worm infected the computers of institutions, including Harvard, Princeton, Stanford, Johns Hopkins, National Aeronautics and Space Administration (NASA) and the Lawrence Livermore National Laboratory.
While the worm didn’t destroy or damage files, infected computers slowed to a crawl or ceased functioning and emails were delayed for days. The estimated cost of dealing with the Morris worm at each installation ranged from $200 to over $53,000.
The worm infected computers running a specific version of the Unix operating system in 4 ways:
First, via a security vulnerability in “SEND MAIL”, a computer program that transfers and receives electronic mail;
Second, via a security vulnerability in the "finger demon", a computer program that allows extraction of limited information about the users of another computer;
Third, via "trusted hosts" feature that allows a user with certain privileges on one computer to have equivalent privileges on another computer without using a password; and
Fourth, via a program that guesses passwords using various combinations of letters tried out in rapid succession, hoping that one will be an authorized user's password. When the correct password is entered, the intruder is allowed whatever level of activity that the user is authorized to perform.
Morris designed the worm to stay hidden. The worm was designed in such a way that it won’t copy itself onto a computer that already had a copy. The worm was also designed in such a way that it would be killed when a computer was shut down.
Consequences of the Morris Worm
For unleashing the worm into the wild, Morris became the first person convicted for violating the U.S. Computer Fraud and Abuse Act, which outlaws unauthorized access to protected computers. He was sentenced to 3 years of probation, 400 hours of community service, a fine of $10,050 and the costs of his supervision.
The first major cyberattack perpetrated by the Morris worm showed how vulnerable interconnected computers had become. Just days after the Morris worm attack, the U.S. Government created the country’s first computer emergency response team under the direction of the Department of Defense. Developers also began creating intrusion detection software.
On the flip side, the Morris worm inspired a new breed of malicious hackers, plaguing the digital age. In recent memory, the worm that resembles the devastation caused by Morris worm is the WannaCry worm, commonly known as WannaCry ransomware.
In less than 24 hours on May 12, 2017, more than 300,000 computers in 150 countries were infected by WannaCry, each demanding a ransom payment. WannaCry is categorized as a worm as similar to the Morris worm as it has the ability to spread itself within networks without user interaction.
WannaCry specifically exploited the security vulnerability in Server Message Block Protocol (SMB protocol) in some versions of Microsoft Windows. SMB protocol allows users to access files, printers and other resources on a network.
Here are some cybersecurity measures to protect your organization’s computers or networks from worms similar to WannaCry and Morris worms:
Implement Network Segmentation
In network segmentation, vital computers that housed critical information and operations are separated or disconnected from computers connected to vulnerable systems like the public internet. Network segmentation ensures that when internet-facing computers are infected by a worm, these vital computers aren’t affected.
Keep All Software Up-to-Date
Make sure that software security updates are installed as timely as possible, not months or years after the release dates of the security updates.
Cyberattackers have automated the process of scanning the internet for finding vulnerable computers – those that fail to install security updates. This was the case for WannaCry victims as they failed to install the security update issued by Microsoft months before the WannaCry cyberattack.
Refrain from Using Legacy Hardware and Software
The term “legacy” refers to old and outdated computer hardware or software. Similar to computers that fail to timely install security updates, legacy hardware and software programs are similarly targetted by cyberattackers as these legacy hardware and software programs no longer receive security update from their vendors.
Some versions of the Microsoft Windows (Windows XP, Windows 8, and Windows Server 2003 operating systems) were targeted by WannaCry attackers as well as during the attack these software programs were no longer supported by Microsoft. A day after the WannaCry attack, however, Microsoft released security updates for Windows XP, Windows 8, and Windows Server 2003.
Protecting computers or networks from worms and other malicious software is important in order to prevent data breaches. Under Canada’s Digital Privacy Act, starting November 1 this year, private organizations are mandated to notify the Privacy Commissioner of Canada and the affected individual “as soon as feasible” in the event that a data breach poses a “real risk of significant harm” to any individual.
When you need help assessing and mitigating the cybersecurity risks, contact out team of expertsand minimize the likelihood of a data breach.
How to Prevent Departing Employees from Departing with Your Organization’s Data
The practice of departing employees departing with their employers’ data has recently been highlighted in the latest case that sprung from one of the biggest tech companies Apple.
A special agent at the Federal Bureau of Investigation (FBI) recently filed a criminal complaint before the US District Court for the Northern District of California against a former Apple employee, alleging that the former Apple employee who worked as a hardware engineer on the company’s autonomous vehicle development team stole trade secrets from the company.
According to the FBI special agent, because of the former employee's role on Apple’s autonomous vehicle development project, he was granted broad access to secure and confidential internal databases containing trade secrets and intellectual property for the project.
After returning from a paternity leave, the said employee, according to the FBI special agent, resigned saying that he plans to move back to his home country and he also plans to work with another company also working in the field of autonomous vehicle technology.
The said employee turned over all Apple-owned devices and Apple's security then disabled his remote network access, badge privileges, network access and other employee accesses.
The criminal complaint revealed that data from Apple’s security team showed that days prior to his resignation, the former Apple employee’s network activity increased exponentially compared to the prior two years of his employment. On the evening two days prior to his resignation, the employee was shown via CCTV footage entering the autonomous vehicle software and hardware labs and leaving the building less than an hour later carrying a large box.
The criminal complaint also disclosed that in an interview with Apple security attorney and Apple employee relations representative, the accused former employee of Apple admitted downloading data to a non-Apple device, one that's owned by his wife, because he has "interest in platforms and wanted to study the data on his own." The accused also admitted to FBI agents of taking files from Apple’s autonomous vehicle development project and transferring the files to a non-Apple digital device, owned by his wife.
Files recovered from the non-Apple device included a 25-page document containing schematics for one of the circuit boards that form Apple's proprietary infrastructure technology for its autonomous vehicle development project.
FBI agents arrested the said Apple's former employee at the San Jose International Airport as he was about to leave the country.
Prevalence of Departing Employees Stealing or Leaking Corporate Data
The case filed against a former Apple employee is just one of the many cases of departing employees departing with their employers’ data.
In 2014, a Federal Court of Australia found sufficient evidence that a former employee of Leica Geosystems Pty Ltd copied 190,000 files from the company’s computers the day before he resigned. The files copied by the former employee included numerous source codes representing the core of the company’s intellectual property. The Federal Court of Australia ordered the said employee to pay AUD$50,000 to his former employer as fine for his misconduct.
In 2015, an employee of BlueScope, after learning she was to be terminated, downloaded 40 gigabytes of company documents. The company filed legal actions in the Federal Court of Australia and Singapore to stop the information falling into the hands of its competitors. BlueScope and the former employee reached a confidential settlement. The Federal Court of Australia, meanwhile, permanently restrained the BlueScope’s former employee from using the data that’s in her possession.
A survey conducted by Biscom showed the prevalence of departing employees departing with their employers’ data. The Biscom survey showed the following alarming findings:
Data Leak Prevention
1. Limit Employee Access to Data
Only give employees access to data needed to get their jobs done. For instance, engineers don’t need access to CRM systems.
2. Encrypt Critical Corporate Data
Ensure that critical corporate data, whether data is in-transit, at-rest and in-use, must be encrypted. Encryption ensures that even when there’s data breach, the data will remain useless.
3. Establish Regular IT Audits
While automated, preventative controls are the best defense, no technology is perfect. Establishing regular IT audits performed by an independent third-party will help you detect any outliers and detect data leaks and internal fraud early on. Such audits generally include
4. Require Appropriate Authentication for Critical Content
Accessing critical content must require not just a username and password but also multi-factor authentication. When critical content is being accessed, it also helps that approval must be secured first or an alert must be given to a compliance officer.
5. Regularly Monitor Network Activities
Unusual volume of downloaded data and non-office hours data access are examples of network activities that should be monitored. Said network activities are red flags for unauthorized activities and should be checked.
6. Keep Critical Data Offline
Don't store information vital to your organization, especially trade secrets, on any device that connects to the internet.
7. In-Person Data Security and Privacy Training
One of the means, though not a cure-all approach, of preventing departing employees from stealing corporate data is by providing an in-person data security training the moment the employee is hired.
One training session isn't enough. It's best to regularly remind employees about safeguarding company’s data by implementing a regular, formal cybersecurity awareness training. In addition to the in-person data security and privacy training, a confidentially or non-disclosure provision has to be included in the employment contracts.
8. Don’t Give Employees Administrator Privileges
Don’t give employees administrator rights for the company-supplied computers or devices. Giving them administrator privileges allows them to install malicious software (malware) that could lead to unauthorized access to information vital to your organization.
When you need help with either establishing regular IT Audits or performing data leakage assessments, help is a phone call away. Contact us today and protect your business.
What is Remote Code Execution Attack & How to Prevent this Type of Cyberattack
Microsoft recently rolled out its latest security update, fixing 50 security vulnerabilities. Out of the 50 security vulnerabilities fixed by Microsoft in its June 12thsecurity update, 14 security vulnerabilities allow remote code execution.
What is Remote Code Execution?
Remote code execution (RCE) refers to the ability of a cyberattacker to access and make changes to a computer owned by another, without authority and regardless of where the computer is geographically located.
RCE allows an attacker to take over a computer or a server by running arbitrary malicious software (malware). "RCE (remote code execution) vulnerabilities are one of the most dangerous of its kind as attackers may execute malicious code in the vulnerable server," Impervasaid.
Remote Code Execution Example #1: Microsoft Excel Remote Code Execution Vulnerability
One example of a remote code execution vulnerability is the CVE-2018-8248vulnerability – one of the security vulnerabilities fixed by Microsoft in its June 12thsecurity update. The CVE-2018-8248 vulnerability, also known as “Microsoft Excel Remote Code Execution Vulnerability”, allows an attacker to run a malware on the vulnerable computer.
The CVE-2018-8248 attacker could take full control of the compromised computer if the owner of the compromised computer logs on to the computer with administrative user rights. In taking full control of the compromised computer, the attacker could view, change or delete data; install programs; or create new accounts with full user rights.
According to Microsoft, the delivery method in exploiting the CVE-2018-8248 vulnerability could be in the form of a malicious email with an attachment that contains a specially crafted file with an infected version of Microsoft Excel. Another delivery method in exploiting the CVE-2018-8248 vulnerability is in the form of a web-based attack scenario, whereby an attacker could host a website or compromised website that accepts or hosts user-provided content containing a specially crafted file designed to exploit the CVE-2018-8248 vulnerability.
In the 2 scenarios, malicious email and web-based attack, the attacker has to convince users to click on the attachment or a link to open the specially crafted file. To date, there’s no report that CVE-2018-8248 vulnerability has been exploited into the wild.
Remote Code Execution Example #2: Microsoft Windows SMB Vulnerability
On May 12, 2017, hundreds of thousands of computers worldwide were infected by WannaCry, a malware that encrypts computer files, locking out computer users and asks for ransom payment to decrypt or unlock the computer files.
WannaCry, as it turns out, is a malware that allows remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block (SMB) – a protocol used for sharing access to files, printers and other resources on a network.
Unlike other remote code execution attacks which leverage on malicious emails and web-based attacks as delivery methods, WannaCry’s delivery method was scanning the internet for vulnerable SMB ports and using one of the alleged U.S. National Security Agency (NSA) spying tools called “EternalBlue”, which takes advantage of the vulnerability in Microsoft’s SMB. Once an attacker detects SMB vulnerability, the DoublePulsar (another alleged NSA spying tool) is then used by an attacker to allow for the installation of the WannaCry malware.
EternalBlue and DoublePulsar are 2 of the spying tools allegedly used by the NSA that were leaked in April 2017 by a group of hackers who called themselves Shadow Brokers. According to Microsoft, the security vulnerabilities exposed by Shadow Brokers were fixed by the security update released by the company in March 2017 – a month before Shadow Brokers publicly released the alleged NSA spying tools.
Researchers at Renditionreported that in late April and the first few days of May 2017 – several days after Microsoft issued a security update fixing the security vulnerabilities exposed by Shadow Brokers, more than 148,000 computers were compromised by EternalBlue and DoublePulsar.
Hundreds of thousands of computers were infected by WannaCry as many compromised machines were used as servers and because of the worm or self-propagating capability of this malware. As a result, computers connected to the infected servers were also infected by the WannaCry malware.
Remote Code Execution Attacks and Cryptocurrency Mining
At the height of the cryptocurrency boom in December 2017, Imperva reported that cryptocurrency mining drove almost 90% of all remote code execution attacks.
Imperva said 88% of all remote code execution attacks in December 2017 sent a request to an external source to try to download a cryptocurrency mining malware.
“These attacks try to exploit vulnerabilities in the web application source code, mainly remote code execution vulnerabilities, in order to download and run different crypto-mining malware on the infected server,” Imperva said. “The malware usually uses all CPU computing power, preventing the CPU from doing other tasks and effectively denies service to the application’s users.”
Timely patching or timely installation of software update ranks as the top cybersecurity measure in preventing remote code execution attacks.
For instance, to prevent remote code execution via CVE-2018-8248 vulnerability, Microsoft’s June 12, 2018 security update has to be installed. In the case of WannaCry cyberattack, remote code execution via the exploitation of Microsoft Windows SMB vulnerability could have been prevented if only Microsoft’s March 2017 security update had been timely applied.
To prevent attackers trying to infect vulnerable servers with cryptocurrency mining malware, the initial attack must be blocked. As an initial attack, cybercriminals typically exploit remote code execution vulnerabilities to launch their malware, similar to what WannaCry attackers did.
If your organization is using computers or servers that are known to be using software that’s vulnerable to remote code execution, the latest vendor patch to mitigate this particular cyberattack should be timely applied.
As a rule of thumb, to significantly minimize the risk, your company must collect, analyze and act on the most recent threat intelligence. Your IT team must be equipped with the best tool to apply patches timely thus mitigating the risk of a data breach. Better yet, workstation and server patching can and should be automated to prevent remote code execution and other cyberattacks.
Are You Failing to Protect Yourself Against Fraud?
Online fraud is, sadly, a common danger.
More than 15 million people fell victim to it in 2016, and the risk is still very much present. Companies across all areas of industry must take steps to protect their finances, making any changes necessary to minimize threats.
Some of these may seem simple, while others appear a tad more complicated. As specialists in cybersecurity, we’re dedicated to helping businesses like yours stay safe against ever-more sophisticated tactics.
So, what changes can you make to your everyday operations to combat online fraud?
You Ignore the Warning Signs
Seeing new customers make large purchases can be an exciting time, but you need to be aware of some common warning signs.
Orders placed late at night could be a red flag, while large orders of products that can be resold easily are another fraud giveaway to watch out for.
Another red flag? Multiple attempts to buy an expensive item (or items) with the same payment method, but with minor differences in the expiration date or name.
Purchases made by buyers who have been repeat customers for a long time should be watched if they make an unusual change in their purchases, address, contact details, and order size.
Last but not least: be wary of customers buying goods with a domestic billing address but sending the purchases to international locations. This is especially true if multiple international addresses are used.
You Don’t Invest in the Best Security
In our experience, too many businesses – both big and small – invest too little into their cybersecurity. Even though businesses are expected to spend more than $100bn on online protectionin 2020, it’s still not uncommon to see companies letting themselves down.
It’s easy to assume you can handle your business’s online security when you first enter the market. After all, download some anti-virus software, get yourself a firewall – job done, right?
Sadly, it’s not so simple. Finding the budget for high-quality security protocols can be difficult, but it’s vital – you’re reinforcing your company’s infrastructure, protecting your assets, and minimizing further expense.
In other words: take the danger of online fraud seriously. Your customers and your employees are depending on you to keep their details, their salaries, and safer.
You Haven’t Educated Your Team
Your workforce has to be educated on the signs of online fraud, trained in criminals’ latest tactics and the techniques available to combat them.
After all, they’re the people keeping your operations running day in, day out. They’re handling customers’ purchases, processing transactions, communicating with buyers, using your databases, downloading resources, and more.
Uninformed staff may end up making mistakes that leave your business vulnerable, facing fraudulent activity, and ultimately at risk. When they have the information and the training, they can actually be a much-needed defense against cyber criminals preying on companies like yours.
Make sure you host regular meetings to train your employees on the cyber-security threats they are likely to encounter, and the warning signs they should watch out for. This doesn’t have to be at an expert level, as you don’t want to overwhelm or confuse them, but it should be enough to give them the confidence they need to perform at their best.
Your staff should know enough to identify possible fraudulent behavior, handle customers’ personal information properly, and avoid leaving your business exposed.
You Haven’t Implemented a Reliable Password Policy
Passwords have to be strong, hard to guess, and varied. Make sure your employees and your customers have the information and advice they need to avoid weak passwords.
We all have so many passwords to remember today. Many of us run numerous different aspects of our lives online, relying on online banking, online shopping, online communications … it’s easy to be complacent.
However, complacency leads you to use the same passwords again and again. Your customers may simply create an account and make purchases with your business, but inadvertently let someone else know what their password is.
This could lead to fraudulent purchases, and the customer might blame your company for failing to offer them sufficient advice on how to best create efficient passwords.
It’s vital, then, to provide helpful information at the sign-up stage, and a dedicated page on your site. Make sure they know not to use something simple and easy to find out, such as their child’s name or their birthday. Varying letter case, adding symbols and numbers, and combining words to make longer passwords can all be a big help.
Your employees should follow the same strategy. Using the same password in their work emails or accounts as their personal ones can make increase your business’s vulnerability.
You Don’t Run Background Checks on Your Employees
Hiring employees with a history of criminal activity or suspicious behavior in previous roles (leading to dismissals) can be an easy way to expose your business to fraud.
Running background checks may seem to be something of a hassle, but it’s well worth doing to protect your company. This should consist of criminal background checks, their education, and their past employment – you will have the information to identify who you have working for you.
Trust goes a long, long way in maintaining an efficient, satisfied workforce. If you know your team is unlikely to undertake fraudulent activity and put your company’s and your customers’ data at risk, you can focus on combating external dangers instead.
Employees will generally accept that these background checks are par for the course. Though it might seem intrusive, it’s for the good of your company, your clients, and your reputation.
Online fraud is an intimidating area and makes businesses of all sizes feel vulnerable. Taking the steps explored above is an effective start to a stronger infrastructure, but you should trust the professionals to reinforce (and maintain) your business’s cybersecurity program for maximum protection against threats.
Contact ustoday to assess your risks and protect your business.
Steve E. Driz, I.S.P., ITCP