As part of a series of articles, I’ll be covering some basic cyber security topics, their implications, with practical tips on how to protect your business.
Cyber-crime is growing year-on-year and there’s no let-up in sight. As we continue to spend more of our lives online, the opportunities for cyber-criminals increase with new attack vectors on mobiles, tablets, laptops, and PCs, being discovered daily. But, by following a few basic guidelines (coming up in part 2), you can protect your business, making it harder for the criminals.
Generally, motivation for cyber-crime is financial, and we tend to categorise the threats as either insider or outsider. Insiders are employees who are either disgruntled or think they can gain financially from their actions. Outsiders are anything from organised attackers such as terrorists, criminal gangs, or hacktivists, to amateurs who want to challenge themselves for status among their peers.
For the purpose of these articles, I’ll be focusing on the actions of the criminal gangs, as they are the most clear and present danger to your business.
As well as tried and tested methods, cyber-criminals are continuously innovating novel approaches to extort money from your business or personal details. The threats can originate from:
- Social Media
Let's take a look at how cyber-criminals use these various platforms.
Social media is a valuable tool for business marketing and communications. However, because of this, social media is a favoured target of scammers; as criminals seek to leverage social circles to spread scams, fake links, and phishing. To succeed, the social engineering involved must be convincing, and so we see more progressive and ingenious tactics to dupe businesses or employees.
One scam in particular went to great lengths to create an entire family tree of hundreds of thousands of fake Twitter accounts, each branch boosting the credibility of the one above, to gain followers and retweets from genuine Twitter users. At the top of the family tree were accounts impersonating news outlets and celebrities, even curating real tweets from genuine accounts to make them seem more credible. The operators went to great lengths to avoid anti-spam measures and were able to operate for a long time.
Another common trick is to tempt users with click bait headlines that seem to link to interesting or quirky news stories, but in fact lead to dangerous waters. The issue is they are legitimate websites who are paying to advertise, but are subsequently changing content. Known as drive-by attacks or Malvertising, the result of these malicious adverts is the installation of viruses, worms, Trojan horses, ransomware, spyware, and other malware.
Email - spam and phishing
Most, if not all, businesses rely on email, to some degree, making it an ideal target for cyber-criminals.
When cyber-criminals trick people into revealing sensitive information, it's called phishing. There is an increase in the number and sophistication of phishing attempts, targeting specific departments within organisations. While some phishing attempts may seem obvious, such as a fake delivery tracking emails, Legal and Finance departments are being targeted with convincing, well-crafted, phishing attacks.
As with phishing fraud, malware distributed in emails requires social engineering to convince its recipient to open the attachment or to click on a link. Attachments can be disguised as fake invoices, office documents, or other files, and often exploits an unpatched vulnerability in the software application used to open that type of file; malicious links may direct the user to a compromised website using a web attack toolkit to drop something malicious onto their computer.
If web servers are vulnerable, then so are the websites they host and the people that visit them. Attackers are exploiting any vulnerability they can to compromise websites and commandeer their host servers. The ease of use and wide availability of web attack toolkits is feeding the number of web attacks—attacks that doubled in 2015.
Once access to the server is achieved, the attacker will upload payloads that exploit vulnerable software installed on phones, laptops, or PCs. Payloads target specific software such as browsers, PDF readers, or office software.
Adobe Flash Player has continually been the subject of malicious exploitation over the years, and accounted for 10 vulnerabilities that were classified as zero days in 2015 (17%) compared with 12 in 2014 (50%), and five in 2013 (22%). With such rich pickings, it’s clear to see why attackers are partial to exploiting Flash. Apple, Google, and Mozilla have all expressed their concerns with the Flash plugin, and Google recently announced that Flash would no longer be supported natively in Chrome. Mozilla continues to support Flash within Firefox as an exception to the general plugin policy.
BYOD is becoming standard practice for businesses, especially those with remote workers. So, it’s no surprise to find out that smartphones are an increasingly attractive target for online criminals. As a result, they are investing in more sophisticated attacks that are effective at stealing valuable personal data or extorting money from victims and businesses. Although Android users remain the main target, 2015 saw effective attacks on Apple devices as well, and iOS devices did not need to be jail-broken to be compromised.
Ransomware is malware that encrypts data or restricts access to a computer or mobile device. Ransomware is “cyber blackmail” that seeks to force a business to pay a ransom in order to decrypt its data or access its system once again. Changes to a business' computer could include:
- Encrypting data that is stored on the victim's disk so the victim can no longer access the information
- Blocking normal access to the victim's system
The most common ways in which Ransomware Trojans are installed are via phishing emails, or through visiting a website that contains a malicious program.
After the Trojan has been installed, it will either encrypt information that’s stored on the computer or block the computer from running normally – while also leaving a ransom message that demands the payment of a fee (in Bitcoins), in order to decrypt the files or restore the system. In most cases, the ransom message will appear when the computer is restarted, after the infection has taken effect.
Viruses and malware
The most commonly known threats are viruses and malware; they have been around for years. They generally take advantage of vulnerabilities within software installed on computers. Motivation for this type of attack has changed from just replicating itself to being more viscous and being used for stealing business details, launching DDoS attacks, and being part of a SPAMbot. Virus and Malware may install key loggers, logic bombs, backdoors, Trojans, spyware, and botnets.
A drive-by attack is the unintentional download of a virus or malicious software (malware) onto your businesses system, generally from visiting a compromised website. A drive-by attack will usually take advantage of (or “exploit”) a browser, app, or operating system that is out of date and has a security flaw.
So far, we have covered the threats, and the payloads that they deliver. In the follow up to this article, I will be discussing how you can help to protect your business from such attacks.
If you want to take a close look at the security vulnerabilities of your existing systems, and understand how to implement your security in a balanced, comprehensive way, GET IN TOUCH.