What you ought to know about the common cybercrime techniques of 2016
2015 was the year of bold and sophisticated cybercrimes in Australia when major corporations such as The Commonwealth Bank, Target,T-Mobile, K-mart, X-box, Anthem Inc., and Slack lost millions of dollars in security breaches and lost data records. You can expect 2016 to be no different unless companies take proactive measures to improve their IT security.
Australia is a country highly targeted by cyber criminals. Many Australian organizations regularly face security breaches and sometimes they are not even aware of these breaches until it's too late. This is because most of these organizations see security as a reactive measure rather than a proactive solution. Therefore, by implementing proactive security measures, many such organizations can reduce the surface area of potential attacks.
Below are some of the most commonly used sophisticated cyber-attack techniques, along with the proactive measures that companies can take to combat them.1. Malware, ransomware, spyware and mobile malwareMalwareMalware is typically code or a file that is delivered over the network to specifically infect your device, steal important information, or disrupt the normal functioning of your device. Malware attacks play to the deepest fears of companies and executives as critical company secrets are at the risk of being exposed.
Recently, malware called ZeroAccess infiltrated the payment systems in 60 Pizza Hut stores across Australia, compromising 4,000 devices each day between October and December 2015.
Various types of malware include viruses, trojan horses, spam, worms, rootkits, remote access tools, and spyware that is injected into a system through software that is otherwise safe.RansomwareOne of the popular forms of malware is ransomware. Ransomware takes control of the administrator access and prevents users from accessing all or some of their systems. Attackers force victims to pay a ransom through various online payment methods, before releasing their vice grip on the victims' systems.
Charles Lim, a Frost & Sullivan cyber-security analyst, estimates that nearly 50-60% of the global ransomware attacks are regularly detected in Australia.
Some of the popular forms of ransomware include CTB-Locker, CryptoWall, CryptoDefense, CryptorBit, and Cryptolocker. These forms of malware infiltrate operating systems via infected email messages or via fake downloads (for example, rogue video players or fake Flash updates).SpywareSpyware is another common form of malware. Hackers bundle spyware code as a hidden component in freeware or shareware applications that are available for download from the internet.
Spyware can also spread through infected file attachments. The injected spyware code or application can then gather information about e-mail addresses, passwords, and credit card numbers. The hacker gains access to the victim 's device through the spyware and monitors the victim's activity on the internet.Mobile malwareWith more people using smartphones alongside PC's, hackers are using various techniques to spread malware through mobile apps and SMS text messages.
If you happened to click links from unknown email senders or from an SMS message, you might actually end up downloading malware.
Many sources suggest that one of the most common sources of malware on mobiles is spread by manually downloading software that claims to be a video player from websites other than Google Play and Apple's App Store.How to protect against malware, ransomware, spyware and mobile malware:
- Since a number of operations performed by crypto-ransomware require admin privileges, always keep the user account control settings(UAC) enabled. This can help you prevent unauthorized changes to your computer. UAC triggers notifications about certain changes that are made to your computer that require administrator-level permissions.
- Ensure to schedule regular backups of your data. Store all your data on cloud or use an external hard drive. Check for all network shares and backup locations. Ensure to allow access or change permissions only by the administrator (and/or the backup service provider).
- According to CERT many ransomware infections begin with a “.scr” file that is attached as part of a “.zip” or “.cab” email attachment. It is advisable to block “.scr” files at the email gateway and establish control policies for certain applications and device.
- Implement group policies at computer, domain and domain control levels. These policies can block attackers from installing malware in their favorite directories.Although implementing and managing group policies can be cumbersome at times, this is a necessary step towards proactively preventing any ransomware or spyware attacks.
- Ultimately be cautious while surfing the internet and avoid suspicious websites, suspicious SMSes and software download options. Remember to install and maintain an updated antivirus program.
- · Emails that pretend to be from known and popular banks or other payment transaction platforms.
- ·Emails that carry links to offer “free” gifts, goods, or services.
- ·Work-at-home and other business or investment opportunity emails.
- Suspicious web addresses and misspelled websites of a popular company.
- Use of “http” in the websites URL instead of “https” (which is used in the URLs of the genuine website).
- Websites where the pop-up window appears immediately once the user reaches the suspicious website. These pop-up windows tend to record your username, password and other account information.
- · Do not click on the links in emails from unknown senders.
- · Type addresses directly into the browser or use the personal bookmarks.
- · Check the website's security certificate (SSL) before you enter personal or financial information into a website.
- · Refrain from entering any personal or financial information in unknown pop-up windows.
- · Ensure that the computer OS ,browser and other critical software (such as anti-virus protection software) are updated with the latest security patches.
- · Include advanced sand boxing capabilities in your IT security solution to detect malware in phishing emails.
- ·Since attackers can flood the enterprise with more data, periodically validate your network’s security performance. This is a critical step to ensure that your network solutions will hold up during the attacks.
- ·Deploy intrusion detection/prevention tools to shield from unpatched vulnerabilities.
- Use file integrity monitoring and log inspection tools to improve your situational awareness of unusual network behavior.
- Update your computer's antivirus software.
- Ensure that Microsoft Windows and certain main programs (MsOffice, Adobe products) on your devices have the latest version updates.
- Configure your software settings to automatically update the security settings on your browser.
- Never click on attachments from an unverified source.
- Install a good firewall analyzer to block the network ports used by botnet controllers.
- Install aggressive identification ,monitoring tools and devices. Preferably install a robust identity management system and validate account credentials at appropriate intervals.
Comments