2015 was the year of bold and sophisticated cybercrimes in Australia when major corporations such as The Commonwealth Bank, Target,T-Mobile, K-mart, X-box, Anthem Inc., and Slack lost millions of dollars in security breaches and lost data records. You can expect 2016 to be no different unless companies take proactive measures to improve their IT security.
Australia is a country highly targeted by cyber criminals. Many Australian organizations regularly face security breaches and sometimes they are not even aware of these breaches until it’s too late. This is because most of these organizations see security as a reactive measure rather than a proactive solution. Therefore, by implementing proactive security measures, many such organizations can reduce the surface area of potential attacks.
Below are some of the most commonly used sophisticated cyber-attack techniques, along with the proactive measures that companies can take to combat them.
1. Malware, ransomware, spyware and mobile malware
Malware is typically code or a file that is delivered over the network to specifically infect your device, steal important information, or disrupt the normal functioning of your device. Malware attacks play to the deepest fears of companies and executives as critical company secrets are at the risk of being exposed.
Recently, malware called ZeroAccess infiltrated the payment systems in 60 Pizza Hut stores across Australia, compromising 4,000 devices each day between October and December 2015.
Various types of malware include viruses, trojan horses, spam, worms, rootkits, remote access tools, and spyware that is injected into a system through software that is otherwise safe.
One of the popular forms of malware is ransomware. Ransomware takes control of the administrator access and prevents users from accessing all or some of their systems. Attackers force victims to pay a ransom through various online payment methods, before releasing their vice grip on the victims’ systems.
Charles Lim, a Frost & Sullivan cyber-security analyst, estimates that nearly 50-60% of the global ransomware attacks are regularly detected in Australia.
Some of the popular forms of ransomware include CTB-Locker, CryptoWall, CryptoDefense, CryptorBit, and Cryptolocker. These forms of malware infiltrate operating systems via infected email messages or via fake downloads (for example, rogue video players or fake Flash updates).
Spyware is another common form of malware. Hackers bundle spyware code as a hidden component in freeware or shareware applications that are available for download from the internet.
Spyware can also spread through infected file attachments. The injected spyware code or application can then gather information about e-mail addresses, passwords, and credit card numbers. The hacker gains access to the victim ‘s device through the spyware and monitors the victim’s activity on the internet.
With more people using smartphones alongside PC’s, hackers are using various techniques to spread malware through mobile apps and SMS text messages.
If you happened to click links from unknown email senders or from an SMS message, you might actually end up downloading malware.
Many sources suggest that one of the most common sources of malware on mobiles is spread by manually downloading software that claims to be a video player from websites other than Google Play and Apple’s App Store.
How to protect against malware, ransomware, spyware and mobile malware:
- Since a number of operations performed by crypto-ransomware require admin privileges, always keep the user account control settings(UAC) enabled. This can help you prevent unauthorized changes to your computer. UAC triggers notifications about certain changes that are made to your computer that require administrator-level permissions.
- Ensure to schedule regular backups of your data. Store all your data on cloud or use an external hard drive. Check for all network shares and backup locations. Ensure to allow access or change permissions only by the administrator (and/or the backup service provider).
- According to CERT many ransomware infections begin with a “.scr” file that is attached as part of a “.zip” or “.cab” email attachment. It is advisable to block “.scr” files at the email gateway and establish control policies for certain applications and device.
- Implement group policies at computer, domain and domain control levels. These policies can block attackers from installing malware in their favorite directories.Although implementing and managing group policies can be cumbersome at times, this is a necessary step towards proactively preventing any ransomware or spyware attacks.
- Ultimately be cautious while surfing the internet and avoid suspicious websites, suspicious SMSes and software download options. Remember to install and maintain an updated antivirus program.
As one of the most common cybercrime techniques, phishing is an act of sending an email to a user in an attempt to steal private information from them by falsely claiming to be from a well-known, legitimate enterprise. Phishing email directs the user to visit a bogus website and update personal information such as username, password, or credit card details.
In February 2016, Snapchat, a social networking platform of more than 200 million users, was the target of a phishing attack where the payroll information of its employees was revealed.
Typical forms of phishing emails include:
- · Emails that pretend to be from known and popular banks or other payment transaction platforms.
- ·Emails that carry links to offer “free” gifts, goods, or services.
- ·Work-at-home and other business or investment opportunity emails.
Typical signs of phishing websites include:
- Suspicious web addresses and misspelled websites of a popular company.
- Use of “http” in the websites URL instead of “https” (which is used in the URLs of the genuine website).
- Websites where the pop-up window appears immediately once the user reaches the suspicious website. These pop-up windows tend to record your username, password and other account information.
Below are five tips to protect against phishing attacks:
- · Do not click on the links in emails from unknown senders.
- · Type addresses directly into the browser or use the personal bookmarks.
- · Check the website’s security certificate (SSL) before you enter personal or financial information into a website.
- · Refrain from entering any personal or financial information in unknown pop-up windows.
- · Ensure that the computer OS ,browser and other critical software (such as anti-virus protection software) are updated with the latest security patches.
- · Include advanced sand boxing capabilities in your IT security solution to detect malware in phishing emails.
3. Denial of service (DoS) and distributed denial of service attacks (DDoS):
DoS and DDoS attacks take advantage of the vulnerabilities in the application protocols and communication protocols. According to a recent CSO article, Australian targets are increasingly hit by shorter, more intense DoS and DDoS attacks and these attacks are, on an average, the largest in the Asia Pacific region.
Unlike other cyber attacks, DoS and DDoS assaults do not attempt to steal sensitive data. These attacks are instead used as a means to render the network, websites, and other online resources unavailable to users. DoS and DDoS attackers are capable of affecting the complete network and server infrastructure of an enterprise.
In DoS attacks, attackers use a single internet connection to exploit software vulnerabilities. They flood the target systems with fake requests to exhaust the server resources such as the RAM and CPU.
In the case of DDoS attacks, attackers tend to flood the systems with multiple requests from multiple connected devices distributed across the network. DDoS assaults tend to target large enterprises and flood their network with huge volumes of traffic. DDoS attacks are generally more devastating and difficult to tackle due to the sheer volume of devices involved.
How to protect against DoS and DDoS attacks:
- ·Since attackers can flood the enterprise with more data, periodically validate your network’s security performance. This is a critical step to ensure that your network solutions will hold up during the attacks.
- ·Deploy intrusion detection/prevention tools to shield from unpatched vulnerabilities.
- Use file integrity monitoring and log inspection tools to improve your situational awareness of unusual network behavior.
4. IoT-based botnets
As technology becomes more accessible, internet of things (IoT)-based bots have become the latest tools for cyber criminals. Various sources predict that by 2017, Chinese and Eastern European hackers are likely to control millions of devices and create a botnet army of these IoT-connected devices. This botnet army can be used for carrying out nefarious activities planned by the hackers.
A conventional botnet is made up of computers that are remotely accessed by the hackers without the owners’ knowledge.An IoT botnet on the other hand (internet of things botnet) is a group of hacked devices, that include computers, smart appliances, and internet-connected devices, co-opted for illicitly transferring data from the victim’s devices.
How to protect against IoT botnets:
- Update your computer’s antivirus software.
- Ensure that Microsoft Windows and certain main programs (MsOffice, Adobe products) on your devices have the latest version updates.
- Configure your software settings to automatically update the security settings on your browser.
- Never click on attachments from an unverified source.
- Install a good firewall analyzer to block the network ports used by botnet controllers.
- Install aggressive identification ,monitoring tools and devices. Preferably install a robust identity management system and validate account credentials at appropriate intervals.
At the end of the day, there is no straightforward or easy way out to prevent cybercrime. All you can do is practice and implement certain robust PC and device security measures, keep up your firewall guard, and have a close eye on the network traffic logs for any unusual activity. Ultimately, the cybercrimes of the past have taught us that investing before a breach is far less expensive than recovering from one.
In case you are wondering why I haven’t spoken about advanced persistent threats (APT), don’t worry! Watch out for our upcoming blog series and white papers on APTs. Until then, stay safe.