Posts tagged with "cybercriminals"

illustration by Samantha Miduri for use by 360 Magazine

Ransomware: Piracy on the IPs

By: Casey Allen with Concentric 

Where there is commerce, thar be pirates! The techniques, tactics, and procedures of modern-day pirates have expanded significantly since the Lukkan buccaneers first raided Cyprus back in the 14th century. The practice of maritime piracy is still alive and well, but as technology has advanced from bronze to blockchain the booty of choice for 21st-century corsairs has evolved from gold to Bitcoin. Data has become the world’s most valuable commodity, and the submarine communications cables that form the backbone of the internet are the shipping lanes for trillions of dollars worth of global commerce. With so much at stake, it should come as no surprise that cybercriminals continue to raise the Jolly Roger in digital form. 

Ransom has been a staple of the pirate’s playbook since Teuta, the Pirate Queen of Illyria, captured the Epirus capital city of Phoenice in 231 BCE. Queen Teuta was successful in holding the city hostage long enough to force the Epirotes into paying her a ransom to release their citizens and vacate its borders. The extent of Queen Teuta’s means, the sophistication of her organization, and the insatiability of her greed made her an “Advanced Persistent Threat” (APT) to victims all over the Mediterranean. As cybercriminals have become more sophisticated and organized, they too have become APTs, with their reach extending the entire breadth and depth of our information superhighways. 

Ransomware is a specific type of malware that infects information systems with the goal of making them inaccessible until a ransom is paid in exchange for restoring the victim’s access. Such a disruption can be crippling for an organization, often leaving leadership with no other choice but to submit to the ransomer’s demands in order to resume normal operations as quickly as possible. Information security professionals and government agencies agree that paying these ransoms is incentivizing future attacks, and should only be done as a last resort. However, without adequate alternatives, the average cost of downtime remains 24 times higher than the average ransom amount, resulting in ransom payment being considered the most expedient and cost-effective solution for the victim. 

The U.S. Department of Treasury announced in October of 2020 that companies facilitating payments on behalf of ransomware victims may be in violation of federal law if the cybercriminals are on a list of sanctioned entities identified by OFAC (Office of Foreign Assets Control). Several states have followed suit and begun drafting legislation that would criminalize paying these kinds of ransoms. There is significant debate in the security community as to whether or not this outright ban on paying ransoms would cause more harm than good. Banning ransom payments would almost certainly result in the creation of another black market to facilitate these transactions and discourage victims from reporting ransomware incidents to the authorities. A similar position was taken by the USG in response to hostage ransom payments by families. Ultimately, however, punishing the victim was determined to be an ineffective—and unethical—deterrent, nor did we see ripples of that preclusion within the international hostage-taking market. The Treasury Department’s recent involvement in cyber extortion response, specifically their success in returning $2.3M of the $4.4M ransom paid for the Colonial Pipeline extortion event, is a significant demonstration of the benefit of including the USG in extortion response efforts. 

The scale and sophistication of ransomware attacks have been steadily increasing since Joseph Popp—widely credited as the father of digital ransom—first attempted to extort victims of the PC Cyborg Trojan he authored nearly 30 years ago. Once a system had been infected, Popp’s malware asked victims to send $189 to a post office box in Panama in exchange for a repair tool. By comparison, the largest single payout for ransomware to date was made in May of 2021 by CNA Financial in the amount of $40M worth of Bitcoin. 

The final step in any sales funnel is always the completion of a financial transaction. One of the major enabling factors for the profitability of cybercrime has been the proliferation of cryptocurrency. $40M worth of pirate booty would weigh around 1,370 pounds in the form of gold, or just over 880 pounds in the form of $100 bills. Bitcoin, on the other hand, weighs absolutely nothing. Not only is cryptocurrency easy to store and move around, but it’s also hard to track and easy to launder. While this is advantageous for the attackers it can present additional challenges for their victims. 

Many organizations that fall victim to ransomware don’t have the liquidity to pay such ransoms, let alone cryptocurrency assets on their balance sheets. Ransomware attacks typically involve a ticking clock intended to create a sense of urgency in victims. The time factor compounds victims’ panic by threatening to delete their data permanently if the ransom isn’t paid by a certain deadline. For organizations who don’t have any backups of their data, this could be the iceberg in their hull that sinks them for good. For organizations who have the means and foresight to maintain robust backups, attackers will often threaten to publish their sensitive data and invaluable intellectual property if their ransom demands aren’t met; this trend is called “double extortion”. For victims scrambling to make ransom payments, getting their hands on enough cryptocurrency can be a challenge. Cash is still king in terms of liquidity. Even Bitcoin—easily the most liquid of all cryptocurrencies—isn’t anywhere close to fiat currencies in terms of its liquidity. The popularity of Bitcoin has led to dramatic increases in the volume of transactions, which can lead to significant delays in conversions and transactions. When evaluating the risk ransomware poses to your organization it is critical to consider these secondary and tertiary risks beyond the inability to access your data. 

If your organization maintains digital assets of any significant value, the possibility of falling victim to a ransomware attack should be high on the heatmap of your risk assessment. However, there are steps individuals and corporations can take to ensure that an extortion-level event does not become an extinction-level event. So, what can you do to not be a victim of piracy on the IPs? 

  1. Prepare. Conduct a business impact assessment to understand the impact a cyber extortion event could have on your organization. This should include a financial analysis for potential ransom responses and techniques for ransom payment, if necessary. Develop a robust incident response plan and conduct table-top exercises on a regular cadence to build muscle memory, test its efficacy, and identify gaps. 
  2. Prevent. Use a password manager and long, strong, unique passwords in conjunction with multi-factor authentication wherever possible. Keep systems up-to-date to limit vulnerabilities and restrict access to information systems according to the principle of least privilege. Educate your workforce with engaging security awareness training, especially with respect to identifying and reporting phishing emails.
  3. Partner. Experts in the cyber crisis field can assist you prior to and during these extortion events. All too often ransomware victims wait to reach out until after the breach has occurred. For best results, it is highly recommended to establish a relationship with a trusted partner prior to an incident occurring to enable efficient and effective solutions. 
Graph via BeyondTrust.com for Atlas VPN for use by 360 Magazine

In 2020 Number of Vulnerabilities in Microsoft Products Exceeded 1,000 for the First Time

Microsoft products are used by billions of people worldwide. Historically, however, they are known to have many vulnerabilities that pose security risks to users of the software.

According to data presented by the Atlas VPN team, the total number of vulnerabilities in Microsoft products reached 1,268 in 2020—an increase of 181% in five years. Windows was the most vulnerability-ridden Microsoft product. It had a total of 907 issues, of which 132 were critical. However, Windows Server had the largest number of critical issues. In 2020, 902 vulnerabilities were detected in Windows Server, of which 138 were critical.

Issues were also found in other Microsoft products, such as Microsoft Edge and Internet Explorer. Together, these browsers had 92 vulnerabilities in 2020. In total, 61 or even 66% of these vulnerabilities were of critical level. Meanwhile, Microsoft Office had 79 vulnerabilities, 5 of which were critical. 

Ruth Cizynski, the cybersecurity researcher and author at Atlas VPN, shares her thoughts on the situation :

 “These numbers are a massive problem because every Microsoft product has millions of users. Therefore, it is important that consumers update their software applications on time. Software updates can include security patches that can fix vulnerabilities and save users from getting hacked.”

Elevation of privilege is the most common Microsoft vulnerability

A wide range of vulnerabilities was discovered in various Microsoft products last year.  However, some types of vulnerabilities were more common than others. Elevation of privilege was the most frequently detected issue in Microsoft products. It was discovered 559 times and made up 44% of all Microsoft vulnerabilities in 2020.

Next up is remote code execution. In total, 345 such vulnerabilities were found last year, putting it in second place on the list. Remote code execution accounted for 27% of the total number of Microsoft vulnerabilities in 2020.

Information disclosure occupies the third spot on the list. There were 179 such issues discovered in 2020. Together, they made up 14% of all Microsoft vulnerabilities that year.

To learn more, click HERE.

Graph via Sophos for Atlas VPN for use by 360 Magazine

India, Austria, and US Most Hit with Ransomware

Ransomware attacks are one of the leading cyber threats that organizations have to face.

According to the data presented by the Atlas VPN team, organizations in India, Austria, and the United States are among the most hit with ransomware attacks. To compare, more than 50% of companies in the mentioned countries experienced such attacks in the past year, while the global average is 37%.

Out of 300 interviewees from India, 68% suffered from a ransomware attack. At the same time, 57 out of 100 respondents from Austria experienced a ransomware attack in the last year. Next up, in the United States, 51% of participants, out of 500 questioned, reported that they were hit with a ransomware attack.

Retail and Education Sectors Suffer the Most Ransomware Attacks

Some organizations in specific sectors are more susceptible to hacker attacks due to their lower security levels or valuable data. However, cybercriminals do not shy away from attacking even the biggest companies or government administrations.

Out of 435 respondents in the retail industry, 44% were hit with a ransomware attack last year. Hackers strike retailers when it could hurt them the most, for example, on Black Friday or Christmas seasons.

Retailers share first place with education organizations—out of 499 education interviewees 44% experienced such malicious attacks. Cybercriminals usually deploy ransomware attacks at the start of a school year to cause maximum disruption.

The business and professional services industry suffered the third most ransomware attacks, with a total of 42% out of 361 respondents stating they experienced a ransomware attack in the past year. Companies in this industry are usually smaller with less staff, meaning they might not have a dedicated person to ensure security. Out of 117 participants in the Central government and non-departmental public body (NDPB) sector, 40% reported being attacked with ransomware in the last year.

Conclusion

Cybersecurity writer and researcher at Atlas VPN Anton Petrov shares his advice on how to protect your organization against ransomware attacks.

“Prepare a plan in case you… get hacked. Always have a backup of your data so you don’t have to pay a ransom. Investing in cybersecurity will cost you less than having to deal with the aftermath of a ransomware attack.”

Like with everything else, there’s a way to protect your data in order to make sure hackers don’t get to it and cause serious financial damage.

Computer illustration by Heather Skovlund for 360 Magazine

Your Online Privacy Is in Your Hands

Many Internet users don’t take online privacy seriously because they believe that they have nothing to hide. Even if you don’t want to secure your data from the curious eyes of big brother, you should be aware of other privacy threats on the Internet.

  • Other states: Even if you trust your own government, do you trust other states? Many foreign governments take a keen interest in the online activities of other citizens.
  • Marketers: Advertisers and other businesses use many methods to track your Internet activity to build an online profile that they can sell to other organizations.
  • Acquaintances: Many people who are curious about you will consume your publicly available data that’s of a private nature.
  • Stalkers: Ex-partners, jealous lovers, stalkers, or predators can use malicious software to breach your privacy. Some stalkerware can take your pictures and record your videos through webcams when you’re not aware. Stalkerware can also monitor your physical movements through the GPS on your laptop.

Share Your Data Sensibly

It’s a good idea to take basic security precautions on social media. Accept friend requests carefully. Verify suspicious-looking profiles to ensure that they’re legitimate. Limit posts that carry sensitive information to your friends and avoid sharing confidential information publicly.

When downloading apps, avoid handing out permissions needlessly. For example, does your fitness app really need access to your contacts, camera, and videos?

Of course, set strong passwords for all your social media accounts to keep hackers at bay. A good password should be at least 12 characters long and feature upper case letters, lower case letters, numbers, and symbols.

Avoid Suspicious Websites and Emails

Avoid visiting unknown websites and clicking strange emails and files. Cybercriminals can infect fraudulent websites, emails, and files with malware like adware or spyware that’s designed to breach your privacy, security, or both.

Stay Wary of Strangers

Trust your instincts and be cautious. Avoid friend requests from people you don’t trust. Likewise, please don’t click on links from such people as they may be Trojan horse attacks engineered to install stalkerware on your devices. Similarly, don’t accept tech gifts from strangers. For example, a USB drive or keyboard could be a keylogger that records your keystrokes, allowing a cybercriminal to read your emails or learn your login credentials.

Find a Good VPN Service

Protect your network with a firewall and a top-of-the-line VPN service. For example, Malwarebytes VPN protection will encrypt your data with its technologically advanced software and even mask your IP address.

Without your IP address, states, threat actors find it exceptionally challenging to track you to your location across the Internet. There are other advantages to subscribing to an excellent VPN service too. For one, you can bypass geo-blocks and consume entertainment from different parts of the world. For example, a VPN can allow you to watch Netflix USA while in Canada! But please steer clear of free VPNs as they’re slow, carry spyware, and may even spy on you.

In addition to network security tools, use advanced antivirus software to protect yourself from malware like viruses, worms, spyware, adware, ransomware, and even dangerous stalkerware. With the right cybersecurity software and some vigilance, you can surf the Internet all day stress-free.

Focusing on People & Data to Distract Hackers

We live in times when it’s become easier than ever for hackers to breach an organization through social engineering. Breaches are primarily caused by phishing attacks, representing a huge security problem for businesses.

But why is this type of cybercriminal so widely represented in the statistics? What is it that makes it so easy and so profitable for hackers? We might not like the answers. The ever-increasing connectivity and focus on people and data is leaving us vulnerable to malicious attacks. To protect your business, you need to start thinking like a hacker. Let’s take a look at how they infiltrate big business and what can be done about it.

How Social Engineering Works

Since social engineering relies on personal information hackers can find online, it’s pretty difficult to counter. Before; that required some digging on the hacker’s part – now all it takes is a data-matching service like Spokeo and PeekYou, and they get all the information they might need and more. Cross-matching public records is one thing, but employees also freely share a lot of information on social media. This personal info is then used to target employees within a company with malicious emails, by posing as a trusted individual. From there, all a hacker needs to do is convince an employee to click on a malicious link or perform a wire transfer.

Are Individual Threats the Same as Company Threats?

As we can see, cybercriminals can efficiently use your social media information to reach their desired target within your company. Does that mean company executives should stop using social media altogether, or ban their employees from sharing any work-related information?

The short answer is yes. The long answer, if not “yes,” is that there should be strict policies in place about the use of social networks and what can and can’t be shared. For example, if a company executive posts about being on a business trip, hackers take that as a signal to try and perform BEC. Anything an employee posts about work projects or people they spend time with inthe office can help cybercriminals construct an elaborate and believable social engineering scam. It is why every employee must assume the whole world is watching them when they want to post anything work-related on social media.

The frequency of Social Engineering and Phishing

It’s no accident that social engineering and phishing attacks are responsible for 95 percent of data breaches. They exploit what will always be the weak link in any company’s security chain – the people who work there. Relying on traditional protective measures such as firewall, antivirus, anti-spoofing techniques, etc. cannot stop all of these attacks. Education is vital for prevention, but with these scams getting more elaborate and difficult to spot, it doesn’t ensure safety.

What Can Protect Your Business?

Wouldn’t it be wonderful if you didn’t have to worry about phishing? Good news, the worrying stops today. It seems challenging to prevent phish, but Area 1 Security offers an Anti-Phishing Service that finds and eliminates phish through a combination of web crawling and small pattern analytics. With Area 1 Horizon, your business will be safe, and you won’t be adding to the pool of $5.3 billion in losses due to phishing attacks last year.

With the ever-increasing focus on people and data, businesses are leaving themselves wide open to hackers. In those circumstances, there are two options – limiting the information hackers can get about you through social media, or investing in preemptive and comprehensive phishing protection. At Area 1 Security, we stop phishing for good.