You probably know that cyberattacks are on the rise, and that they’re getting more sophisticated all the time. At nearly $1 trillion in earnings a year, the cybercrime business is now at record proportions.

As more of your business information is digitized, cybersecurity should be a key component of your overall business security. It’s the only way you can ensure that your data is protected from unauthorized access.

Hackers usually go after confidential data like bank account info, credit card accounts, and social security numbers. If your small business is breached, it will be costly. When the confidential data of your customers is exposed, they’ll just take their business to your competitors. In many cases, this type of damage to your reputation is irreparable.

To stay one step ahead of the hackers, you and your employees must be educated about the different kinds of cyber threats, how to recognize them, and what to do to block them.

Key Cyber Threat Concepts You Need To Understand

Hacker (Black Hat): A black hat is a person who looks for computer security vulnerabilities and exploits them for personal financial gain or other malicious reasons. This differs from “white hats”, who are security specialists that are employed to find security flaws that black hats may exploit.

Attack Vector: This is where hackers gain unauthorized access to a device or a network for nefarious purposes. Attack vectors help hackers exploit the vulnerabilities in your system or network, including your employees.

Ransomware: This is a malware program that infects, locks or takes control of a system and then demands a ransom to reverse it. The hacker encrypts your data and scrambles it so you can’t access it. Ransomware attacks and infects your computer with the intention to extort money from you. It’s installed via a malicious email attachment, an infected software download, and/or when you visit a malicious website or link.

Phishing: Phishing websites lure email recipients and Web users into believing that a spoofed website is legitimate. The hacker’s goal is to acquire private data, such as credit card numbers, personal information, account usernames, and passwords. The phishing victim then discovers that his personal identity and other vital information was stolen and exposed.

Spear Phishing: This is a variation on phishing where hackers send emails to specific, high-value targets, like CEOs. The spear-phishing email appears to come from a trusted source but in reality, helps hackers obtain classified information.

Worm: This is a type of malicious software (malware) that worms its way through your network. It infects your computer and replicates across other computers, leaving copies of itself in the memory of each it infects. Worms often originate from e-mail attachments that appear to be from trusted senders. Then they spread to your contacts via your e-mail account and address book.

Who Are These Cyber Hackers?

Organized Crime (Like “Tony Soprano”): 80% of hackers are affiliated with organized crime. Hacking is a lucrative business for criminals.

Nation States (Russia, North Korea, China, etc.): Nation-state hackers target government institutions, industrial facilities, and businesses in order to interrupt operations and leak confidential information. Hacking can result in massive data and revenue loss.

Hacktivists (Anonymous and Shadow Brokers): Hacktivism is the act of hacking or breaking into a computer system for a politically or socially motivated purpose. Hacktivists organize on the deep/dark web to set up attacks.

Lone Wolves (Intelligent, Financially Driven, Unscrupulous): The majority of people hacking are just individuals who aren’t connected to a hacking network other than chat rooms and online forums.

Malicious Insiders (Disgruntled Employees or Contractors): This is an insider with authorized system access. They have an advantage over external attackers because they have the authority to access your IT and are probably familiar with your network architecture and system policies/procedures. Most organizations focus on external threats and don’t adequately protect their confidential data from insiders.

Hackers Get Into Your Network Via Attack Vectors

An attack vector is a technique by which unauthorized access can be gained to your computing devices or network by hackers. It’s used to assault or exploit your network, computer or device. Attack vectors help unauthorized parties to exploit the vulnerabilities in a system or network, including human elements.

Cyber Attack Vectors You Should Watch Out For

Physical (theft, malicious USB drives, unsecured workstations): Hackers with physical access to servers may extract sensitive data while it’s in use and bypass traditional in-transit and at-rest controls. The can also simply remove a memory card from the server and read its contents on another computer.

Endpoints (remote attacks on vulnerable workstations): Hackers get into computers by convincing employees to click on malicious e-mail attachments, web links, and drive-by downloads.

Mobile Devices: Exploitation of iOS and Android systems. Bluetooth is one of the main security gaps by which hackers get into your phone.

The Cloud: Cloud services like Azure and AWS have become mission-critical for many organizations. Organizations’ administrative credentials for cloud services are of high value to hackers. Attacking an organization’s cloud administrator’s account and leveraging those credentials can lead to greater data exfiltration. This can put your entire organization at risk.

IoT: Internet of Things devices such as security cameras connected to the Internet are vulnerable to hackers. IoT hacking has been extremely successful, resulting in Distributed Denial of Service attacks that cripple infrastructures, systems, and business operations.

Human Attack Vectors: Humans are involved in nearly 100% of all attacks. Negligent employees are the number-one cause of data breaches in small and medium-sized businesses. Careless workers and poor passwords have led to a rise in ransomware attacks and other breaches at small businesses, which cost an average of $1 million per instance.

A cyber kill chain describes what a complex attack looks like in a step-by-step fashion. It shows exactly how malware or a cyberattack makes its way into a system to do damage and accomplish the goals of hackers.

This model of a cyber kill chain is based on a template from the defense company Lockheed Martin. It describes what happens in 7 steps:

Malicious Emails

Email is the easiest method of delivery in the kill chain. Hackers who use this approach cast a very wide net. Humans are involved in almost all malicious email initiations. Learning to identify fraudulent email is essential for every employee, technical or not.

  • Be Suspicious of Unsolicited Messages.
    If an unknown person claims to be from a legitimate organization, you should verify their identity before answering the email.
  • Always Verify Email Requests
    If one of your employees receives a suspicious email, he or she should try to verify it by directly contacting the company from where the email was sent.
  • Don’t Provide Personal or Corporate Information
    Never reveal personal or financial information in an email, and don’t follow links sent in emails.
  • Don’t Send Sensitive Information Over the Internet
    In general, this information should not be sent via email or over the Internet.
  • Pay Attention to URLs
    Malicious websites may look identical to legitimate ones, but the URL may include a slight variation in spelling or use a different domain. This could signal a phishing attempt.

Watch Out for Spoofed URLs.

Always ensure the following to stay safe:

  • Look Before You Click. Hover over any links and investigate them before you click.
  • Check for Subtle Tricks. Scammers will use slightly misspelled variations of well-known sites to trick you into simply skimming the URL and clicking.
  • Be Wary of Shortened URLs. For example http://www.ksl.com Today, legitimate sites always begin with https. The “s” indicates the site has been certified as secure.

Beware of Worm-Based Exploits

As mentioned earlier, these are self-replicating attacks that spread without human interaction once the first machine is infected on a network. Before the widespread use of networks, computer worms were spread through infected storage media like floppy disks. Today these physical attacks are replaced by virtual ones!

The good news is that worms often use legacy vulnerabilities and can be remedied with active patching and proper endpoint protection. It’s much easier to have your IT provider patch your healthy IT system than it is to bring them in for a messy cleanup!

WannaCry – The Ransomware That Came with a Worm.

WannaCry encrypted target data by changing the extensions to wnry, .wcry, .wncry and .wncrypt. The ransomware then spread rapidly, like a worm, exploiting a Windows vulnerability in the Windows Server Message Block (SMB) service which Windows computers use to share files and printers across local networks.

What To Do If You Experience an Infection/Breach

  1. Immediately STOP what you’re doing and disconnect any potentially infected/breached devices from ALL networks.
  2. Change your passwords on any potentially breached accounts.
  3. Call a Cybersecurity Professional to begin forensic and remediation of the issue. Don’t destroy any data information or evidence.
  4. Call your Cybersecurity Attorney.
  5. Call your Cybersecurity Insurance Broker.
  6. Schedule a conference call with all the above parties to determine the best course of action and next steps.

In Review – Always Follow These Best Cybersecurity Practices:

  • Hover over addresses in emails and on web pages. Inspect the actual URL.
  • Utilize all physical security measures that are reasonable:
    • Lock computer screens when walking away.
    • Enable workstation auto-lock settings.
    • Don’t let unauthorized personnel use your PCs.
    • If passwords are written down, lock them up!
  • Know your source.
    • Go straight to FedEx’s website to retrieve an invoice rather than clicking on links.
    • scamsit.com is not the same as udot.com.
    • Don’t plug USB devices into your computer that you don’t recognize.
  • Ensure all systems are patched and up to date to protect against malicious codes.
    • The best systems recognize brand-new malicious code based on its behavior.

Don’t Take Chances – Protect Your Data and Your Business.

Contact your IT Managed Service Provider for the following:

  • Penetration Testing and Threat Assessments
  • A Unified Threat Management Security Solution
  • A Commercial Grade Firewall
  • Spam Filtering
  • Content Filtering
  • To lock down the use of 3rd party applications
  • Force the use of passwords that are difficult to guess
  • Back up entire system images properly
  • Conduct ongoing Security Awareness Training for your employees
  • Implement Acceptable Use Policies
  • Lock down the ability for employees to use their personal PCs and mobile devices

For more information about hackers, today’s exploits and cybersecurity for your business, call the experts at Nexus IT Consultants at (801) 839-7006 or (435) 659-2533. Or, complete our web form at https://www.nexusitc.net/contact-us/

Published By : Earl Foote   On: 17th March, 2018