Now Hiring: Are you a driven and motivated 1st Line IT Support Engineer?

Cyber Security Issues faced by Companies in 2021

Cyber Security Issues faced by Companies in 2021

As the pandemic struck the world by surprise, many, if not all, organisations were forced to make a rather quick transition to digital remote operations. While many came forward with the benefits of remote working and digitizing daily operations, hackers see it as a golden opportunity to exploit vulnerabilities aroused from this transition. 

pasted image 0

Cyberattacks before and during pandemic 

The sharp increase in digital attacks made many organisations realise that security should not be considered as an “add-on” in a budget but rather as a necessary cost that companies need to bear to avoid a greater calamity as around 62% companies in Malaysia alone  are encountering cybersecurity challenges since the pandemic began. Since the beginning of COVID-19, the FBI has reported that cybersecurity complaints have experienced a fourfold rise and losses stirred by cybercrimes amounted to $1 trillion in 2020 . As the saying goes: “Prevention is better than cure”, and many companies have learnt the lesson the hard way ever since COVID-19 raged.

 Recent Security Challenges

Social Engineering attacks

The main form of social engineering attacks used in 2020 was phishing. The latter encompasses phishing emails, scareware, quid pro quo, among others. By definition, phishing is a digital attack which tricks individuals into believing that the malicious email sent by the attacker is an email of utmost importance such as an email from the bank or from the company the individual works in.  One of the most used phishing scams is deceptive phishing whereby external bodies impersonate the actual company and trick clients into giving in their credentials and any other personal details. In 2020, cyber criminals landed around $ 2.3 million from a school located in Texas by forging an email from WHO . This depicts how negligence and ignorance from the employee’s end can cost a hefty amount and cripple the organisation as a whole.

The most common techniques used in deceptive phishing are:

Incorporation of legitimate URLs

In this method, the attacker will try to avoid being detected by email filters by including legitimate links in their phishing emails. This could be done by providing genuine contact details.

– Combining malicious and benign codes

In the case of phishing landing pages, the attacker will combine malicious and benign commands so as to escape detection from Exchange Online Protection (EOP). To implement this, the hacker can reproduce the CSS and JavaScript of a renowned IT company’s login page in order to bag the credentials of customers. From there, the attacker can usurp the money of the client, or this may even lead to identity theft.

– Forwarded and shortened link

To avoid detection, hackers try to create their phishing emails in such a way that they are not discovered by the Secure Email Gateways (SEGs). This can be done by using shortened URLs which will redirect the employee/client to a genuine web page.

– Minimal email content

To avoid raising any red flags, an attacker will attempt to include the least amount of content in the email. The latter can be implemented by replacing text content with that of an image.

  How to prevent phishing?

Since the world has shifted to remote working, it is important that workers secure their personal network and devices first so that hackers do not use them as a pathway to gain access to the company’s confidential information or network. Here are simple steps that one can take on an individual level to protect himself/herself from phishing attacks:

– Verify the spelling of URLs in emails before clicking on it or keying in confidential information

– Look out for URLs which forwards to a distinct web page with identical layout

– If an email has been received from a known source but it appears dubious, contact that source with a new email

– Avoid posting personal information such as birthdays, addresses, email contacts or even photos of work setup/desktop on social media. Hackers may get a whiff about the work operations of the employee, the type of device and operating software used.

If an employee is part of the IT Department in a company, he/she can implement the following ways to decrease phishing attack scopes within the organisation:

– “Sandboxing” inbound email, verifying the safety of each link a user click

– Examining and analysing web traffic

– Implement penetration testing to find vulnerabilities that an attacker can exploit. Use the results to brief and educate employees about security shortcomings that the organisation has and the necessary precautions that needs to be taken.  

Ransomware 

Ransom fees have experienced a continuous rise of 43% in the last quarters of 2020 to an average of US$200,000. This attack does not just demand a hefty fee from the victim but it also compromises its security whereby the targeted company needs to pay a fee for the security breach. Recent ransomware attacks have been accompanied with extraction of company data and release of these sensitive information unless further payments are made. Some organisations had to grow through this ordeal in the first four months of 2021 whereby three-quarters of ransomware attacks were tied to such insidious threats. One of the recent cases is of CAN Financial who had to pay US$ 40 million in late March. The cyber criminals’ goals were not financial gains but they had an ulterior motive, that of obtaining access to CNA’s client database to threaten the organisation as well as listing customers who bought cyber insurance with a ransomware payment rider in order to find the most lucrative victims.

 How Ransomware works?

There are a plethora of ways as to how ransomware can gain access to a device. The most conventional way is phishing spam. On a more tenacious side, exploit like NotPeya is used to infect devices without having to trick or manipulate users. After the malware has successfully affected the targeted device, all files and data will be encrypted and they cannot be decrypted without the mathematical key that only the attacker has in his possession. The victim is informed that his/her files are inaccessible and in order to decrypt them he/she has to send a Bitcoin payment to the attacker. Malwares can also take up the form of enforcement agency whereby the victim’s device is shut down due to the detection of pornography or pirated software. The attacker proceeds to demand a “fine” which will make it less likely for the victim to report the attack to local authorities.   

Another variation of ransomware is leakware or doxware whereby the attacker threatens the victim to leak confidential data unless a fee is paid. In all, encryption ransomware is the most common type of ransomware attack used since extracting and obtaining such information can be tricky for attackers.  

How to prevent Ransomware attacks?

Below are preventative measures that one can implement in order to deter ransomware attacks:

– Verify that operating systems are updated and patched. That way, the attacker will have lesser vulnerabilities to exploit.

– Avoid installing software or provide admin privileges unless the user knows precisely what tasks it performs and what it is.

– Install antivirus software which will identify and alert the user about any malicious programs and whitelisting software which deters unauthorised applications from executing.

– Ensures backups are done frequently. It is better to automate the backups in case a user forgets to back up his/her files manually. It is to be noted that this solution will not prevent the attack but will mitigate the damage caused from the ransomware.  

Distributed Denial of Service Attack (DDoS attack)

An increasing dependency on digital services during COVID-19 opened pathways to the prying eyes of attackers. Consequently, this led to a spike in digital traffic whereby attackers can use this opportunity to launch a DDoS attack. In metaphor, DDoS is like an unforeseen traffic congesting the highway preventing regular traffic from reaching their destination. Typical targets of DDoS comprise of  online shopping websites, online casinos or any organisations offering online services. The usual targets of DDoS attacks are end points (mobile phones, servers, etc.), social media accounts, ISP/Cloud Providers and operational technology.

There are some red flags that a user/organisation needs to watch out for which points towards a DDoS attack:

– Clients report about slow or inaccessible service

– Workers who use the same connection experience the same problem with speed

– Several requests come from a particular address over a short lapse of time

– A 503 service error is received when no maintenance is being done

– Logs showcases an unusually high spike in traffic

For a coordinated DDoS attack, attackers make use of already compromised devices by hacking or malware. Hence, any machine could be involved in a criminal activity within an organisation oblivious to the owner. As highlighted above, the cause of slow service or high traffic foretells DDoS attacks but based on these only cannot help a user detect the threat. This is because nowadays, cyber criminals make use of AI (Artificial Intelligence) to carry out DDoS attacks. One example is that of the TaskRabbit app whereby attackers managed to steal the data of 3.75 million users and 141 million users experienced application’s downtime.  

  Types of DDoS attacks

There are mainly two types of DDoS attacks:

  1.     Bombardment (volumetric)

This attack strategy is implemented using coordinated machines. The sheer volume of traffic is used to overwhelm the systems. The traffic aims on Layer 3 of the OSI model. The volumetric attack can last over a long period of time or can even last as short as a minute or few seconds (burst attack). Despite being very swift, burst attacks are dangerous and harmful. With the heightening popularity of IoT-based devices, it is now possible to create further volumetric traffic compared to prior times. Therefore, attackers can generate a greater volume of traffic in a short span of time. This type of attack is beneficial for the attacker as it is not easily traceable.

  1.     Technological infection

This strategy involves the manipulation of applications. In this case, attackers target Layer 7 of the OSI Model. IoT devices can be used to send traffic to the targeted machine. Layer 7 can also deactivate web and cloud applications on a large scale. Layer 7 DDoS attacks are more widespread nowadays and it mainly targets cloud-based devices. Since some organisations are shifting towards a more cloud-based approach, attackers are also changing their targets and coming up with new ways to exploit cloud-based resources.  

 How to mitigate a DDoS attack?

There are 4 steps to mitigate a DDoS attack:

  1. Detection: The user must be able to identify whether he/she is the target of a possible DDoS attack, that is, must be able to differentiate between normal and an abnormally high volume of traffic.
  2. Diversion: Afterwards, the user needs to divert the traffic so that it does not affect important resources. This can be done by sending the DDoS traffic into a scrubbing centre or any other resource which acts as a sinkhole. This process should be oblivious to others so that workers and clients do not need to alter their behavior to adapt to the slow response time.
  3. Filtering: A transparent filtering process aids to cut out unwanted traffic. This can be achieved by installing efficient rules on network devices to remove the DDoS traffic.
  4. Analysis: Knowing where the attack originated is fundamental as this can aid to come up with rules to proactively safeguard against upcoming attacks.  

Cloud Computing Vulnerabilities

 Many organisations have shifted to cloud computing because of enhanced security but it does not make it impenetrable. As security methods evolve likewise, attack strategies evolve too. The pandemic has increased cloud users to up to 50%. In 2020, a 7.5 million external DDoS cloud attack was performed in Q2 on cloud accounts. Cyber criminals scan for cloud servers without any passwords, exploit systems which have not been patched and perform brute force attacks to gain access to user accounts. Some try to plant ransomware or steal confidential data, while some use cloud systems for cyptojacking or organised DDoS attacks.

There are 5 cloud vulnerabilities that are on the rise during 2021 and they are listed below:

  1. Account Hijacking

It is commonly known as session riding. This involves the stealing of account usernames and passwords from users. There are multiple ways whereby an attacker can obtain user credentials such as phishing, brute force attacks (guessing passwords with the help of a software), keyloggers (a program that records the keystrokes of the user and proceeds to send it to the attacker), among others.  

  1. Data Breaches

As per Verizon’s 2019 Data Breach Investigation Report, nearly 50% of data breach victims are small enterprises. One of the main reasons small businesses are affected by data breach is because their level of security is not as strong as global corporations. The aftermath of data breaches is very detrimental to the targeted organisation as intellectual property has been lost and this will enrage employees and customers who may take legal actions against the company and the latter will have to pay a fine or other penalties. These are just financial concerns. The company will have a huge negative blow on its reputation and Goodwill: New customers would not want to give away their personal information to a company which has just been affected by a data breach. Moreover, existing customers will shift to another company as they no longer trust the company with their personal information.

  1. Malicious Insiders

Malicious insiders are employees, contractors or even business partners with ill intentions who want to achieve vile ends while still being part of the company as they have access to a plethora of confidential information concerning the company. As per a 2020 Ponemon report, internal attacks rose by 47% in 2018 and its cost increased by 31%.

  1. Insecure APIs

Application user interfaces (APIs) are often used in offices due to its convenience. Since most offices have shifted to remote working, APIs make it less tiresome to share information between multiple applications. This will in turn boost efficiency as employees will not have a hard time sending and receiving feedback, working with other colleagues on a particular project, among others.

On the flip side of the coin, attackers can find a way to turn this convenience into a headache by exploiting vulnerable APIs. Through the latter, attackers can launch a DDoS attack and consequently have access to the company’s sensitive information. The targeted companies would not get a whiff that their data is being stolen as attackers use several evasion methods. As per Gartner, API attacks will become very common by 2022. Hence, companies should perform regular checks and tests to patch up any vulnerabilities to avoid greater damage in the future.

  1. System Vulnerabilities

System vulnerability can occur due to the addition of an already compromised third-party application leading to system hazards or it can even arise due to the misconfigurations in security tools found within the cloud systems. There are common system vulnerabilities that will have a detrimental impact on cloud services and these include: absence of input validation on user input, database connections are left open, inadequate error handling and not enough logging and monitoring.

 Cloud Vulnerabilities Mitigation Techniques

– Daily security checks should be performed so that it can be known who has accessed which data.

– Ensure that servers are encrypted and secure and that afterwards, data can be recovered from the cloud centre.

– It is better for companies to conduct penetration tests so that they will have an idea about the vulnerabilities their system has and will know the attack pattern and vector of an attacker.

– Use MFA to reinforce verification controls.

– Choose wisely with whom API keys should be shared with. Discard API keys when they are no longer needed.

– Implement the use of Web Application Firewall (WAF) to safeguard web applications from cloud computing attacks and threats like DDoS, SQL injections and Man-in-the-middle attacks.  

IoT-Based Attack

The use of IoT devices (security cameras, sensors, wearables, among others) are becoming increasingly popular not only among corporations but also on an individual level. People have digitised their way of living (smart homes) and companies are relying more on IoT (Internet of Things) devices to either enhance security or make daily business operations less complex. With the inclusion of more digital devices in routine operations, more openings are created for attackers to infiltrate the company’s network. IoT devices are sometimes  easier targets as they are frequently disregarded by companies when security patches applications are concerned.

 Attack surface areas of IoT

This section will list IoT systems/ applications where vulnerabilities may exist:

Devices: Devices can be the primary targets of attackers. Vulnerabilities in hardware usually arise from its memory, firmware, physical interface, web interface and network services. Other vulnerabilities that attackers may exploit are unprotected default settings, outdated components and unprotected mechanisms.

– Communication channels: Attacks can arise from communication channels that are interconnected with IoT components. IoT system protocols may be misconfigured and attackers may use this vulnerability as a gateway to access the organisation’s network. Moreover, IoT systems are vulnerable to DDoS and spoofing.

– Applications/software: Vulnerabilities found on web applications and related software can result in compromised systems. For instance, web applications can be exploited to steal usernames and passwords or push malicious firmware updates.

 How can IoT be more secure?

Companies can implement security mechanisms based on the possible attack surfaces that can be exploited by an attacker. Below are the security guidelines that can make IoT less vulnerable and prone to attacks:

– All data and information collected and stored should be accounted for. Any data and information being transferred within an IoT system should be mapped appropriately. It englobes the data collected by sensors and even credentials in automated servers or any other IoT applications.

–  Devices connected to the corporate network should be configured appropriately. Secured configurations include strong credentials used, multifactor authentication and encryption.

The security tactic of the organisation should be centered on the assumption of compromise. Averting data breaches are important but it is more crucial that companies realise that there is no perfect defense mechanisms against ever-evolving and innovative threats which can aid in producing mitigation techniques that can thwart the impacts of successful attacks.

Devices should be physically secured. An IoT device should be physically secured from being tampered with and kept in a restricted area where only authorised parties can access and is protected by physical and digital security systems. For instance, IP cameras can be easily tampered with if a cybercriminal manages to reach them. Attackers could inject malicious hardware or software that may lead to system failures or even further spread the malware to other connected devices.