In today's increasingly digital world, the main threats to destroying businesses can come from a variety of harmful sources and applications.
Here are the five major computer threats I identified from my work that could impact corporate customers and how they can protect each other.
1. Phishing
Phishing is probably the most important threat carrier to worry about. People are already inside the perimeter, behind the firewall and have access to resources and protected resources. This is why phishing attacks are the way most malware gets into organizations: downloads because an internal user clicked on a link or attachment in a phishing email.
Wombat Security claimed that 76% of companies were a victim of a phishing attack in the last year and the SANS Institute reported that 95% of all attacks on corporate networks are the result of a spear successful phishing.
Training on how to detect phishing e-mails remains the best defense but not a one-and-one approach, training needs to be repeated several times a year, and phishing is recommended own people at regular intervals to verify and provide constructive feedback.
Verizon reported that 30% of phishing messages are opened by targeted users and 12% of those users click on the attachment or malicious link. Sophisticated phishing attacks are designed to look real – that's why people are deceived into clicking with devastating results.
2. Crypto Currency Extraction
Cryptocurrency mining became a hot topic in 2018. Criminals have found a way to immediately profit from criminal activity without having to sell information or extort money: just use the resources to extract it. [19659003] Related: Responding to the passage from ransomware to cryptocurrency
The first three cryptocurrencies, by market capitalization, are traded with Bitcoin (BTC) at over $ 7,000 each, trading Ethereum (ETH) at almost $ 300 each, and Ripple (XRP) traded at $ 0.34 each. Why ripple? Because it is used as a real-time gross settlement system that allows immediate and direct transfer of money between two parties.
One might think that one of these would be the most encrypted of cryptographic currencies, but in reality it is number 11 on the list – Monero (XMR) trades at just over $ 100 each. The reason is the power of calculation required to extract the currency and the value obtained compared to the work done. From Monero a greater return of mineral resources is available compared to other cryptocurrencies.
Malware is the delivery tool, often via phishing, to eliminate the payload of a miner Monero on victims' computers. Both in the cloud and on-prem, once the miner software is loaded, it begins to work on looking for coins for the attacker and on the deposit in the collections and portfolios of the collection. The more your computers can get infected, the bigger the payday. It is a direct payment for attackers who do not have to do anything else.
Concerns are that you are losing resources that you can not use for the reason you bought them: by serving web pages, developing software, etc. business. Even more insidious is that you now have software under the control of attackers on your network. They can add additional malware, such as ransomware, Trojan, RAT or anything at will, at any time.
The solution is the same for any malware, a comprehensive defense strategy to find and eliminate threats in so many levels in your architecture as much as possible Firewall to the perimeter up to the host-based AV and EDR solution on the endpoint .
3. Ransomware
Ransomware is malicious software (malware) that infects your computer and starts with silent file encryption. Once you've done your work, submit a ransom note to see your files again, you'll have to pay.
The price is always in a cryptocurrency, usually Bitcoin (BTC) per machine to decipher your files The attackers are willing to decrypt some files for free in most cases, to prove they can, and have even started to negotiate with companies that attempt to reduce extortion payment.
Paying that ransom is the wrong move unless you have another option available. You directly fund crime and criminals if you pay, which will only encourage them to continue doing so. Also, you're now on the list of people who pay when they're taxed, so you can almost guarantee to pay again in the future.
The ransomware solution is a well defined and executed disaster recovery / backup and recovery program. We recommend that you back up your resources at regular intervals and test recovery and recoverability frequently. If you can restore your organization from backup, why pay a ransom?
4. National State Actors / APTs
Actors of the nation state, also known as advanced persistent threat actors (APTs), are a concern of larger organizations. Mainly the reasons why a nation-state turns to your organization are to steal intellectual property, influence political decisions or cause physical or monetary damage. These are often the "unknown unknowns" of the threats.
There are things you know, things you know you do not know, and this other category: what you do not know you do not know. These scary people more than anything – and they really should not be on top of the list if you're doing security the right way.
Honestly, a persistent actor who pursues something without stopping will eventually take it. They are trying to do it quietly and secretly, but if that fails, a catchphrase and a grip will work just as well. Implementing a security program with a defense strategy in depth is the best defense
. Hunting teams have uncovered unknown unknowns as part of their charter. No one can be the "anomaly" on your network and be completely silent. It is your diligence that will allow you to find these threats first, minimize losses and even help you avoid loss altogether.
5. Internal threat
The final category in the top five of cyber-threats is the internal threat. These generically come in two flavors: the involuntary and the intentional. Most of your security policy and program focuses on preventing involuntary losses from your employees. It's the intentional criminal you have to hunt.
Why do your employees become an actor of intentional threats? Many do it to steal property or information for personal gain or to benefit another organization or country.
Related: Cut the confusion: 5 steps towards the right cyber insurance coverage
Most cases of internal threats (> 80%) to date have been carried out during the period. working hours, with planned activities in advance and financial gain as motivation. Revenge and real financial difficulties have not proven to be most of the reasons for domestic threats to date.
This is the most difficult type of attacker to find. It requires the forensic analysis of your network and the resources to be discovered. There are many things you can do to reduce the impact of an internal threat. The physical security of employee devices can help mitigate losses in the event of internal threats; a well-implemented resource management solution can prevent lost or stolen devices from providing important information to attackers.
Connecting to insecure networks, especially unprotected wireless networks, is another preventative measure to help you lose unwanted internal threats. Your best overall protection is still a fully developed and implemented security program. Remember, security is not a product or something you buy, it's what you do every day.
Related: How to protect your insurance customers against the latest social engineering scams
Darian Lewis is the principal analyst of threat information in the Relativity security group , Calder7. In his role, Darian leads a team in charge of assessing and responding to threats that could affect the security of Relativity, RelativityOne's SaaS product.