Category: IT

The most common of modern cyber attacks that your business could face in 2018 and ways to avoid them.

There is the Great Isabel; the Little Isabel, which is round; and Hermosa, which is the smallest.

The 2017 news base was dominated by cyber threats, cyber crimes, breaches and more. At every turn of the page you were overwhelmed with headlines surrounding breaches of major companies, viral ransomware and leaks of spy tools from U.S. intelligence agencies.

Unfortunately, 2018 seems likely to be another year of threats across the board. The mission for all involved in the security space is to constantly educate, share and empower one another to be prepared for what is ahead.

2018 brings a plethora of security issues – each more fascinating and challenging than the last:

Non-Malware Attacks

The future of client-side malware attacks is fileless. And it would appear the future has arrived with a growing number of attacks using fileless or in-memory malware to pose a threat to business that’s increasingly difficult to neutralize. Fileless malware infects targeted computers while leaving nothing behind on the local hard drive. This makes it incredibly easy to sidestep traditional signature based security. During the past year, fileless attacks have been on the rise. According to the SANS 2017 Threat Landscape Survey, one-third of organizations surveyed reported facing fileless attacks in 2017.

In 2017 attackers managed to hit 140 enterprises, including banks, telecoms, and government organizations, with the fileless malware. The organizations were primarily in the U.S., U.K., and Ecuador but firms in Brazil, Tunisia, Turkey, France, Spain and, and Spain were also compromised. Researchers described how the attackers used the malware to gain a firmer foothold into bank’s systems and cash out.

New Jersey Cybersecurity and Communications Integration Cell, NJCCIC says: “The NJCCIC assesses with high confidence that fileless and ‘non-malware’ intrusion tactics pose high risk to organizations, both public and private, and will be increasingly employed by capable threat actors intent on stealing data or establishing persistence on networks to support ongoing espionage objectives or to enable future acts of sabotage.”

What can you do now? Here is a good start:

  • Make a shift in end-user awareness
  • Disabling the use of PowerShell on networks
  • Monitor more closely outbound traffic
  • Trace it back to applications making those requests.

Supply Chain Attacks

Supply chain attacks in 2017 were only the beginning of the growing trend. These attacks seek to damage an organization by targeting less-secure elements in the supply network. Much like social engineering, these supply chain attacks exploit a trust relationship between a software (or hardware) vendor and its customers.

CloudHopper, CCleaner, ShadowPad, Kingslayer, PyPi and M.E.Doc – many of which targeted software aimed at IT administrators and software developers Reports of these attacks are likely to increase in 2018 as new names enter the hacking world. Supply chain attacks are not new, however, the frequency is reason enough to cause concern.

What can you do now? Here is a good start:

  • Create a process of strict control of your institution’s supply network in order to prevent potential damage from cybercriminals
  • Ensure that all applications receive their updates over secure encrypted channels

Phishing Attacks

Phishing Attacks – usually comprised of a malicious email attachment or an email with an embedded, malicious link are the primary vector for malware attacks. Luckily, if you know what you’re looking for, they are easy to detect. However, phishing is far from over.

Some 2017 highlights – source: Info-Security Magazine

  • 1 in 25 for Qatar – A nation of just 2.3 million people saw its businesses and residents hit not just by one major attack, but more than 93,570 phishing events in a three-month span at the start of the year. Such attacks leveraged both email and SMS texts as attack vectors.

  • An Eastern-European cyber-criminal group sent “malware laden” emails to Chipotle staff that compromised Point of Sale systems at most Chipotle locations, obtain customer credit card data from millions of people in the process.

     

  • After months of uncertainty, the U.S. Department of Justice (DOJ) announced the arrest of a Lithuanian man for allegedly stealing $100 million from two U.S.-based tech companies. The attacker targeted attack successfully used a phishing email to induce employees into wiring the money to overseas bank accounts under his control.

What can you do now? Here is a good start:

  • Training and awareness
  • Strict management on admin access
  • Invest in web protection, email protection, mobile device management, password management etc.

If there is one thing that 2017 should have taught us, it is that attacks are becoming more complex, more advanced and can happen to anyone. Opening the dialogue and empowering our peers to educate and plan accordingly is not only the best course of action – it is possibly the only one!

25 Top Attacks And Data Breaches That Took Us by Storm in 2017

 

  1. NHS Cyber Attack: UK’s NHS was attacked by a tool, known as EternalBlue, which affected trusts, GP practices, and hospitals across the nation. The cyber-attack cancelled tens of thousands of appointments and disrupted hospital systems that led to staff resorting to pen and paper as means of administration. Read More
  2. HBO: HBO’s systems were compromised and 1.5 terabytes of data, including episodes of TV shows, were stolen. Read More
  3. Ukraine Cyber Attack: Ukraine was struck with a malware, called wiper, that completely deleted its victims’ hard drives. This disrupted businesses and users were asked to pay USD 300 in bitcoin to regain access to their PCs. Read More
  4. Maersk Cyber Attack: Shipping giant AP Moeller-Maersk was infected by a computer virus which caused outages in its systems and severely affected their operations. Their unloading of vessels at Tacoma port was slowed down after the attack. Read More
  5. Deloitte: Deloitte, one of the biggest auditing firms, was hacked and confidential emails and plans of their blue-chip clients were compromised. It went unnoticed for months.  Read More
  6. FedEx TNT Express: FedEx’s subsidiary, TNT division, had its computer systems compromised by a ransomware outbreak. It would cost the company USD300 million to restore their IT operations. Read More
  7. BadRabbit Russia: Private individuals were warned on the virus called BadRabbit, a ransomware that locks up computers and asks users to pay for the return of access. Read More
  8. Equifax : 700,000 Equifax consumers were compromised by a breach of data which accessed their personal details – including credit card details, phone numbers, and even license number. Read More
  9. Scottish Parliament: Scottish Parliament’s computer systems were attacked and hackers were attempting to access email accounts through cracking their passwords, which resulted in some users getting locked out of their accounts. Read More
  10. Uber: A breach of Uber’s 57 million customers personal information was acknowledged by the company in 2017. They also confirmed that they paid hackers USD100,000 to keep mum and delete the data collected. Read More
  11. Deutsche Telekom: Deutsche Telekom had 900,000 of its routers hijacked which stopped owners and users from going online. A 29-yr-old British man has confessed to carrying out the attack. The estimated cost of the attack was said to be around EUR2 million. Read More
  12. Pornhub: Users of the adult site Pornhub were in danger of contracting a malware as hackers hijacked the websites adverts. The attack was known as malvertising which attracted users to click on a fake advert which allowed the hackers to infect the user’s PC with an ad fraud malware. Read More
  13. NiceHash: NiceHash, a Slovenian bitcoin mining marketplace, was hacked and nearly USD 64 million worth of bitcoin was stolen. According to the people in NiceHash, “a highly professional attack with sophisticated social engineering’ was employed by the hackers to get into their system and steal 4,700 bitcoins. Read More
  14. Wall Street Hack: Wall Street’s regulator admitted that its database of corporate announcement – from the EDGAR filing system – was breached. The hack, which was hushed by the SEC, were thought to be used by cyber criminals to do insider trading. Read More
  15. Yahoo!: Yahoo! Released new figures following their 2013 data breach wherein they admitted that data associated to 3 billion of their user accounts were compromised. Account information such as names, emails, phone numbers, hashed passwords, security questions, and answers were stolen by hackers. Read More
  16. Dallas Siren Hack: Dallas Texas’ 156 emergency sirens were hacked and simultaneously triggered. The noise lasted for 90 seconds which resulted in over 4,000 calls to 911. Read More
  17. Imgur: Imgur admitted to a security breach which compromised their users’ emails and passwords. The company said that they never ask for names, phones, and addresses. While the breach occurred 3 years ago, the company only realized its occurrence this year. Read More
  18. Vevo: Vevo, Sony Music, and several other media platforms were hacked. Roughly 3.12 terabytes of files were taken and then posted online for public viewing. OurMine hackers have claimed the breach. Read More
  19. WikiLeaks: WikiLeaks was attacked by OurMine hackers and they took over their webpage. They carried out a DNS poisoning where links to their website would lead to a page created by the hackers. Read More
  20. Coachella:  Coachella was a victim of a large data breach where festival-goers’ information, including full names, emails, phone, and birthdates, were accessed by hackers. Read More
  21. Instagram: Instagram warned users that hackers may have exploited a bug in the app’s API. While only high profile users were targeted, the hackers stole email addresses and phone numbers. Read More
  22. Microsoft: Hackers, who are now detained by police, have been trying to infiltrate the Microsoft network seeking to steal customer data. Read More
  23. Pizza Hut: Pizza Hut informed customers that personal information stored in their systems have been compromised. A security intrusion gained hackers access to numerous names, billing ZIP codes, addresses, emails, and credit card information. Read More
  24. EtherDelta CryptoCurrency: EtherDelta, a cryptocurrency exchange site, told its users to not open their site due to a malicious attack that gave users risk of having their virtual currencies stolen. The hacker faked the webpage’s facade and was then able to gather information from users logging in. Read More
  25. Korean Bitcoin Exchange Yapizon: Another bitcoin exchange in South Korea, Yapizon, was compromised and had 3,800 bitcoins in customer funds stolen. Read More