In the first installment of this two-part series, we advised consumers to stay on top of a selection of up-and-coming crimes to significantly lessen the chances of encountering them in the future. For this post, we’re going to look into digital crimes that keeps small businesses and large enterprises on their toes: cloud attacks, attacks over SSL, ATM malware, and RDoS attacks.
It’s important to note that regardless of any digital attack an organization might face, fostering a culture of cybersecurity plays a massive role in arming employees with knowledge of what these attacks are and how they should respond if and when such incidents happen.
Many are surprised with how quick cloud computing has taken hold. In fact, Internet users who may not have heard about “the cloud” likely have no idea how much they rely on it when they check updates on Facebook, their work mail, or their online bank statement. Indeed, cloud services have made our lives a lot more manageable, to the point that we think everything we need is just within reach of our fingertips, wherever we are in the world.
Unfortunately, online criminals have caught on and started using cloud services as lures to dupe people into handing over their account and personal details. Retrieved credentials—say, for work email—are then used to access the account to gain further access to other repositories the credential owner has rights to, primarily company files stored in other cloud services. And this is just one of the many possibilities that could happen to compromised enterprise accounts.
How to protect your business
- Take advantage of your cloud provider’s two-factor authentication (2FA) feature. They are used by the majority of cloud vendors today—using it is no longer optional. And that should be great news for any business looking into beefing up their security but only have a vague idea of where to start. Just remember that 2FA comes in various forms.
- Know who accesses what information stored in the cloud. Not everyone in the company should be able to read or obtain sensitive files. Audit your access list and, if possible, restrict access to more sensitive data to a smaller group of decision makers.
- Limit access to company resources based on user context. Employees in the office who use the internal network should be able to access files based on privileges assigned to them. Remote workers, on the other hand, should have limited access to company files, or they must go through additional sign-on steps to ensure that the person accessing the data is indeed who they say they are.
- Encrypt highly sensitive files stored in the cloud. Offsite backups work well, too.
- Use a cloud vendor that provides encrypted data transfers. (Not all of them offer this.)
- Toughen up on passwords. Make sure that employee passwords have an acceptable rating of complexity. The system should straight up reject ones that are easily guessed like “admin,” “password,” or “123456.”
- Regularly update your software to keep exploits at bay.
Attacks over SSL/TLS
Secure Socket Layer (SSL) or Transport Layer Technology (TLS) is a protocol wherein transmissions between a server and a browser are authenticated and encoded. While an increasing number of companies are learning and adopting encryption as part of their security and privacy strategies, using secure communication over the network to hide malicious antics is how threat actors level up the playing field. We’ve seen this in multiple malvertising campaigns in previous years. Malware being sent over an encrypted channel is not new either. Phishers, on the other hand, mainly use SSL as a way to make their campaigns more believable, seeing that more Internet users are clued in on what to look for on a potential phishing page.
Some threat actors use free SSL certificates, while others have breached company sites with them already installed. Regardless, organizations have a big hand to play in stopping the bad guys by securing their websites and also educating their employees on current, more sophisticated criminal tactics.
How to protect your business
- Keep server OS and other software running on your website up to date.
- Strengthen the passwords of your website admin accounts.
- Make sure that text boxes on your website where users can post content to them, such as a search box, comment window, or forum post, are SQL injection- and cross-site scripting (XSS)-proof. You can install tools to prevent scripts not hosted on your server from running on your website. Or you can tinker with the server-side code to make it difficult for the bad guy’s script injection to run even if it were successfully posted to the page.
- Install a Web Application Firewall. There are niche brands that offer this, with some of them being cloud-based. So do your research and choose a service that fits your company’s needs.
- If you allow users to upload files—say, a screenshot—to your website, make sure that limitations are explicitly set to prevent users from uploading other file types.
- Switch to HTTPS. You may also want to consider using SSL inspection.
- Restrict physical access to your server.
- Conceal your admin directories. Hackers have been known to scan web servers for conspicuous directories they can focus on gaining access to, such as the admin folder. Choose new names for your administrator folders, and make sure you and your webmasters are the only ones who know them.
- Back up your website. Always.
Crimes involving ATMs don’t necessarily require physical skimming devices. Sometimes, there’s malware—and a bit of phishing—in there, too. And these two combined form network-based ATM attacks. Europol’s European Cybercrime Centre (EC3) and Trend Micro’s Forward-Looking Threat Research (FTR) Team have circulated a 40-page report, warning banks about the rise of ATM targeting. Based on this report, not only is ATM malware becoming commonplace, it has evolved remarkably through the years.
EC3 and FTR have also revealed that there are two objectives of ATM malware: (1) empty the affected machine from cash, which is called “jackpotting,” and (2) record card data from clients using the affected ATM, effectively acting as a virtual skimming device.
Below is a video shared by Bleeping Computer about the latest ATM malware sold on the Dark Web in action:
How to protect your business
- The majority of malware that infiltrates a bank’s network starts off as phishing emails. As such, it’s more important than ever for senior managers to focus on running awareness programs and surprise simulations within the organization on a regular basis.
- To prevent crooks from delivering malware via the ATM’s USB and CD drives, fortify the machine by replacing the default generic locks on the shell to prevent thieves from purchasing generic keys for these locks. Also, make sure that the location where the ATM machine is situated is well-lit and has a security camera in place (that cannot be easily tampered with).
- Ensure that the communication between the interbank network and the ATMs are encrypted and have integrity controls.
- Religiously update all software installed on the ATM. Also, whitelist software that are only allowed to run on ATM machines.
- By default, use two-factor or multi-factor authentication between devices and software.
- Employ whole disk encryption for hard disks.
- Secure the ATM BIOS against unauthorized access.
Ransom DDoS (RDoS) attacks
A distributed denial of service attack, or DDoS, involves the use of hundreds, if not thousands, of electronic devices controlled by a botmaster. These devices are then used to attack an organization by overwhelming their network with garbage traffic, resulting in websites being shut down and clients not being able to access them for an indefinite period. This translates to a significant loss of profit and disruption of productivity. An RDoS attack happens when an organization is threatened with a DDoS attack but fails to deliver or ignores a threat actor’s demands for money, which is usually in the form of cryptocurrencies. According to a Kaspersky report, a majority of threat actors behind these attacks are beginners and not organized hacker groups. Regardless, a DDoS attack is not something any company with an online presence would want to get entangled with.
Although RDoS attacks on enterprises regularly make the news, small businesses shouldn’t be lax as they have more to lose in the event of such attacks. Unfortunately, a vast number of small business are ill-equipped to handle DDoS and RDoS attacks.
How to protect your business
- Plan ahead. Little can be done once an attack is already taking place. Prevention is critical in this case. Assess the potential DDoS risk, exposure, and severity to the business and come up with mitigation strategies to address them.
- Monitor bandwidth for spikes on the network. This could mean an oncoming attack or the presence of malware.
- Have security software in place. Install anti-malware, email and URL filtering, firewall, and other security software to beef up your company’s computer, device, and network protection. Make sure that they are also whitelisted and regularly patched. Some companies even offer DDoS protection.
Regardless of the nature of the business, as long as you have an online presence—if we guess correctly, almost all SMEs have this—securing your assets, which are either stored in the cloud or on-premise, should be an essential part of any business plan. Organizations of all sizes can no longer afford to overlook security and privacy matters regarding how they should handle confidential company and client information, especially with the arrival of GDPR.
On the other hand, users are also responsible for making sure that their electronic devices are protected both from unauthorized physical and electronic access, their sensitive information kept behind digital lock and key, and that the resources and assets they use for work are maintained within acceptable security standards.
This is a Security Bloggers Network syndicated blog post authored by Malwarebytes Labs. Read the original post at: Malwarebytes Labs