THE SECOND OF OUR 3-PART SERIES, BASKERVILLE DRUMMOND REPORTS ABOUT THE TYPES OF ACTIVITY IN REGARDS TO CYBER SECURITY.
Last week we discussed the types of activity. This week we are discussing the types of threat, and how they do it.
CYBER SECURITY – INTRODUCTION
Cyber Crime accounts for nearly 50% of all reported crimes and cost UK Businesses an estimated £30bn in 2017. With 43% of businesses reporting a cyber attack or breech last year the movement of criminal activity from the physical to the cyber world shows no sign of abating.
Against this threat firms have a duty of care to :-
- Protect privileged client information
- Ensure the business can operate
- Protect brand value
- Protect staff welfare
In order to do this most firms have embarked on a program to increase their cyber security (the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorised access).
With the tightening of technology-based security the attackers are moving from “old school” hacking where they seek to gain access to solutions via direct connection to your network to social engineering hacking. This is where they seek to trick people into providing the access and by-pass the security solutions by using intelligent “scams” based on data harvested from various sources.
This change of approach has put staff members at the forefront of cybercrime activity. In a recent survey 91% of IT Professionals highlighted “users” as a major vulnerability with 62% believing this to be the largest threat. This is borne out by the fact that 72% of data breeches are directly attributable to staff receiving fraudulent emails and 67% of targeted attacks are aimed at junior members of staff.
It has to be accepted that human behaviour is the biggest risk to a firm’s security but it should also be recognised that staff members are now under a constant attack from organised cyber criminals and therefore need education and protection from social engineering hacking.
TYPES OF THREAT
There are two basic types of threats:
Crimes which target Networks or Devices
In this scenario the attackers are seeking to collect information from network devices, propagate a virus or ransomware or to undertake a denial of service attack.
Crimes which target individuals
In this scenario the attackers are targeting individuals either to gain access via them (as a weakness) to the Network or to undertake a fraudulent action.
Where the attacker is trying to gain access to the network they normally are seeking to get the target to inadvertently run software which will give them the access they need.
HOW DO THEY DO IT?
Email remains the most widely used method of trying to trick members of staff into either running software or undertaking a desired action.
Phishing: the use of fake emails that look legitimate in order to induce individuals to reveal personal information, such as passwords and credit card numbers. (aka “the Nigerian Prince”)
Whaling: a type of phishing attack directed at higher level executives or employees with permission to instruct finance to make payments. It is called Whaling because the big fish is targeting instead of the little fish. It normally comprises of an email from a Partner/CEO to someone in finance instructing immediate payment.
Email Interception: the use of fake emails to “intercept” a business transaction (“change of bank details”)
Malicious Links: normally distributed by email or fake websites.
Ransomware: where a hacker enters your computer and accesses your files, locking you out of them. The hacker then demands a ransom (usually money) before he will give you your files back.
Malware: software written to compromise your network or steal your data. It can be activated by clicking on links in emails or opening email attachments
There is a growing number of “spoof” websites which look exactly like the real website but contain code to provide the desired access to the accessing PC.
USB keys are often used to trick people in to running software which is pre-installed on them. The US Government planted USB’s in car parks of government buildings. 60% of people who picked them up put them into their computer and 90% of those allowed the “auto run” to install on their computer.
Hackers have been known to leave USB’s in coffee shops in financial districts.
The “Dark web” is full of databases of email addresses and passwords which have been gathered from previous leaks. This information is then used to find vulnerabilities during other hacking activities. For example if your username and password was collected during the Talk-Talk data breech it could be used by a different hacker to try to access your email or Facebook account.
Hackers can be very patient and it is often years between the original leak and the subsequent attempt to undertake fraud. Equally there are occasions where hackers have been found to have been monitoring email traffic for years before they undertake any action.