- Six Successful Strategies For Re-Opening Your Business After Covid19
- Cybersecurity Readiness in a Pandemic Era
- Cybersecurity In 2020 – A Roadmap To Keeping Your Business Safe
- What’s your reputation worth? The cost of not protecting your data.
- Ryuk Ransomware Hits Canadian Businesses
- Why Are Small Businesses A Hackers Playground?
- Phishing attacks targeting Office 365 users
- The new normal in cybersecurity
- Hackers targeting torrent sites
- The implications of PIPEDA for small business
- Cybersecurity Essentials
By Dom Chorafakis, P.Eng, CISSP, June 21, 2017
The cyber threat landscape is constantly changing as criminal hackers look for new and creative ways to profit from online crime. While there is no silver bullet that can guarantee protection against breaches or other forms of attack, keeping up to date with the latest threats and vulnerabilities is an important part of any security strategy.
With the rise in popularity of digital currencies like Bitccoin and Etherium, cybercriminals have found new opportunities in cryptomining as a revenue stream. The unauthorised use of computer resources to mine cryptocurrency known as cryptojacking has now exceeded ransomware as the largest online threat. There are two aspects to this that are important to take into account from a security perspective: website compromises and malvertising.
Hackers attempt to install cryptomining software on victims’ computers by installing malicious code on websites they are able to compromise. Web servers have always been vulnerable to hackers because of their very nature, but the potential for profit from illicit cryptomining makes them more interesting targets than ever before. System administrators need to ensure that servers are adequately protected by making sure the operating system and software is up to date, accounts are secure and use strong passwords, endpoint security mechanisms like anti-virus is installed, servers are protected using Intrusion Prevention technology, and that measures are in place to detect and prevent unauthorised content changes.
In addition to compromising legitimate websites, hackers are creating fraudulent sites that look legitimate, directing users to these sites using fake online ads displayed on popular websites, a practice known as malvertising. This practice is not new, but a significant spike in cryptojacking related malvertising was recently observed by a network of Intrusion Prevention systems as reported here.
People surfing the internet should assume that at some point they will come across either a legitimate site that has been compromised, or a fraudulent site set up specifically to infect vulnerable systems. To protect themselves, users should keep their Operating System and all software they use up to date, make sure good anti-virus is installed and up to date, use safe-browsing plugins from their anti-virus vendor and use an ad-blocker to block online ads.
While there has been a significant increase in these new threats thanks to the potential for quick profit, email continues to be by far the predominant attack vector. From account compromise and phishing attacks to malicious attachments, email based attacks are still the most common method used by hackers to infect vulnerable systems with ransomware, cryptojacking software, or trojans used to carry out financial fraud and other attacks. While technologies like anti-spam and anti-virus can help, user education is one of the most effective tools to help minimise risk in this area. Users need to be aware of the types of threats and attacks, how to identify them, and what steps they must take in the event of a suspected compromise.
The long game
Staying up to date with the latest threats and cyberattacks is important, but is only one element of a good cyber security strategy. Defending against hackers and cyber criminals is not a onetime activity, it needs to be an ongoing process that is actively managed and updated to reflect the changes to your information, its ecosystem and evolving threats. A good strategy includes the following five elements.
1. Identify your assets
It’s impossible to build a solid defence if you don’t know exactly what you are defending. During this stage you need to identify all of the data, applications and hardware that need to be protected.
2. Identify threats and risks
Once you have a list of everything that needs to be protected, it’s time to analyse the risks and threats to each asset. The threats to your company website are different than the threats to your customer list or payroll information, so different countermeasures are needed to protect the confidentiality, integrity and availability of the systems and the information they process.
3. Apply security controls
Once you have identified and prioritized assets and threats, it is time to select and deploy the safeguards needed to protect your organization. This may seem daunting but remember that you don’t need to solve everything at once, you can start by taking steps to address the biggest risks to your most valuable or sensitive assets and work down the list as time and budget permits.
4. Detect and Respond
Despite best efforts breaches and other security incidents can and will occur. The ability to detect and respond to them is as important as the effort to prevent them in the first place. There are a number of steps that can be taken in this area ranging from technical solutions such as managed security services and Intrusion Prevention, to policies and procedures such as having a formal Incident Response Plan.
5. Review and adjust
Lastly, it is important to keep in mind that a cyber security strategy is not static, it needs to be reviewed and adjusted to make sure it is always up to date and your important assets are protected. How often it needs to be reviewed depends on many factors including the threat level, sensitivity of information, as well as legal and regulatory requirements. At a minimum the strategy should be reviewed at least once a year, every time there is a significant IT change and every time there is a security incident.
Where to go from here
There are many free resources that can help individuals and businesses with cyber security. In Canada the government has launched a Get Cyber Safe initiative with the mission “to educate Canadians about Internet security and the simple steps they can take to protect themselves online”. For more information you can visit the Get Cyber Safe website and get started on your own cyber safety strategy.
Ask an expert
If you have a question about one of our blog posts or cybersecurity in general, our experts are happy to help.
- Threat Roundup for October 15 to October 22
- Threat Source newsletter (Oct. 21, 2021)
- Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India
- Beers with Talos, Ep. #110: The 10 most-exploited vulnerabilities this year (You won't believe No. 6!)
- Vulnerability Spotlight: Multiple vulnerabilities in ZTE MF971R LTE router
- Ransomware Rise Pushes Organizations to Prepare for Attack
- aDolus Raises $2.5M to Secure Critical Infrastructure and Grow Sales and Marketing Team
- 'TodayZoo' Phishing Kit Cobbled Together From Other Malware
- 7 Ways to Lock Down Enterprise Printers
- What Does Better Insider Risk Management Look Like?
- What Squid Game Teaches Us About Cybersecurity
- Google Buckles Down on Android Enterprise Security
- Malware Abuses Core Features of Discord
- Cybrary Launches New Partnership with Check Point Software to Make Cybersecurity Training Accessible to All
- Security Teams Still Favor Prevention Over Detection
- BrandPost: CIS CSAT Pro v1.7: CIS Controls v8 Assessment and More
- Security Recruiter Directory
- Decline in ransomware claims could spark change for cyber insurance
- What is Magecart? How this hacker group steals payment card data
- Kraft Heinz dishes up security transformation
- Detecting anomalies with TLS fingerprints could pinpoint supply chain compromises
- SSRF attacks explained and how to defend against them
- (ISC)2 pilots new entry-level cybersecurity certification to tackle workforce shortages
- New Windows browser security options and guidance: What you need to know
- 8 top multifactor authentication products and how to choose an MFA solution
- Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability
- How Coinbase Phishers Steal One-Time Passwords
- Patch Tuesday, October 2021 Edition
- What Happened to Facebook, Instagram, & WhatsApp?
- FCC Proposal Targets SIM Swapping, Port-Out Fraud
- The Rise of One-Time Password Interception Bots
- Apple AirTag Bug Enables ‘Good Samaritan’ Attack
- Indictment, Lawsuits Revive Trump-Alfa Bank Story
- Does Your Organization Have a Security.txt File?
- Trial Ends in Guilty Verdict for DDoS-for-Hire Boss
- Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks
- Popular NPM Package Hijacked to Publish Crypto-mining Malware
- Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline
- Hackers Set Up Fake Company to Get IT Experts to Launch Ransomware Attacks
- Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices
- 'Lone Wolf' Hacker Group Targeting Afghanistan and India with Commodity RATs
- Researchers Discover Microsoft-Signed FiveSys Rootkit in the Wild
- Two Eastern Europeans Sentenced for Providing Bulletproof Hosting to Cyber Criminals
- Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer
- Before and After a Pen Test: Steps to Get Through It