Pandora Papers Lessons — How Asiaciti Trust & Il Shin Recognize Digital Security Challenges | #malware | #ransomware


Is your organization prepared to face the perils of our increasingly interconnected world?

Most aren’t. Recent history is full of examples of private firms, nongovernmental organizations, and state departments that took digital security seriously yet still experienced digital intrusions or attacks. Some were directly responsible for ensuring others’ security — like the computer manufacturer Acer, which faced a $50 million ransomware attack last year.

Recent history also has plenty of examples of organizations struck by forces of unclear or unknown origins. The Pandora Papers, a significant unauthorized data release that affected more than a dozen firms in 2021, fits this description. Some of the affected firms, including Asiaciti Trust and Il Shin, thoroughly investigated the event yet found no evidence of digital intrusion, suggesting a high level of sophistication on the part of those responsible.

Even if it’s not always possible to determine the vector or origin of an intrusion, it’s worth taking precautions against such events. These aren’t foolproof — intrusions can and unfortunately will still happen despite the world’s best efforts. But implementing them now is far preferable to doing nothing.

First, we need to understand the nature of the cyber security challenges we’re likely to face.

Recognizing Digital Security Challenges: Key Threats You’ll Face

Again, we may never know beyond a shadow of a doubt how events like the Pandora Papers or the Acer attack came to be. But we do know that digital and real-world threats abound today.

These are some of the most common digital security challenges for modern enterprises. Understand how to recognize them and defend against them, and your organization will be safer for it.

Ransomware

Ransomware is the elephant in the cyber security room right now. Since 2020, dozens of major firms have fallen victim to this type of attack, including economically critical enterprises like JBS (a global food processing firm) and Colonial Pipeline (a major North American energy supplier).

Ransomware uses specially designed malware (malicious code delivered by email, hyperlink, or other means) to access victims’ networks. Once inside, it encrypts and locks infected devices, restricting access to them unless and until the victim pays a ransom in cryptocurrency.

Ransomware’s encryption is difficult or impossible even for information security experts to overcome, and cryptocurrency payments are difficult (though not impossible) to track. This increases the chances that a ransomware attack will be successful for the attacker and that the attacker will get away with it.

Stronger network security and data hygiene protocols can reduce the risk of ransomware but won’t eliminate it completely. Every organization should plan for the possibility of a successful ransomware attack by backing up critical data frequently (ideally every 12 hours) and developing a response plan.

Keep in mind that while many organizations give in and pay the ransom, there’s no guarantee that the attacker will keep up their end of the bargain and restore access to the locked data and systems, nor that the data will be usable. Ransomware attacks often corrupt the systems they infect.

Distributed Denial of Service (DDoS)

DDoS is one of the oldest tricks in the cyber attack book. During a DDoS event, the attacker recruits a network of devices (sometimes called “zombie machines”) to send traffic to the victim’s servers. The sheer volume of traffic overwhelms the servers and takes them offline, usually crashing the victim’s website in the process.

DDoS attackers have a variety of motivations. Some such attacks are the equivalent of digital graffiti and can be regarded as little more than annoyances. Others have more malicious origins, such as corporate rivalries or political warfare. For example, many DDoS attacks target firms or organizations seen as unethical.

Strong website and server security, along with network firewalls, can help prevent DDoS attacks. Would-be victims should think in terms of making themselves less attractive to attackers than others, as DDoS events typically target the truly vulnerable.

Zero-Day Exploits

There’s not much to be done to prevent zero-day exploits, unfortunately. The good news is that they’re not as common as DDoS attacks or some of the other digital threats we’ll meet here. And they can be addressed once discovered — though, by definition, they’re often not discovered until they’ve caused some damage.

A zero-day exploit is a flaw in a device or operating system that allows malicious actors to access the device or system or network. Think of it as a master key that doesn’t require direct contact to work.

Zero-day exploits are not easy for novices to use. However, they’re common targets of sophisticated threat actors. The best defense is to pay close attention to communications from equipment manufacturers and cyber security experts, and to update or change out devices as needed once a vulnerability is discovered.

Phishing and Spearphishing

Phishing is an age-old strategy where the attacker tries to convince the victim to provide sensitive information (such as a password or bank account number) or click on a malicious link that downloads malware onto their network.

Spearphishing is a more sophisticated version of the same strategy. It often takes advantage of preexisting relationships (or the appearance of relationships) and may come from compromised accounts belonging to associates of the victim. Spearphishing can also involve “spoofed” accounts, or accounts made to look like they belong to someone known to the victim.

In both cases, skepticism is the best defense. Never give out sensitive information over email or social media, even if you trust the person asking. In a professional environment, reach out to the sender by other means, like a phone call.

Man-in-the-Middle Activities

Man-in-the-middle events, or MitM, use compromised networks or nodes to “listen” to traffic being sent over the network. They’re often perpetrated by sophisticated actors and thus can be difficult to detect; it’s not uncommon for unauthorized intruders to be present on networks for weeks or longer before they’re discovered. In the meantime, they gather tremendous amounts of information, including potentially sensitive data that can be used for financial or competitive gain.

Preventing man-in-the-middle events requires a mix of strong network security and sensible “out in the world” practices. On the second point, many don’t realize that opportunistic MitM events occur all the time, when unsuspecting victims access the Internet over insecure networks. Any unencrypted traffic sent over such networks is liable to be captured and read, so if you must use them, use a VPN too.

SQL Injection

SQL injection, or SQLi, is another technical, sophisticated type of intrusion that’s used to find and export sensitive information in databases. It’s usually done by people who already have access to the victim’s systems, whether because they have official credentials or because they gained access by other means.

A large-scale SQLi intrusion can have devastating consequences for the affected organizations, on par with a ransomware attack on a network that hasn’t been backed up. The best defense is to restrict access to databases and closely monitor database activity with an eye to unusual access or activity patterns.

Password and Passcode Attacks

First, the good news. Brute-force password attacks, where the perpetrator uses an algorithm to guess the victim’s password, are becoming less common as password strength increases and two-factor authentication becomes more common.

Now, the bad news. This type of attack hasn’t gone away completely; it’s merely grown more sophisticated. Password attackers — better described as “passcode attackers” — now look for ways to access the second passcode required of any 2FA-enabled account. Often, this means stealing the victim’s password first, then using fake but convincing communication (such as a robo-call or text message) to get them to disclose the passcode.

Preventing passcode attacks is straightforward, for now. Never give out your 2FA passcode, and if you think your password has been stolen, change it immediately.

DNS Hacking

DNS hacking is another sophisticated exploit that redirects Web users to malicious websites that may contain malware or keystroke loggers. The details are complicated, but you can think of DNS hacking as a rewiring of the pathways that lead to a particular website. The victim types in a web address or clicks a link on the expectation that they’ll land on the site they want to visit, but unbeknownst to them, they’re rerouted to a second site — possibly with a similar Web address and design — that’s anything but friendly.

Avoiding DNS hacks in your own organization requires strong network security and careful monitoring. In everyday browsing, vigilance is key. Double-check the URL every time you visit a new website, make sure the security certificate is current and valid, and pay attention to browser security warnings.

Expired Domain Exploits

Another Web-based threat is the expired domain exploit, where “dropped” domains are recruited into malicious activity networks or used to steal sensitive information from the former owners. If you pare back your organization’s domains, be sure to remove all data before allowing them to expire, and pay close attention to any URLs you can still access in your hosting account.

Unauthorized Insider Activities

Malicious insiders are one of the most persistent and difficult-to-defend cyber threats around today. This is because they very often begin with the presumption of innocence. If they’re careful, they often don’t trigger technical alarms either, at least not until they’ve done considerable damage.

Insiders use many different means to get what they want, including tactics we’ve already discussed (like SQL injection). The best defense is to restrict access to sensitive databases and accounts and to maintain a more general “policy of least permissions” — allowing employees to access only what they need to do their jobs effectively.

Natural Disasters

Natural disasters are not digital threats in the traditional sense. But they can cause havoc for organizations operating in digital space. A storm or fire that prevents access to physical terminals or knocks your organization’s servers offline is major threat to your enterprise’s survival — and the longer the disruption lasts, the worse the situation gets.

Preventing this sort of disruption requires redundancy — that is, housing terminals and servers in multiple locations. However far-reaching, a single natural disaster is unlikely to affect every node in a distributed network.

Time to Take Digital Security Seriously

Is your organization prepared to face each of these threats?

Or any of them?

If the answer is no, it’s time to make a change. Recent events — from major data intrusions like the one that affected Asiaciti Trust and Il Shin, to targeted ransomware attacks on economically critical enterprises like JBS — show that it’s no longer possible for organizations of any size to ignore or de-prioritize digital and real-world security. There’s simply too much at stake.

We’ve seen quite a few different types of security threats, and the prospect of defending against them all might seem daunting. But a comprehensive security plan can easily address them all, with postures and protocols that apply to many different threat permutations.

For best results, you need to have your entire team on board, from the C-suite to the lowliest temporary employees. You need to convince your enterprise that security is worth taking seriously, that the risks of an unauthorized intrusion or release far exceed the inconvenience of changing passwords from time to time or setting up two-factor authentication.

Why wait to get started? The sooner you prepare your team for the road ahead, the less resistance you’ll face when threats loom.



Original Source link

Leave a Reply

Your email address will not be published.

77 − = seventy