Latest cyberthreat growth and how to defend against them

Based on international statistics we bring you these numbers:

  • 86 % of data leaks led to company’s financial loss. This means a 71 % growth compared to 2019
  • 43 % of web apps heighten the risk
  • 67 % of data leaks is caused by identity theft, human mistake or social engineering attack
  • 37 % of identity theft is caused by weak password policy or password theft from other sources
  • 25 % of phishing attack campaigns is successful
  • 22 % of is successful due to the human factor

These numbers suggest that as many as 40 % stolen login credentials then served more than 80 % of further attacks. The upward trend is notable in Ransomware as well as others.

We have prepared a brief description of selected threats, their main characteristics and also their goals.

1.    Cyberthreat overview

Bruteforce
Bruteforce is an attempt to gain an unauthorized access to an account based on guessing/hacking the password. The result means access to the account, website etc.

Phishing
Phishing is a social engineering fueled attack. The attacker attempts to coax information from the target using a fake email message or a website that resembles a familiar site or email. There are many ways to prevent this. The most effective is regular employee training that promotes caution.

The goal of Phishing isn’t only to gain the access information but it can also serve as support for next attacks.

The attackers often use current events and adjust accordingly.

Common ones include:

  • Natural disasters or current state of the world (flooding, draught)
  • Epidemic events (there is a number of phishing emails or websites related to COVID-19)
  • Elections
  • Holidays
  • Information update requests

How to best identify an attack?

The sender address is suspicious – the sender pretends to be legitimate. It is however likely in an unusual format (missing characters, incorrect format)
Automatically generated greetings or signatures – all unified greetings or signatures such as “Dear client”
Fake hypertext links or websites – these can be identified by hovering over the hyperlink and checking where the url leads. This however requires caution – the fake url can be very similar to a real one.
Grammar and overall appearance of the email message – in case there are grammar mistakes or unusual formatting, the message is likely to be fake
Suspicious attachments – a common example are unexpected attachments, prompts to urgently download something from a webpage, urgent payment of an order you are unfamiliar with etc.

Social engineering

Technically speaking an attack using social engineering is an attack that requires human interaction to gain information or to compromise someone. The attacker can impersonate IT support techs, a new employee, service provider etc. It is surprising how much freely accessible information each of us has online. That unfortunately allows the attacker to target more specifically by using known information.

Ransomware

Ransomware is a type of malware that aims to encode data on the attacked computer or site. Afterwards, money is demanded. It’s main characteristic is the quick spread over the site and gradual encoding of all encountered data. It of course can use all vulnerabilities and the solution isn’t only to restrict user authorization.

If the victim pays money, it is very common that nothing happens and more money is demanded. As far as potential consequences go, this poses one of the biggest threats for individuals and companies.

How does it work?

First it identifies what the user can access. Along with that it attempts to gain a higher level of entry and gradually encodes all data. Once it does, an alert appears to the user concerning the encoded data and payment demands.

How does it spread?

Typically through fake emails or unsecure internet downloads.

How to protect against it?

  1. Back up your data and store it in a way that prevents online access. Don’t be afraid to encode your back ups.
  2. Train your employees – it is necessary to regularly train employees and keep them up to date with potential threats. The human factor is still the most vulnerable part in cybersecurity.
  3. 3)    Regularly update your PCs and servers – keep your OS and applications up to date. Out of date OS and apps are always the most vulnerable.
  4. 4)    Be cautious when opening any email attachments. Open all attachments you receive cautiously or not at all. Do not open those that seem unsual.
  5. 5)    Don’t share too much personal information. If you put in your information on any website, only use those with secure access.
  6. 6)    Open emails only from known senders. If you receive an email from unexpected sender or from a sender of unusual format, open it only after verification and cautiously.
  7. 7)    Use antivirus, firewall and email filters. Install programs with preventative measures on all your devices. Keep the programs up to date.

How to react in case a system is infected?

  • Immediately isolate the infected system. Disconnect the infected system from the PC site and Bluetooth.
  • Turn the infected system off. Shut the affected system off as soon as possible to prevent further damage. Entrust any further steps to IT professionals. A complete shut off can prevent the spread of the damage.
  • Secure your back up. Make sure your back-ups aren’t accessible online and they’ve been secured. If possible, make sure your back-ups aren’t accessible even to your privileged users.

How to defend against cyberthreats

Keep your IT up to date
Our Digital blog regularly brings you overview of the newest vulnerabilities. You can sign up for a RSS feed which will help you react to potential threats.
Overlooked mistakes are common and a system that doesn’t defend against them poses a risk. We can assist you in regularly scanning your systems and informing you about potential vulnerabilities. Period of testing is always based on your needs and up to discussion.

Perform penetration testing regularly.
Test your IT system regularly by performing penetration testing and identifying potential risks. Solely configuring your systems according to all steps won’t reveal all vulnerabilities.

Perform social engineering tests
Train your users by using simulated attacks. These simulations will teach your users about the potential appearance of real attacks and help protect your organization.

IT Awareness
Regularly inform your users about potential threats and types of attacks. This will help you train them and help prevent attacks. We can assist you by providing training sessions as well as external IT security manager services or advisory regarding the correct configuration of your system.

 

Martin Hořický, partner

[email protected]