Artificial Intelligence to revolutionize cybersecurity
Cyber attacks are increasing rapidly these days and the trend for zero-day attacks is also not so unknown. To cope up with these evolving cyber threats, it is the need of the hour to be prepared with more advanced counter mechanisms. This is where AI in cybersecurity comes into play.
These days there are tools and security devices that use AI to make the attack detection and prevention process easy and automated. AI in cybersecurity helps to bring out the concepts of behavioral analysis, automation, and many more that help to create a new space in the field.
Role of AI in cybersecurity
AI has opened new horizons and opportunities to detect and mitigate cyberattacks. Every day multiple cyberthreats are born and increase the attack surfaces of the firm. AI in cybersecurity helps to delve deeper into the key areas to find the threats and adjust itself in a suitable way to mitigate them.
AI can identify and prevent cyberattacks
AI has lots of reference modules and predetermined attack engines that helps the user to detect the inbound cyber attacks easily. Some attackers use predefined scenarios, methodologies, and techniques to attack websites and applications. By using AI-based detection techniques, it will be easy for the user to identify the attacks. Once the ongoing attacks are identified, you can add some of the pre-requisites in the AI engine that will help you to mitigate the same.
The automation of cyberattacks
AI in cyberspace is rapidly growing and is both boon and bane for the industries. Whereas on one hand, the application of AI in cybersecurity helps to automate the process for mitigation of cyber threats, it also helps malicious actors to create automated cyberattacks. These attacks are pre-programmed based on the analysis of threat vectors of the organization and attack the same in various ways.
The latest research shows that the threat landscape is increasing these days due to the presence of the open-source AI-enabled hacking tools and software. Within the report, the cybersecurity firm documented three active threats in the wild which have been detected within the past 12 months. Analysis of these attacks — and a little imagination — has led small attackers like script kiddies and newbies to create scenarios using AI which could be more dangerous and threatening.
Impact of AI in cybersecurity space
The presence of AI in the cybersecurity space has opened new horizons for attackers and defenders. The landscape of cyberspace is changing its demographics due to the presence of AI, which proves to be uncertain and unbiased. Sooner or later it is going to be the key differentiator between both the veils.
The AI has helped the cybersecurity researchers and continues to do the same in all the way possible.
The presence of the AI has impacted the cyberspace on the following grounds:
Ever since organizations have shifted their business to remote operations due to the COVID-19 pandemic, there has been a dramatic rise in the number of data breaches. In the first half itself, cases of data breaches have been reported in 81 global companies from 81 countries!Besides, a security research firm recently revealed the impact on the data breach landscape due to COVID-19 where 80% of data breaches have occurred either because of stolen credentials or brute-force attacks!
Currently, cybercriminals are exploiting the situation of the pandemic to launch highly sophisticated cyberattacks on every industry possible. In the first six months of 2020, various Fortune 500 companies became the target of massive data breaches where hackers sold account credentials, sensitive data, confidential and financial information of these organizations’ cybercriminal forums.
Till now, nearly 16 billion records have been exposed this year. Moreover, according to researchers, 8.4 billion records have been exposed in the Q1 of 2020 alone! This number is a 273% increase in comparison with the first half of 2019 during which 4.1 billion records were exposed! (Source: Security Boulevard)
Let us take you through the biggest cyberattacks of 2020 till now.
Top 5 Data Breaches in 2020 So Far:
Twitter Hack
Twitter took the whole internet by storm when it was hit by one of the most brazen online attacks in history! The social media platform suffered a breach where the hackers verified Twitter accounts of high-profile US personalities like Barack Obama, Elon Musk, Joseph R. Biden Jr., Bill Gates, and many more.
Out of 130 targeted accounts, hackers were able to reset 45 user accounts’ passwords. Hackers posted fake tweets from these accounts, offering to send $2000 for $1000 sent to an unknown Bitcoin address. Reportedly, the Twitter breach well-coordinated scam made attackers swindle $121,000 in Bitcoin through nearly 300 transactions.
According to Twitter Support, “the attack on July 15, 2020, targeted a small number of employees through a phone spear-phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.”
Marriott Data Breach
On March 31st, 2020, the hotel chain Marriott disclosed a security breach that impacted the data of more than 5.2 million hotel guests who used their company’s loyalty application.
Hackers obtained login credentials of two accounts of Marriott employees who had access to customer information regarding the loyalty scheme of the hotel chain. They used the information to siphon off the data approximately a month before the breach was discovered.
The data accessed in the breach involved personal details such as names, birthdates, and telephone numbers, travel information, and loyalty program information.
According to the Marriot, hackers might have obtained the credentials of their employees either by credential stuffing or phishing. Previously, the hotel giant announced a data breach in late 2018 in which up to 500 million guests were impacted!
MGM Data Dump
Last year in 2019, MGM Resorts suffered a massive data breach. The news of the breach incident started to circulate in February 2020 when hackers leaked the personal details of 10.6 million hotel guests for free download. But in the later findings, the number increased by 14 times (nearly 142 million) than the number recorded in February 2020.
The personal information published on the hacking forum included the name, home address, phone numbers, email address, and DOB of guests. The leaked files of guests included Justin Bieber, Twitter CEO Jack Dorsey, and many major government agency officials.
However, a spokesperson from MGM Resorts confirmed that impacted guests were notified about the data breach. In addition, it said, “We are confident that no financial, payment card or password data was involved in this matter.”
Zoom Credentials Up for Sale!
Due to the COVID-19 pandemic, various organizations across the globe adopted work from home policy. In view of the situation, the Zoom video conferencing app became the most used application for virtual meeting and got popular among cybercriminals too.
Within a short span of time, the application became vulnerable to various security threats and eventually became a victim of the data breach. In the first week of April 2020, the news of “500,000 stolen Zoom passwords available for sale in dark web crime forums” shook the application users.
It was reported that more than half a million Zoom account login credentials were up for sale and some of the accounts’ credentials were given away for free. In fact, some of the login credentials were sold for less than a US cent each!
Along with account login credentials, victims’ personal meeting URLs and HostKeys were available too. The leaked accounts’ details belonged to financial institutions, banks, colleges, and various organizations.
Magellan Health (Ransomware Attack and Data Breach)
One of the Fortune 500 companies, Magellan Health was struck by a ransomware attack and data breach in April 2020. The healthcare giant confirmed by stating that about 365,000 patients were affected by the sophisticated cyberattack.
According to the investigation, the attack was launched with a fully planned process where hackers first installed malware to steal employee login credentials. Then they leveraged a phishing scheme to gain access to systems of Magellan after sending out a phishing email and impersonating their client before deploying a ransomware attack.
The data thieves were able to steal login credentials of employees, personal information, employee ID numbers, sensitive patient details such as W-2 information, Social Security numbers, or Taxpayer ID numbers.
Is Your Organization Secured From Data Thieves?
The global shift to a remote working culture has leveraged cybercriminals to launch highly sophisticated cyberattacks. Moreover, ransomware, phishing, DDoS, BEC attacks, etc. are amongst the most common types of data breaches that we have witnessed this year, till now.
Clearly, the first half of 2020 was quite challenging for organizations in terms of cybersecurity along with the adoption of new normal changes. Besides, we are still unsure of what cybercriminals have in store for the next six months of 2020.
Although, by learning lessons from the recent data breaches, we can secure our organizations from emerging cyber threats. Here are some of the “must follow” security measures for your organization to stay secured in these unsecured times:
Educate your employees with security awareness training to help them recognize and combat emerging cyber threats.
Cybercriminals do not need rocket science to entice targeted users with email scams. Even old baits like lucky draws are enough to lure targeted users into clicking on malicious links or giving away their details. This is how phishing attacks work.For those who are new to this term, a phishing attack is the most infamous form of cyberattack. It is deployed using fear tactics or social engineering strategies. Cybercriminals usually target email accounts of victims to infiltrate their personal information for malicious purposes.
These cybercriminals disguise themselves as legitimate sources to dupe email recipients. They use enticing email subject lines or message content to trick recipients into responding by either clicking a malicious link or opening attachments. Or just simply provide their sensitive information to these cyber threat actors.
The most common types of phishing emails are Business Email Compromise (BEC) attacks, spear phishing, whaling, pharming, etc. To prevent falling victim to such phishing attacks, it is important to implement cybersecurity solutions.
Cybersecurity Practices to Mitigate Email Phishing Attacks
Employee Education
The first and the foremost step to stay secure against email phishing attacks is user awareness. Employees play a major role in the cybersecurity chain of an organization. Also, they are the most vulnerable link in cybersecurity and hold access to confidential information of your organization.
Therefore, turn your employees into the strongest link by educating and training them with security awareness training. Use the best in class security awareness training tools that offer phishing simulation to give your employees a real-life cyber attack experience. This would not only help them in recognizing email-based attacks but would also help in analyzing their vulnerability level.
The Dos and Don’ts
Beware of unsolicited or suspicious emails landing in your inbox. Often unexpected emails grab the attention of users by creating a sense of urgency to respond. It is better to pay attention to such emails and take precautionary measures while opening them.
For instance, if you receive an unexpected email from a known sender address, ask them personally via a different mode of communication regarding the received email. Do not click on links or attachments before verification.
Report Phishing Emails
Phishing emails mainly contain grammatical errors and spelling mistakes that can be hard to detect. They either come from odd sender addresses or manipulated legitimate email addresses. Even some phishing emails can claim to be from your bank or government organization, asking for your financial details.
It is essential to have a phishing incident response tool to learn whether the suspicious-looking email received is authentic or not. You can also get to know about the subtle manipulations done in the email by cyber threat actors by reporting on the tool.
Email Encryption
Make sure to keep your email content secured by encrypting sensitive information. Cyber threat actors are upgrading their techniques to launch phishing attacks with evolution in technology.
There are various hacking strategies that can let these cyber threat actors sniff your email content for sensitive information or message alteration. To avoid any information leak, it is better to encrypt the confidential information in the email content.
Email Domain Security
Did you know that outbound emails can be manipulated by adding malicious attachments during the email delivery process? In fact, cybercriminals can spoof your email address to send malware-laden emails on your behalf to your clients or business associates.
Therefore, it is highly crucial to ensure that all your emails are being delivered securely and your email reputation is maintained. To do so, secure your email domains with vital email authentication protocols. Implementation of DMARC record, DKIM record, and SPF record in the DNS safeguards your email domain against email spoofing and BEC attacks.
Multi-factor Authentication
Enable multi-factor authentication to protect your account against unauthorized access. If someone else gets hold of your passwords, this authentication standard notifies you of unauthorized login or suspicious activities happening from a device other than yours.
It sends a security code to your email account, phone, or other authenticator apps whenever your email account is accessed from unknown devices.
Stay Up-to-date
Phishing attacks are deployed using social engineering tactics. Cybercrooks and cybercriminals trick users into revealing their confidential information through various manipulative ways.
These malicious practices involve scareware, baiting, pretexting and much more. Keep yourself updated with what cybercriminals are up to and about their new social engineering attacks.
With these preventive cybersecurity measures, you can stay secure from phishing attacks. Experience a cyber-resilient working environment in your organization by implementing and putting into practice these cybersecurity solutions.
With technology making revolutionary advancements, the rate of cybercrime has subsequently increased in the last decade. With hackers coming up with new ways and means to trick company employees, to find a digital route into the company assets, basic knowledge on spoofing is not enough anymore.Base-level education on email spoofing includes impersonation of an organization or executive by cyber attackers to get employees to disclose their confidential information like corporate ID or password. This information thus provided enables hackers to gain easy access into the company’s databases and accounts, draining their finances, and leaking valuable data.
As per a survey conducted by Forbes magazine on email spoofing statistics, cybercriminals send out around 1.3 Billion spoofing emails every single day. Cybersecurity analysts conducted detailed studies worldwide to disclose chilling statistics on email spoofing:
22% of all data breaches in 2019 were due to email spoofing.
88% of all organizations from 2019-2020 experienced phishing attacks due to spoofed email domains.
96% of all phishing attacks are carried out via email spoofing.
56% of all hackers rely more on stolen corporate credentials from employees tricked via spoofed email domains, than malware attacks.
Hackers are moderating methods to trick users, which goes beyond just impersonating the company’s executive email domain. Sometimes, employees may even receive an email from their own email address as cybercriminals try imitating the victim itself.
This has increased the chances of falling prey to phishing attacks, dispersing confidential information, and hampering security at your workplace.
How does Email Spoofing Take Place?
Hackers and cyber attackers take a corporate email ID and create a forged email address using that ID, to give the impression that the email has been sent the exact same email domain. Cybercriminals generally make use of weak links and vulnerabilities such as poor email domain authentication protocols in the company to forge emails.
Statistics disclose that around 40% of all leading organizations lack proper email domain authentication. Email domains generally operate via SMTP, which is the Simple Mail Transfer Protocol, a communication protocol that enables the transfer of mail via digital platforms.
However, SMTP is not programmed with an automated email authentication mechanism. Cybercriminals exploit this vulnerability in order to create spoofed emails by making minor changes in the IP addresses that are very difficult to track by inexperienced people.
Scanning the operating system for viruses and malware and changing the password for your email address is a temporary solution and not an effective preventive measure.
Therefore, it becomes imperative to implement certain programs and mechanisms to ensure a well-rounded protocol for email domain authentication and nullify the chances of falling prey to a phishing attack.
Solutions for Protection Against Email Spoofing
SPF ( Sender Policy Framework)
SPF or sender policy framework is a coherent system for email authentication. SPF functions by confirming and checking the sender addresses before the email is redirected into the receiver’s inbox.
This way the authenticity of the email is confirmed by checking whether the domain that the email is being delivered from has a valid IP address.
How does it work?
The IP address is matched with the DNS records of all the email domains that the organization uses for transferring mails to their respective employees.
The DNS record contains a detailed list of all the valid IP addresses for a specific email domain used by the company for the exchange of official information and communication. While the SPF record enlists all the functional email domains used by the same. If the sent email fails to match the data present in the SPF record, it is automatically classified as a forged or spoofed email.
DKIM (Domain Key Identified Mail)
Domain Key Identified Mail is a unique authentication mechanism used to check email authenticity and reduce the chances of receiving spoofed emails. DKIM functions by using a cryptographic or signature-based tool to implement efficient email domain authorization.
This, in turn, ensures that during the entire route taken by the email, from the sender to the receiver, the features of the particular email have remained unaltered. It helps the recipient confirm whether the email has been sent from the valid source or has it been impersonating the mentioned source to conduct a phishing attack. This guarantees that the data is authentic, and it comes from an authorized source.
How does it work?
DKIM has access to the DNS TXT records of the email domains of the company. When an email enters the system it is assigned a unique identification key by this mechanism, which is verified against the public key in the DNS TXT records, after which a DKIM signature is included in the email header.
The records are updated from time to time on the basis of new senders, and an unlimited amount of data can be stored. When this email enters the receiver’s server, instantly, the DKIM signature is drawn out from the email header.
The header of the mail now contains the domain name as well as a selector that incorporates the signature ( public key) of that particular email in the DNS TXT record. The public key will then be used to validate whether the data in the email has remained unaltered, and hence check for authentication.
DMARC (Domain Message Authentication Reporting and Conformance)
One of the most advanced methods implemented for email authentication is DMARC, which allows the receiver to know whether the received email is verified against the SPF and DKIM records. DMARC is a 21st-century tool which enables employees at organizations to detect spoofed emails going from their domain, independently.
DMARC is a comprehensive email authentication protocol, which keeps email domains secured by a step by step procedure for running a thorough scan on every aspect of the sender ID before the email lands in the receiver’s inbox.
How does it work?
After the email leaves the sender’s server, the SPF is verified via detailed checks run on the DNS records to match the sender’s email domain against all valid sources that the company can legally send emails via.
Furthermore, the assigned DKIM signature is also verified against the DNS records. Finally, the fate of the email depends upon the DMARC policy which can be set to “none”, “quarantine” and “ reject”.
In case of a none policy, the spoofed email lands in the inbox of the employee, in case of a quarantine policy the same is lodged into the spam box. If the DMARC policy is set to “reject”, the spoofed email is redirected into the trash bin.
A spoofed email is much more dangerous and harder to detect than a phished email since the email address in the former looks identical to the original email address. It is not possible for an employee to understand whether the received email is authentic or forged.
Therefore to gain protection from email spoofing and tackle phishing attacks, a well-rounded email authentication tool should be a part of your organization’s workplace security policy, to prevent emails from forged addresses from entering into your employees’ inboxes.
The year 2020 has been the most unpredictable and tough year for each one of us. The first quarter itself included lots of mishappenings and unforeseen scenarios, leaving every country across the globe on alert mode! The pandemic not only affected many lives but also flipped day-to-day routines, bringing everything to a halt at a certain point where none of us were sure of how to bring things on track.Although, eventually, everything started to change rapidly, including how we work, communicate, or even interact with one another remotely. The major impact of the COVID-19 pandemic was almost on every industry and its verticals, including private and public organizations. Every working individual was mandated to work from home, ensuring to prioritize their health security, but unfortunately, it resulted in leaving cyber security highly vulnerable.
After the coronavirus, cyber security became one of the significant topics of concern in the first quarter of 2020. With organizations adopting the ‘work from home’ policy, cybercriminals found the situation as a golden opportunity to deploy cyber attacks more aggressively. Lately, many organizations have fallen victim to massive cyber attacks and high-end data breaches, resulting in the exploitation of confidential data and online theft of millions of users’ credentials.
In fact, hackers have been taking control of several networks, locking away the data of the organization, and demanding an excessive ransom to return back their data. On seeing the criticality of the situation, it is impossible to set up a secure IT infrastructure like that of an office at home. But it is possible to stay proactive and cyber secure by taking preventive measures to mitigate future cyber risks.
Organizations must consider providing security awareness training to their employees in order to help them have knowledge of all possible cyber threats while working from home and how to combat them. Let us proceed further to learn more about security awareness training and how it is beneficial for employees.
What is Security Awareness Training?
Security awareness training is formal training to educate employees about computer security. This practice of training employees includes educating them about corporate policies and working procedures with information technology. The main purpose of this training is to help employees become familiar with cyber attacks, data breaches, and all types of social engineering practices.
But the ultimate purpose of this security awareness training for employees is to teach them about the value of data as a corporate asset in the organization. A proper and effective security awareness training keeps employees engaged and interested in following the directives. The motive is to ensure that employees do not get indulged in handing over confidential information to any unauthorized person or do not commit mistakes that might help hackers to get unauthorized access into an organization’s restricted network.
More importantly, security awareness training helps in influencing the behavior of employees, reducing cyber risks, and ensuring compliance within the organization. This corporate security awareness training program is currently the best method to encourage cyber security awareness among employees while they are working from home.
According to a study by a security research lab, human error is the most common cause of 95% of cyber security breaches. It also stated that if somehow this human error is eliminated completely, 19 out of 20 cyber breaches might not happen at all in the first place. The Information Security Awareness Officers of every organization must consider planning and implementing proper security awareness training for employees.
How is Security Awareness Training Important for Employees?
While corporates are seeking digitals assets to mitigate cyber threats, it is important to understand that the biggest threat lies within the organization itself. Humans are the most vulnerable resource and the weakest link in the cyber security chain. They are easy targets of hackers as they can be easily manipulated due to psychological flaws. Recently, 60% of UK businesses fell victim to cyber attacks and data breaches because of human error, resulting in bringing their business to a halt for days.
This is why implementing cyber security awareness training among employees is highly important for every organization. Just by strengthening the weakest link in the cyber security chain, an organization can mitigate up to 90% of cyber risks. Moreover, the following benefits of security awareness training will definitely make you understand the importance of the purpose:
Cyber Resilient Working Environment
The security awareness training program develops a sense of responsibility within employees to work in a security-focused environment. When you offer training to employees, they automatically understand the importance of the topic being taught and learn how it has to be practiced in the future. Regular training helps in instilling better habits of staying cyber aware and secure.
Prevent Breaches and Cyber attacks
Without this security awareness training, employees wouldn’t have stayed updated on cyber attacks and malicious activities of hackers. So when employees learn how to recognize and avoid these attacks, they start using preventive measures in order to keep the organization’s network secure and maintain the workflow.
Robust Technical Defenses
Technological security defenses play a valuable role in safeguarding organizations from the reach of cybercriminals. But these defenses require manual labor to operate, update and upgrade security software which is only possible with proper security awareness training. These technological defenses become useless if they are being operated or updated without full knowledge.
Proactive Employees
One of the biggest benefits of corporate security awareness training is to help employees become proactive and confident about working around data, without causing any incident. After all, human error is the leading cause of cyber attacks and data breaches. With effective training, employees become empowered to work in a cyber-resilient environment, reducing the chance of human error.
Gets Everyone in Sync
Every security practice must be followed in sync, keeping every employee on the same page in the organization. Without official training on cyber security, all different departments in the organization might be practicing different principles, keeping data on the verge of risk.
This is why official security awareness training sessions are important to remove all guesswork when it comes to security and make every working individual follow the suit to mitigate security threat postures.
Let us not stay vulnerable by encouraging cybercriminals to take advantage of the pandemic and lockdown. Cyber security is a two-way street where we have to keep up with the advanced security tools to combat and mitigate cyber risks.
According to the security survey, 78% of the security professionals around the world believe that the biggest risk to endpoint security is human error. Moreover, the lack of cybersecurity awareness among employees is one of the biggest exploitable vulnerabilities in any organization.
Nevertheless, an organization can have the most robust security software in the world, but human errors like password sharing can lead to massive data breaches for a lifetime.
Some of these following statics show the criticality of password security in today’s date:
Approximately by the end of 2020, password usage across the globe will grow by 300 billion.
81% of the data breaches have been reported because of poor password security.
About 61% of companies use more than 500 accounts with non-expiring passwords.
A research article by ITProPortal stated that only 38%of companies update their admin passwords once a quarter while the rest do it very rarely.
25% of employees use the same password in all login credentials.
What are the Risks of Sharing Passwords at Work?
One of the most challenging things in the digital world is managing online accounts by securing passwords from the reach of untrusted sources. Whenever a new data breach or compromised information of a company makes headlines in the news, the most common reason shines out to be the poor password security.
Habits like password sharing, providing login credentials on unsecured websites, weak passwords, etc., put companies at expensive risks. In a study by a renowned password manager company, it was stated that around 61% of users more likely share their work passwords than personal passwords.
There are various organizations that still take the matter of password security lightly. It is important for them to understand the consequences of password sharing at the workplace. Here are the top five security risks of password sharing at work:
Single sign-on (SSO)
SSO is an authentication scheme that allows users to use a single ID and password to access multiple corporate software and applications. An employee can use one password to access dozens of enterprise login accounts at the same time.
Even though this practice seems to be beneficial in easing the burden of memorizing and entering passwords, it has disadvantages too. In the common practice of password sharing, it will give rise to major password security vulnerabilities and issues in the organization.
2. Credential sharing
In several organizations, password sharing at work is a common practice for various reasons, but this practice can lead to dangerous results. According to cybersecurity research, it was found that 42% of people share their work login credentials to work together with their teammates.
While 34% of stated that this practice reduces cost on user-limited software. Whereas the rest of the respondents said that it is their company’s policy to share passwords for accessing specific accounts. In the end, no matter how effective these practices sound, sectors like Banking, Financial Services, and Insurance (BFSI) might fall under the risk of the massive data breach.
3. Password reuse
Almost every user has the habit of reusing the same password to log in to more than one account. But reusing the same old passwords only empowers workers to increase the threat of a single stolen password for the company.
Also, reusing a password across multiple websites might result in a data breach because if attackers get the hold of one site then they will try using the same information to target other corporate accounts as well.
4. Cloud computing
Today many businesses are flocking to the cloud as it offers enterprise advantages like cost savings and fast development. However, there are many applications and software that are based on cloud computing that are poorly secured. In fact, it was surveyed that out of 12000 cloud services, 80% allow weak passwords, which is a major password security flaw. A stolen shared password can easily provide hackers with access to valuable and confidential information of the organization.
5. Emailed passwords
In order to collaborate with colleagues in a project or some other requirement, employees generally share passwords over emails. This practice of password sharing on emails becomes habitual due to the lack of security awareness training.
A security service providing firm also once reported that less than 20% of employees telecommute are actually aware of the employee password sharing policy of the organization.
It is essential to make employees understand the significant risks of password sharing on telecommunication. Such practices empower hackers to take advantage of sent messages while they go through the hacked email account of the employee.
How the Importance of Not Sharing Passwords Can Secure Organization?
No matter where you are or who you find the most trustworthy, habits like password sharing should not be encouraged. Even relying on shared passwords, best practices like password reminding or saving tools are not 100% secure! It is just like handing over your valuables to some stranger over an application or software.
Risks of sharing passwords at work would not only make the professional data vulnerable but personal data too to cybersecurity threats. Organizations must consider implementing an employee password sharing policy to protect the confidentiality of data.
The purpose of using a password is to safeguard data or sensitive information from unauthorized access. Employees working in an organization must understand the value and risks associated with password security. The security administrator of an organization should encourage higher authorities to have GDPR compliance implemented in place for password security.
Apart from that, every organization must provide security awareness training to its employees in order to understand the basic cybersecurity practices and how they must be followed in their day-to-day life.
What is SQL Injection (SQLi) and SQL Injection Attack?
If you are quite familiar with the cyber world then you must have probably heard of “SQL” or “SQL Injections” terms floating around. In simple words, SQL is a database language that stands for Structured Query Language. It was designed for operating database systems like MySQL, Oracle, Microsoft SQL Server or SQLite. On the other hand, SQL injection is a cyber-attack that targets the database with the help of specific SQL statements that are crafted to trick the system into performing uncalled and undesired tasks. The SQL injection attack changes the code to modify the command.
A successful SQL injection attack is capable of:
Modifying, altering or deleting data from the database
Reading sensitive and confidential data from the database
Retrieving the content of a specific file present on the database management system (DBMS)
Enforcing administrative operations like shutting down the DBMS
Without proper mitigation controls and security measures, the SQL injection attack can leave an application at a huge risk of data compromise. It can impact the data’s confidentiality and integrity as well as the authentication and authorization with respect to the application. It can also empower an adversary to steal confidential information like user credentials, financial information, or trade secrets by misusing the vulnerability existing in an application or program.
Types of SQL Injection Attacks
An SQL injection can be exploited in many ways and all of these ways require different levels of knowledge ranging from amateur to expert. Here are some common SQL injection types:
In-band SQL Injection
It is the most common type of SQL injection attack in which the attacker uses the same communication channel for launching attacks and gathering their results. In-band SQL Injection is infamous among SQL injection attacks for its simplicity and efficiency. It has two sub-variant methods:
Error-based SQL Injection: A technique in which the attacker determines the vulnerabilities of the system by deliberately causing the database to produce error messages. Later these error messages are used for returning full query results and revealing all the confidential information from the database. This technique can also be used for identifying vulnerabilities present in a website or web application and in obtaining additional information to redevelop malicious queries.
Union-based SQL Injection: In this technique, the attacker gets the benefit of extracting information from the database by expanding results that are returned by the original query. But the Union operator is only useful in case the original or new queries have the same number and data type of columns.
Inferential (Blind) SQL Injection
Blind SQL injections mainly rely on the server’s behavior and response patterns where the attacker closely observes the indirect clues. For this observation, the attacker sends the server data payloads. This type of technique is called Blind SQL injection because the attacker doesn’t get the data from the website database, thus making it impossible to see the information about the attack in-band. The Blind SQL injection is classified into two methods:
Boolean: Here the attacker sends an SQL query to the database that prompts the application to return a result. However, depending on the query, true or false, the result varies, and based on the result, the information modifies or stays the same, that is there in the HTTP response. With the help of it, the attacker finds out whether the result is true or false in the message generated.
Time-based: When an SQL query is sent to the database by the attacker, the database waits for some seconds to respond. By observing that period of time taken by the database to respond, the attacker gets to analyze whether the query is true or false. And based on that result, an HTTP response is generated either instantly or after some waiting period. Thus, without relying on the data from the database, the attacker can determine if the message used has returned true or false.
Out-of-band SQL Injection
The most uncommon approach to attack an SQL server, this technique relies on particular features of the SQL-enabled database. It involves the submission of a DNS or HTTP query to the SQL server that has an SQL statement. If successful, the Out-of-band attack can transmit the contents of the database, escalate user privileges, and perform the same actions that other types of SQL injection attacks perform.
The Recent SQL Injection Attack Examples
Many SQL injection attacks have taken place in the past decade and it can be concluded that SQL injections are one of the most evolving types of cyber attacks. Between the years 2017 and 2019, the SQL injection attacks accounted for 65.1 % of all the attacks on software applications. Here is the list of top SQL injection attack examples of all time that every user must be well aware of!
In one incident of an SQL injection attack, personal details of 156,959 customers were stolen from a British telecommunications’ company’s servers, exploiting a vulnerability present in the legacy web portal. (source: Wikipedia)
According to Help Net Security, 60+ government agencies and universities were successfully targeted using SQL injection attack by a hacker who was involved in penetration of the US Election Assistance Commission and subsequent database sale in November 2016.
The officials at Johns Hopkins University on March 7, 2014, publicly announced that their Biomedical Engineering Servers became victims of an SQL injection attack. The hackers compromised the personal information of 878 students and University staff. They posted a press release and the leaked data on the internet. (source: Wikipedia)
In May 2020, a New Yorker was charged for hacking into e-commerce websites with the motive to steal credit card information. It was reported that the hacker along with its gang used SQL injection techniques for hacking into vulnerable e-commerce websites to steal payment card data.
How To Prevent SQL Injection Attacks?
In order to secure your organization and mitigate SQL injection attacks, the developers, system administrators, and database administrators in the organization must follow these below-mentioned steps:
Ensure to keep all web application software components up to date with the latest security patches and leaving no place for vulnerabilities.
Avoid using shared database accounts between different applications or websites.
Regularly monitor SQL statements from database-connected applications.
Limit the attack surface by getting rid of any database functionality that is no longer needed in order to prevent it from being misused by hackers.
Error messages are key for attackers to learn a great deal about your database architecture, so make sure to display only minimal information.
Always keep the database credentials encrypted and separate safely.
Most importantly, these inculcate the practice of periodic VAPT, i.e. vulnerability assessment and penetration testing. A regular VAPT provides a detailed picture of exploitable vulnerabilities existing within an application and all the risks that are associated with these vulnerabilities. It allows IT, security teams, to focus on the process of mitigating critical vulnerabilities.
Do you think that the SQL injection attack can be another big threat to the next-generation-based software applications in the near future?
Ransomware has become a huge potential to exploit and damage users’ crucial data. This malicious attack was the most significant malware threat of 2018 and it continues to be the most dangerous even in 2019. With its growing popularity, more people are being targeted to get the ransom.
In most cases, the ransom demanded from the victim comes with a deadline. If the victim fails to pay within the provided timeline, the data is lost forever. Ransomware attacks are very common these days.
Even paramount companies in North America and Europe have fallen victim to this . Cybercriminals spare no one and can attack any consumer or business, coming from all kinds of industries. Various government agencies advise people against paying the demanded ransom as this might stop the ongoing cycle of ransomware attacks.
As a matter of fact, a ransomware attack is designed to extort money from victims by blocking access to their data or systems. There are two most prevailing types of ransomware attacks through which the attacks are deployed; encryptors and screen lockers.
Under encryptors, the index of data on a system is encrypted into an absurd content and can only be restored with a decryption key. Whereas, screen lockers simply block the access to the system by locking screen, declaring that the system is encrypted. Apart from the two prevailing types, there are some infamous ransomware attacks as well.
Major Infamous Ransomware Attacks:
Wannacry Ransomware Attack
This ransomware attack came out as a powerful Microsoft exploit. It was leveraged to create a global ransomware worm to infect over 250,000 computer systems. More than 200,000 systems were locked down in 150 countries. Hackers demanded a ransom which was paid through Bitcoin. Wannacry ransomware attacks infected National Health Service (NHS) and many other organizations across the globe.
CryptoLocker
It is a part of a ransomware family whose job is to extort money from users by encrypting the user’s hard drive as well as the attached network drives. It was first among the current generation of ransomware which required cryptocurrency for a ransom payment. CryptoLocker was spread through an email attachment that claimed to have come from FedEx and UPS tracking notifications.
NotPetya
NotPetya is considered as one of the most destructive ransomware attacks. It was coded in such a way that even if the user pays up the ransom, the data would still be unrecoverable. Infamous as a close relative of Petya malware, it successfully infected a thousand number of computers across the globe in 2017.
How to Prevent Ransomware Attack?
Ignore Unverified Links
Never click on links that come in spam emails or on any unfamiliar websites. If an unexpected download starts when clicked on a malicious link then there are high chances of your computer getting infected.
Never Share Personal Data
If you receive an email, call or text from an untrusted source asking for your personal information, make sure you don’t give out the details. Cybercriminals trick users into getting their personal information in advance of an attack. They use your information to target you via a phishing email.
Backup your Data
If you ever experience a ransomware attack, you must already have a back-up of your data so that you don’t have to pay any kind of ransom to the attacker. Make sure of keeping a copy of every important data in an external hard drive that is not connected to your system.
Never Pay Ransom
Never pay any amount to cybercriminals who carry out the ransomware attack. This is because there is no guarantee of return of data; after all your trust has already been manipulated with data hacking. Paying ransom only encourages cybercriminals to carry out more attacks.
Security Awareness For Employees
The best way to prevent a ransomware attack is by becoming proactive towards the latest cyber attack vectors. An organization must be aware of the harmful attack vectors which can lead them on the verge of losing their data and customer trust. It’s better to opt for preventive measures in advance so that there are fewer chances of falling victim to any kind of cyber attack.
Cyber crime has been on the rise for years now and it is not showing any signs of slowing down. To make it worse, the arrival of the COVID-19 pandemic in 2020 just fueled the situation. Those who were expecting relief from the increasing terror of cyber crimes in 2021 are to be disappointed as the number of attacks is only increasing day after day.
We have barely crossed the first quarter of 2021 and already several major cyber attacks have made the headlines. Here is a list of some of the major cyber attacks that took place in Q1 2021:
#1 Channel Nine
Australian broadcaster Channel Nine was hit by a cyber attack on 28th March 2021, which rendered the channel unable to air its Sunday news bulletin and several other shows. With the unavailability of internet access at its Sydney headquarters, the attack also interrupted operations at the network’s publishing business as some of the publishing tools were also down. Although the channel first claimed that the inconvenience was just due to “technical difficulties”, it later confirmed the cyber attack.
#2 Harris Federation
In March 2021, the London-basedHarris Federation suffered a ransomware attack and was forced to “temporarily” disable the devices and email systems of all the 50 secondary and primary academies it manages. This resulted in over 37,000 students being unable to access their coursework and correspondence.
#3 CNA Financial
One of the biggest cyber insurance firms in the US CNA Financial suffered a ransomware attack on 21st March 2021. The cyber attack disrupted the organization’s customer and employee services for three days as CNA was forced to shut down to prevent further compromise. The cyber attack utilized a new version of the Phoenix CryptoLocker malware, which is a form of ransomware.
#4 Florida Water System
A cyber criminal attempted to poison the water supply in Florida and managed by increasing the amount of sodium hydroxide to a potentially dangerous level. The cyber criminal was able to breach Oldsmar’s computer system and briefly increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million.
#5 Microsoft Exchange Mass Cyber Attack
A mass cyber attack affected millions of Microsoft clients around the globe, wherein threat actors actively exploited four zero-day vulnerabilities in Microsoft’s Exchange Server. It is believed that nine government agencies, as well as over 60,000 private companies in the US alone, were affected by the attack.
#6 Airplane Manufacturer Bombardier
A popular Canadian plane manufacturer, Bombardier, suffered a data breach in February 2021. The breach resulted in the compromise of the confidential data of suppliers, customers and around 130 employees located in Costa Rica. The investigation revealed that an unauthorized party had gained access to the data by exploiting a vulnerability in a third-party file-transfer application. Also, the stolen data was leaked on the site operated by the Clop ransomware gang.
#7 Computer Maker Acer
The globally renowned computer giant Acer suffered a ransomware attack and was asked to pay a ransom of $50 million, which made the record of the largest known ransom to date. It is believed that a cyber criminal group called REvil is responsible for the attack. The threat actors also announced the breach on their site and leaked some images of the stolen data.
#8 University of the Highlands and Islands
A cyber attack targeted the University of the Highlands and Islands (UHI), forcing the university to close all its 13 colleges and research institutions to students for a day. Security professionals uncovered that the attack was launched using Cobalt Strike, a penetration testing toolkit commonly used by security researchers for legitimate purposes. This incident is just another in a series of cyber attacks targeting the education sector.
#9 Sierra Wireless
On 20th March 2021, the multinational IoT device manufacturer Sierra Wireless was hit by a ransomware attack against its internal IT systems and had to halt production at its manufacturing sites. Its customer-facing products weren’t affected and the company was able to resume production in less than a week.
#10 Accellion Supply Chain Attack
Security software provider Accellion fell victim to a breach targeting its file transfer system FTA. Many of its clients were affected by the breach. Some high-profile organizations that got caught in the crossfire include grocery giant Kroger, telecom industry leader Singtel, the University of Colorado, cyber security firm Qualys and the Australian Securities and Investments Commission (ASIC). A lot of confidential and sensitive data stolen from various companies by exploiting the vulnerabilities in Accellion’s FTA tool was leaked online.
How to Protect Your Organization Against Cyber Attacks?
Witnessing the extent of damage cyber attacks can cause should be reason enough to take the necessary preventive measures right away. So, here are some steps you can take to reinforce your organization’s cyber security framework and keep it shielded from cyber attacks.
Generate Cyber Security Awareness: Unaware employees can prove to be an organization’s biggest weakness when it comes to cyber security. Generating awareness among your employees about the prevalent and emerging cyber threats is one of the most effective ways of protecting your business against cyber attacks.
Implement a Phishing Incident Response Tool: Educating your employees will only take you so far if you don’t equip them with the means of dealing with cyber threats. A phishing incident response tool like TAB can empower your employees to detect and report suspicious emails right away, significantly reducing cyber risks.
Carry Out VAPT: Conduct periodic Vulnerability Assessment and Penetration Testing (VAPT) to detect any exploitable vulnerabilities in your organization’s IT infrastructure including applications, servers and networks. Make sure to fix the detected weaknesses on priority.
Keep the Systems Updated: Keep all your hardware and software up-to-date with the latest security updates and patches. Failing to do so can create weaknesses in your security infrastructure and lead to cyber attacks.
Implement MFA: Enable Multi-Factor Authentication (MFA) across all the applicable endpoints of your organization’s networks. This will not only add an extra layer of security but also protect you in case your employees’ user credentials are stolen.
So, don’t wait for your company’s name to be on the list of cyber attack victims and take the necessary precautions immediately.
With geopolitical tension rising in certain parts of the world along with the ambitions of cyber attackers, coming up with a holistic strategy to protect the nation’s critical infrastructure has become a priority for the enterprises handling them. Imagine what would happen if the nuclear plants or the space agencies of a country were hit by a cyber attack. The disruption caused due to a successful cyber attack on a nation’s critical agencies can be far-reaching. It has the potential of causing a major loss of money, time, and even lives. This can be illustrated by a recent incident.
After the release of the largest-ever compilation of breached usernames and passwords, COMB, a cyber attacker wrongfully entered the Oldsmar (Florida) water plant’s computer systems to poison the city’s water supply by changing its pH to dangerously acidic levels. Even though the attack was thwarted before completion, this incident has opened our eyes to the dangerous reality of such an attack being successfully executed in the future.
Tomorrow, this attack can take place in the form of manipulation of boiler pressure in a thermal power plant or a ransomware attack on the country’s top-tier healthcare institutions. All of such attacks are not only potentially life-threatening but also pose a huge risk of material damage.
Other Cyber Incidents Around the World Involving Critical Infrastructure
In February 2020, Saudi authorities reported that their public petroleum and natural gas company Saudi Aramco has seen an increase in cyber attack attempts. This public enterprise suffered a huge cyber attack back in the year 2012 when Shamoon Virus hit the facility and damaged around 30,000 computers.
A few months back, New Zealand’s central bank suffered a huge data breach, where commercially and individually sensitive information was stolen by cyber attackers.
In another event, an electricity grid in the state of Maharashtra (India) was hit by a cyber attack that resulted in a power outage. This incident took place in the month of October 2020 and the authorities suspect Chinese involvement in it.
Discussing the Deterrent
In today’s world, there is cut-throat competition between countries for production and use of resources. Therefore, it is all the more important for enterprises handling and managing the critical infrastructure to adopt a multipronged approach while planning a defense against cyber attacks.
At the organizational level, some of the following measures can help in stopping cyber attacks from affecting the enterprise-
Access Management – Access management is the first basic measure that organizations should take to protect their control systems. Identity Access Management (IAM) in databases and other important IT infrastructure is necessary to limit access and prevent the misuse or leak of information.
Awareness as Defense – One very effective way of preventing cyber attacks on an enterprise is to train the employees in the basics of cyber security. Cyber aware employees form a major defense against attempted cyber attacks on the enterprise.
Email Domain Security – To ensure the security of an organization, it is imperative to address the cyber threats originating from its email domain. Using email domain security tools like KDMARC can be very effective in stopping spoofing of the email domain to protect the enterprise against spear-phishing and BEC attacks.
Data Backup – Frequent data backup in offline locations in a segmented manner is the best approach to defend against ransomware attacks.
Incident Response – Use of incident response tools can facilitate quick detection of and response to a cyber attack. A phishing incident response tool like Threat Alert Button (TAB) can be quite helpful in identifying and removing phishing emails from the employees’ inboxes.
Strong Password Policy – Employees should be encouraged to use strong passwords. This applies to both their work emails and other credentials used for accessing information and operations of critical systems in the enterprise.
/GettyImages-962574588-d07e325236e84e23971c5f6d5079775e.jpg)
