#cybersecurityawareness Archives

Cybersecurity & Information Security: A comparative look

Posted on 24/05/202103/06/2021 by Anteelo Master

Generally, when it comes to computer security, people often misunderstand terms of cybersecurity and information security for the same meaning. But do both of these terms mean the same though? Well, let’s proceed further to find out!

What is Cybersecurity?

While cybersecurity and information security may seem synonymous to users, both terms are theoretically different in the concept of security. Cybersecurity is the amalgamation of processes, technologies, and practices, chiefly designed to protect data, systems, networks, and programs from unauthorized access and cyber-attacks.

Organizations transmit sensitive and confidential data across networks and to other devices for business purposes on a daily basis. This is where cybersecurity plays the role of securing information and systems used for process or storage from various types of attacks in cybersecurity.

As ever-evolving cyber-attacks are rapidly on the rise, implementing cybersecurity solutions helps in safeguarding the data related to confidential and financial records of the company. Employee security awareness, training tools, incident response tools, email authentication protocols, brand monitoring tools, etc. are some types of cybersecurity solutions.

What is Information Security?

Cybersecurity explained above states the focus on the security of process and technology. However, information security is entirely a different concept. Information security plays a role in ensuring that both digital and physical data is being protected from unauthorized access, exploitation, recording, disclosure or modification.

The abbreviated term of information security is “infosec” and is also referred to as “data security”. It aims to keep data secure regardless of digital or physical form. Moreover, information security is a set of practices to keep data secure during scenarios where it is being stored or transmitted from one device or place to another.

While information security remains to be a primary focus in protecting the confidentiality, integrity, and availability of data, maintaining organizational productivity is equally an important concern. This is why information security offers guidance, security policies, industry standards in passwords, antivirus software and information security awareness to provide best practices.

So, if cybersecurity and information security work on the same goal of safeguarding an organization’s data, then what differentiates both terms? Let’s find out with the difference stated below!

Cybersecurity Vs. Information Security: 5 Key Differences

Before continuing to learn what differs both terms, it is important to understand that cybersecurity is basically a subset of information security. You can consider information security as an umbrella with cybersecurity coming underneath it along with other security standards.

Now let’s read further to figure out the differences between these two terms:

Cybersecurity

Information Security

Security of data and information in digital or electronic form.

Protection of data from cyber frauds, cybercrimes, cyber-attacks, and law enforcement.

This focuses on securing the cyber resilience of an organization including personal data present on the digital and electronic platform.

The advanced step to combat persistent cyber threats that are imminent.

Deals with cyber threats like phishing, ransomware, risk of removable media, cyber scams, vishing, and smishing.

Security of information assets, existing in both physical and digital form.

Protection of information from unauthorized access, disclosure, modification, misuse or destruction.

This focuses on securing information assets of an organization like integrity, confidentiality, and availability.

The foremost step in the foundation of data security.

This deals with all sorts of security threats to ensure that proper security protocols are set in place.

From the above-given table, now we can easily differentiate between both the terms. While information security mainly concerns protecting data of organization from any sort of unauthorized access, cybersecurity ensures that an organization’s electronic data is secure from cyber threat actors. Cybersecurity is a broad practice of ensuring that servers, networks, and email channels remain protected and accessible to only authorized users that fall under the realm of information security.

Although, the information is not the only area of concern for cyber threat attackers. Some hackers are keener about uncovering the user’s login credentials and gaining unauthorized access to closed networks. Their purpose to do so is to manipulate the data and website or hamper the essential functions.

To prevent hackers from attempting such malicious activities, patching up existing vulnerabilities in networks and devices is a must. Doing so leaves no room for hackers or cyber threat actors to make any possible interaction between the computer device and network or server.

This is why we have certain types of cybersecurity solutions that hold a wide scope right now. Moreover, the experts in this field will have high demand over the next decade too due to the introduction of new technology trends.

The Parallel-ground Between Cybersecurity & Information Security

After all these differences, you might wonder if there is any parallel-ground between cybersecurity and information security or not. Well, the answer is yes! Both cybersecurity and information security are the foundation to information risk management.

While cybersecurity professionals are mainly concerned with safeguarding electronic data from cyber risks and data breaches, they still perform physical security practices. Just like information security professionals keep a cabinet full of confidential information locked, cybersecurity experts require physical security measures to keep adequate data protected. It is impossible to physically lock a computer device, but having security protocols in place, one can easily prevent unauthorized access.

Both cybersecurity and information security are crucial aspects of technology in this evolving 21st century. Organizations looking forward to data security must understand the importance of these two aspects of technology. Every security administration of an organization must stay one step ahead of the ever-evolving security threats.

They are needed to provide and implement the best security awareness training practices and as well as analytical tools to monitor phishing and fraud activities taking place on the online platform. With constantly developing technology and the IT world, security professionals must stay updated to tackle down the evolving security risks and prevent future cyber threats.

Secure Code Review – A Prerequisite!

Posted on 20/05/202103/06/2021 by Anteelo Master

What is a Secure Code Review?

Secure Code Review is the process to check the code in the development phase so that there are no vulnerabilities left in the code. It involves manual and automatic testing of the code, which helps to review the loophole in the code that can later affect the organization. It is a process to identify and patch coding errors in the development phase before they turn into a high-level security risk. Reviewing security codes helps an organization to minimize the overall maintenance and development cost by enhancing the effectiveness of the code lines and eliminating any kind of early-stage risks.

Major Focus Pointers for Code Review

Injection:

The injection is a flaw that allows the application to accept the inputs to enter shell commands, enter the database, or operating system, which makes the application vulnerable for injection attacks.

Memory Flaws:

The flaws like Meltdown and Spectre are caused due to inconsistent and vulnerable code, which ends up compromising the information and data present in the primary memory.

Sensitive Data Exposure:

When due to the vulnerability in the program code, an attacker can gain sensitive information like the credit card details, private data, passwords, etc is known as the sensitive data exposure.

Cross-Site Scripting:

The cross-site scripting is similar to the injection attacks. In this, the malicious scripts are embedded in such a way that the user’s PC trusts the malicious site by using the cookies as a legit site. This involves the browser side scripting and compromising the user.

Principle of Secure Code Review

The principle of secure code review or the peer code review is that after this process, there should be no short-comings, security loose ends, code structure loopholes, and inconsistency in the code. It is done for the quality assurance of the code and thus, the code is read and rewritten mitigating all the possible vulnerabilities.

Purpose of Secure Code Review

Secure Code Review is an important step during the development process these days. It allows the code to be free from any kind of risk. It is important for the application to have consistency. It should be free from any security vulnerabilities and data discrepancies. The code should have a proper structure and ways to manage the data.

How is the Code Reviewed?

There are 6 steps to secure code review: –

Reconnaissance:

The reconnaissance is the process where we see the code and try to figure out the basic threats and risks in it.

Scope Assessment:

Threats and risks are categories and scope is decided for the same. This scope helps us to follow a path in the next processes. This is known as the scope assessment.

Automation:

Based on the scope the code is checked using various tools. These tools automate the process following the checklist. Thus, this makes the process automated.

Manual Review:

After using the tools in the automation step. The code is manually checked to find out the issues if any. The left vulnerabilities are removed manually.

Confirmation and POC:

After the code is reviewed by an automated and manual process, it is sent further for the confirmation and proof of concept (POC). Thus, this step checks that the code is good to go and can be sent for compilation.

Reporting:

Once all the processes are done and are confirmed, the report is made for all the steps taken. This report contains the vulnerabilities that were there in the code and suggestions to mitigate them. This final report covers all the information on the secure code review process.

Attacks Summary Due to Lack of Secure Code Review in 2019-2020

68% of a data breach of web applications
27% of personal data of the US stolen from websites
31% of credential data stolen from companies
82% of vulnerabilities were in application code
54% of cross-site scripting attacks were done because of loopholes in application codes
29% of injection attacks took place due to no secure code review

The New Age Weapon: Malware

Posted on 19/05/202103/06/2021 by Anteelo Master

What is malware?

Malware is short for ‘Malicious – Software”. The set of code or software that are made intentionally to harm and infect the endpoints in the network are known as malware. The cyber attackers use this malicious software to infect and attack the devices. The malware is of many types and is categorized based on the way they function. We will be explaining these later in the blog.

Malware Threats

These days, malware is not directly installed on the victim’s device. Instead, it is sent and installed on the endpoint device using some techniques and by exploiting loopholes. Thus, these are the scopes that are to be mitigated by the security professionals when deploying cybersecurity.

Various types of malware threats are:

Social Engineering:

When an attacker manipulates the user to extract sensitive information for personal gains, it is known as social engineering. Sometimes the malicious links or malicious files are sent to the victim during social engineering. As soon as the victim clicks on the malicious link or downloads the malicious file, the malware gets installed in the victim’s device.

Email:

The attacker sends lucrative emails that tempt the user to click on the link provided in the email. As soon as the link is clicked, the malware gets downloaded itself in the background and infects the user’s PC.

Website cookies:

Malware tampers web cookies. Thus, when you open a genuine site, this malicious cookie triggers and redirects you to the malicious sites. Thus, these sites may extract information or can download the malware into your system.

Planted Removable Medias:

Sometimes the attacker intentionally plants the removable media with malware loaded in it to tempt the victim to check its data. As soon as you will plug it in your system, the malware will be automatically installed and will end up infecting your device.

Types of malware

As told earlier in the blog, the malware is categorized and named based on the way they infect the system. Some of them are as follows:

Worm:

Worms exploit your operating system. These types of malicious software use your network bandwidth, steal your data, and send it to the attacker. It has the property to self-replicate and thus, it copies itself through the network.

Trojan Horse:

Trojan Horse is that comes attached to a normal file. Trojan malware disguises itself in the necessary files and then sends the data of your device to the attacker.

Spyware:

This extracts important credentials of data from a user’s device and sends it to the attacker. This kind of malware exploits the vulnerabilities in the software.

Ransomware:

This is a kind of malicious software that infects the victim’s device by encrypting its data. The data can only be decrypted with a key that is provided by the attackers once you pay the ransom amount to them. Thus, it is advisable to keep backup of your data.

Adware:

Adware is a kind of malicious software that is injected into the victim’s device using the advertisement pop-ups of needful software. Pop-ups of urgent requirements of antivirus, malware remover, etc. are embedded with the malicious link. As soon as the victim clicks on the link, the malicious file is downloaded in his/her system and infects the device.

Virus:

This is a kind of malicious software that steals information and credentials of the user. The virus is also sometimes used to make the victim a bot. It can self-replicate itself but it cannot be transferred to the other device without human intervention. It can be attached to a document, mail attachments, scripts, etc.

6 Prevention tips from malware

Never click on not so secure and lucrative links as they may end up infecting your system.
Always keep your PC’s operating system updated.
Do not click on any link unless provided by the trusted source.
Change your passwords in the necessary interim intervals.
Avoid opening emails and attachments from unknown resources.
Do not pick up USBs found lying unguarded in public spaces.
Be cyber aware.

Era of AI in Cybersecurity

Posted on 01/05/202131/05/2021 by Anteelo Master

Artificial Intelligence to revolutionize cybersecurity

Cyber attacks are increasing rapidly these days and the trend for zero-day attacks is also not so unknown. To cope up with these evolving cyber threats, it is the need of the hour to be prepared with more advanced counter mechanisms. This is where AI in cybersecurity comes into play.

These days there are tools and security devices that use AI to make the attack detection and prevention process easy and automated. AI in cybersecurity helps to bring out the concepts of behavioral analysis, automation, and many more that help to create a new space in the field.

Role of AI in cybersecurity

AI has opened new horizons and opportunities to detect and mitigate cyberattacks. Every day multiple cyberthreats are born and increase the attack surfaces of the firm. AI in cybersecurity helps to delve deeper into the key areas to find the threats and adjust itself in a suitable way to mitigate them.

AI can identify and prevent cyberattacks

AI has lots of reference modules and predetermined attack engines that helps the user to detect the inbound cyber attacks easily. Some attackers use predefined scenarios, methodologies, and techniques to attack websites and applications. By using AI-based detection techniques, it will be easy for the user to identify the attacks. Once the ongoing attacks are identified, you can add some of the pre-requisites in the AI engine that will help you to mitigate the same.

The automation of cyberattacks

AI in cyberspace is rapidly growing and is both boon and bane for the industries. Whereas on one hand, the application of AI in cybersecurity helps to automate the process for mitigation of cyber threats, it also helps malicious actors to create automated cyberattacks. These attacks are pre-programmed based on the analysis of threat vectors of the organization and attack the same in various ways.

The latest research shows that the threat landscape is increasing these days due to the presence of the open-source AI-enabled hacking tools and software. Within the report, the cybersecurity firm documented three active threats in the wild which have been detected within the past 12 months. Analysis of these attacks — and a little imagination — has led small attackers like script kiddies and newbies to create scenarios using AI which could be more dangerous and threatening.

Impact of AI in cybersecurity space

The presence of AI in the cybersecurity space has opened new horizons for attackers and defenders. The landscape of cyberspace is changing its demographics due to the presence of AI, which proves to be uncertain and unbiased. Sooner or later it is going to be the key differentiator between both the veils.

The AI has helped the cybersecurity researchers and continues to do the same in all the way possible.

The presence of the AI has impacted the cyberspace on the following grounds:

Identification of the threat
Mitigation of the threat
Vulnerability assessment of the organization
Constant monitoring of the organization’s threat posture
Helps in reporting and accounting of cyber threat of the firm

2020’s Major Data Breaches

Posted on 30/04/202131/05/2021 by Anteelo Master

Ever since organizations have shifted their business to remote operations due to the COVID-19 pandemic, there has been a dramatic rise in the number of data breaches. In the first half itself, cases of data breaches have been reported in 81 global companies from 81 countries!Besides, a security research firm recently revealed the impact on the data breach landscape due to COVID-19 where 80% of data breaches have occurred either because of stolen credentials or brute-force attacks!

Currently, cybercriminals are exploiting the situation of the pandemic to launch highly sophisticated cyberattacks on every industry possible. In the first six months of 2020, various Fortune 500 companies became the target of massive data breaches where hackers sold account credentials, sensitive data, confidential and financial information of these organizations’ cybercriminal forums.

Till now, nearly 16 billion records have been exposed this year. Moreover, according to researchers, 8.4 billion records have been exposed in the Q1 of 2020 alone! This number is a 273% increase in comparison with the first half of 2019 during which 4.1 billion records were exposed! (Source: Security Boulevard)

Let us take you through the biggest cyberattacks of 2020 till now.

Top 5 Data Breaches in 2020 So Far:

Twitter Hack

Twitter took the whole internet by storm when it was hit by one of the most brazen online attacks in history! The social media platform suffered a breach where the hackers verified Twitter accounts of high-profile US personalities like Barack Obama, Elon Musk, Joseph R. Biden Jr., Bill Gates, and many more.

Out of 130 targeted accounts, hackers were able to reset 45 user accounts’ passwords. Hackers posted fake tweets from these accounts, offering to send $2000 for $1000 sent to an unknown Bitcoin address. Reportedly, the Twitter breach well-coordinated scam made attackers swindle $121,000 in Bitcoin through nearly 300 transactions.

According to Twitter Support, “the attack on July 15, 2020, targeted a small number of employees through a phone spear-phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.”

Marriott Data Breach

On March 31st, 2020, the hotel chain Marriott disclosed a security breach that impacted the data of more than 5.2 million hotel guests who used their company’s loyalty application.

Hackers obtained login credentials of two accounts of Marriott employees who had access to customer information regarding the loyalty scheme of the hotel chain. They used the information to siphon off the data approximately a month before the breach was discovered.

The data accessed in the breach involved personal details such as names, birthdates, and telephone numbers, travel information, and loyalty program information.

According to the Marriot, hackers might have obtained the credentials of their employees either by credential stuffing or phishing. Previously, the hotel giant announced a data breach in late 2018 in which up to 500 million guests were impacted!

MGM Data Dump

Last year in 2019, MGM Resorts suffered a massive data breach. The news of the breach incident started to circulate in February 2020 when hackers leaked the personal details of 10.6 million hotel guests for free download. But in the later findings, the number increased by 14 times (nearly 142 million) than the number recorded in February 2020.

The personal information published on the hacking forum included the name, home address, phone numbers, email address, and DOB of guests. The leaked files of guests included Justin Bieber, Twitter CEO Jack Dorsey, and many major government agency officials.

However, a spokesperson from MGM Resorts confirmed that impacted guests were notified about the data breach. In addition, it said, “We are confident that no financial, payment card or password data was involved in this matter.”

Zoom Credentials Up for Sale!

Due to the COVID-19 pandemic, various organizations across the globe adopted work from home policy. In view of the situation, the Zoom video conferencing app became the most used application for virtual meeting and got popular among cybercriminals too.

Within a short span of time, the application became vulnerable to various security threats and eventually became a victim of the data breach. In the first week of April 2020, the news of “500,000 stolen Zoom passwords available for sale in dark web crime forums” shook the application users.

It was reported that more than half a million Zoom account login credentials were up for sale and some of the accounts’ credentials were given away for free. In fact, some of the login credentials were sold for less than a US cent each!

Along with account login credentials, victims’ personal meeting URLs and HostKeys were available too. The leaked accounts’ details belonged to financial institutions, banks, colleges, and various organizations.

Magellan Health (Ransomware Attack and Data Breach)

One of the Fortune 500 companies, Magellan Health was struck by a ransomware attack and data breach in April 2020. The healthcare giant confirmed by stating that about 365,000 patients were affected by the sophisticated cyberattack.

According to the investigation, the attack was launched with a fully planned process where hackers first installed malware to steal employee login credentials. Then they leveraged a phishing scheme to gain access to systems of Magellan after sending out a phishing email and impersonating their client before deploying a ransomware attack.

The data thieves were able to steal login credentials of employees, personal information, employee ID numbers, sensitive patient details such as W-2 information, Social Security numbers, or Taxpayer ID numbers.

Is Your Organization Secured From Data Thieves?

The global shift to a remote working culture has leveraged cybercriminals to launch highly sophisticated cyberattacks. Moreover, ransomware, phishing, DDoS, BEC attacks, etc. are amongst the most common types of data breaches that we have witnessed this year, till now.

Clearly, the first half of 2020 was quite challenging for organizations in terms of cybersecurity along with the adoption of new normal changes. Besides, we are still unsure of what cybercriminals have in store for the next six months of 2020.

Although, by learning lessons from the recent data breaches, we can secure our organizations from emerging cyber threats. Here are some of the “must follow” security measures for your organization to stay secured in these unsecured times:

Educate your employees with security awareness training to help them recognize and combat emerging cyber threats.
Incorporate phishing incident response tool to instantly report suspicious-looking and unsolicited emails.
Secure your email domains against email spoofing attacks by implementing email authentication protocols such as DMARC, SPF, and DKIM.
Keep all your software and applications updated with the latest security patches from time to time.
Use a VPN connection for a protected network to keep hackers and other threat actors at bay while working remotely.

Security Awareness Training: Key Advantages

Posted on 18/04/202131/05/2021 by Anteelo Master

The year 2020 has been the most unpredictable and tough year for each one of us. The first quarter itself included lots of mishappenings and unforeseen scenarios, leaving every country across the globe on alert mode! The pandemic not only affected many lives but also flipped day-to-day routines, bringing everything to a halt at a certain point where none of us were sure of how to bring things on track.Although, eventually, everything started to change rapidly, including how we work, communicate, or even interact with one another remotely. The major impact of the COVID-19 pandemic was almost on every industry and its verticals, including private and public organizations. Every working individual was mandated to work from home, ensuring to prioritize their health security, but unfortunately, it resulted in leaving cyber security highly vulnerable.

After the coronavirus, cyber security became one of the significant topics of concern in the first quarter of 2020. With organizations adopting the ‘work from home’ policy, cybercriminals found the situation as a golden opportunity to deploy cyber attacks more aggressively. Lately, many organizations have fallen victim to massive cyber attacks and high-end data breaches, resulting in the exploitation of confidential data and online theft of millions of users’ credentials.

In fact, hackers have been taking control of several networks, locking away the data of the organization, and demanding an excessive ransom to return back their data. On seeing the criticality of the situation, it is impossible to set up a secure IT infrastructure like that of an office at home. But it is possible to stay proactive and cyber secure by taking preventive measures to mitigate future cyber risks.

Organizations must consider providing security awareness training to their employees in order to help them have knowledge of all possible cyber threats while working from home and how to combat them. Let us proceed further to learn more about security awareness training and how it is beneficial for employees.

What is Security Awareness Training?

Security awareness training is formal training to educate employees about computer security. This practice of training employees includes educating them about corporate policies and working procedures with information technology. The main purpose of this training is to help employees become familiar with cyber attacks, data breaches, and all types of social engineering practices.

But the ultimate purpose of this security awareness training for employees is to teach them about the value of data as a corporate asset in the organization. A proper and effective security awareness training keeps employees engaged and interested in following the directives. The motive is to ensure that employees do not get indulged in handing over confidential information to any unauthorized person or do not commit mistakes that might help hackers to get unauthorized access into an organization’s restricted network.

More importantly, security awareness training helps in influencing the behavior of employees, reducing cyber risks, and ensuring compliance within the organization. This corporate security awareness training program is currently the best method to encourage cyber security awareness among employees while they are working from home.

According to a study by a security research lab, human error is the most common cause of 95% of cyber security breaches. It also stated that if somehow this human error is eliminated completely, 19 out of 20 cyber breaches might not happen at all in the first place. The Information Security Awareness Officers of every organization must consider planning and implementing proper security awareness training for employees.

How is Security Awareness Training Important for Employees?

While corporates are seeking digitals assets to mitigate cyber threats, it is important to understand that the biggest threat lies within the organization itself. Humans are the most vulnerable resource and the weakest link in the cyber security chain. They are easy targets of hackers as they can be easily manipulated due to psychological flaws. Recently, 60% of UK businesses fell victim to cyber attacks and data breaches because of human error, resulting in bringing their business to a halt for days.

This is why implementing cyber security awareness training among employees is highly important for every organization. Just by strengthening the weakest link in the cyber security chain, an organization can mitigate up to 90% of cyber risks. Moreover, the following benefits of security awareness training will definitely make you understand the importance of the purpose:

Cyber Resilient Working Environment

The security awareness training program develops a sense of responsibility within employees to work in a security-focused environment. When you offer training to employees, they automatically understand the importance of the topic being taught and learn how it has to be practiced in the future. Regular training helps in instilling better habits of staying cyber aware and secure.

Prevent Breaches and Cyber attacks

Without this security awareness training, employees wouldn’t have stayed updated on cyber attacks and malicious activities of hackers. So when employees learn how to recognize and avoid these attacks, they start using preventive measures in order to keep the organization’s network secure and maintain the workflow.

Robust Technical Defenses

Technological security defenses play a valuable role in safeguarding organizations from the reach of cybercriminals. But these defenses require manual labor to operate, update and upgrade security software which is only possible with proper security awareness training. These technological defenses become useless if they are being operated or updated without full knowledge.

Proactive Employees

One of the biggest benefits of corporate security awareness training is to help employees become proactive and confident about working around data, without causing any incident. After all, human error is the leading cause of cyber attacks and data breaches. With effective training, employees become empowered to work in a cyber-resilient environment, reducing the chance of human error.

Gets Everyone in Sync

Every security practice must be followed in sync, keeping every employee on the same page in the organization. Without official training on cyber security, all different departments in the organization might be practicing different principles, keeping data on the verge of risk.

This is why official security awareness training sessions are important to remove all guesswork when it comes to security and make every working individual follow the suit to mitigate security threat postures.

Let us not stay vulnerable by encouraging cybercriminals to take advantage of the pandemic and lockdown. Cyber security is a two-way street where we have to keep up with the advanced security tools to combat and mitigate cyber risks.

Workplace Threats of Password Sharing

Posted on 17/04/202131/05/2021 by Anteelo Master

The Shocking Statistics About Password Sharing

According to the security survey, 78% of the security professionals around the world believe that the biggest risk to endpoint security is human error. Moreover, the lack of cybersecurity awareness among employees is one of the biggest exploitable vulnerabilities in any organization.

Nevertheless, an organization can have the most robust security software in the world, but human errors like password sharing can lead to massive data breaches for a lifetime.

Some of these following statics show the criticality of password security in today’s date:

Approximately by the end of 2020, password usage across the globe will grow by 300 billion.
81% of the data breaches have been reported because of poor password security.
About 61% of companies use more than 500 accounts with non-expiring passwords.
A research article by ITProPortal stated that only 38%of companies update their admin passwords once a quarter while the rest do it very rarely.
About 54% of the small and medium-sized businesses don’t check up on their employee password practices.
25% of employees use the same password in all login credentials.

What are the Risks of Sharing Passwords at Work?

One of the most challenging things in the digital world is managing online accounts by securing passwords from the reach of untrusted sources. Whenever a new data breach or compromised information of a company makes headlines in the news, the most common reason shines out to be the poor password security.

Habits like password sharing, providing login credentials on unsecured websites, weak passwords, etc., put companies at expensive risks. In a study by a renowned password manager company, it was stated that around 61% of users more likely share their work passwords than personal passwords.

There are various organizations that still take the matter of password security lightly. It is important for them to understand the consequences of password sharing at the workplace. Here are the top five security risks of password sharing at work:

Single sign-on (SSO)

SSO is an authentication scheme that allows users to use a single ID and password to access multiple corporate software and applications. An employee can use one password to access dozens of enterprise login accounts at the same time.

Even though this practice seems to be beneficial in easing the burden of memorizing and entering passwords, it has disadvantages too. In the common practice of password sharing, it will give rise to major password security vulnerabilities and issues in the organization.

2. Credential sharing

In several organizations, password sharing at work is a common practice for various reasons, but this practice can lead to dangerous results. According to cybersecurity research, it was found that 42% of people share their work login credentials to work together with their teammates.

While 34% of stated that this practice reduces cost on user-limited software. Whereas the rest of the respondents said that it is their company’s policy to share passwords for accessing specific accounts. In the end, no matter how effective these practices sound, sectors like Banking, Financial Services, and Insurance (BFSI) might fall under the risk of the massive data breach.

3. Password reuse

Almost every user has the habit of reusing the same password to log in to more than one account. But reusing the same old passwords only empowers workers to increase the threat of a single stolen password for the company.

Also, reusing a password across multiple websites might result in a data breach because if attackers get the hold of one site then they will try using the same information to target other corporate accounts as well.

4. Cloud computing

Today many businesses are flocking to the cloud as it offers enterprise advantages like cost savings and fast development. However, there are many applications and software that are based on cloud computing that are poorly secured. In fact, it was surveyed that out of 12000 cloud services, 80% allow weak passwords, which is a major password security flaw. A stolen shared password can easily provide hackers with access to valuable and confidential information of the organization.

5. Emailed passwords

In order to collaborate with colleagues in a project or some other requirement, employees generally share passwords over emails. This practice of password sharing on emails becomes habitual due to the lack of security awareness training.

A security service providing firm also once reported that less than 20% of employees telecommute are actually aware of the employee password sharing policy of the organization.

It is essential to make employees understand the significant risks of password sharing on telecommunication. Such practices empower hackers to take advantage of sent messages while they go through the hacked email account of the employee.

How the Importance of Not Sharing Passwords Can Secure Organization?

No matter where you are or who you find the most trustworthy, habits like password sharing should not be encouraged. Even relying on shared passwords, best practices like password reminding or saving tools are not 100% secure! It is just like handing over your valuables to some stranger over an application or software.

Risks of sharing passwords at work would not only make the professional data vulnerable but personal data too to cybersecurity threats. Organizations must consider implementing an employee password sharing policy to protect the confidentiality of data.

The purpose of using a password is to safeguard data or sensitive information from unauthorized access. Employees working in an organization must understand the value and risks associated with password security. The security administrator of an organization should encourage higher authorities to have GDPR compliance implemented in place for password security.

Apart from that, every organization must provide security awareness training to its employees in order to understand the basic cybersecurity practices and how they must be followed in their day-to-day life.

Best Preventive medicine to eliminate Ransomware Attack

Posted on 08/04/202129/05/2021 by Anteelo Master

A Brief on Ransomware Attack

Ransomware has become a huge potential to exploit and damage users’ crucial data. This malicious attack was the most significant malware threat of 2018 and it continues to be the most dangerous even in 2019. With its growing popularity, more people are being targeted to get the ransom.

In most cases, the ransom demanded from the victim comes with a deadline. If the victim fails to pay within the provided timeline, the data is lost forever. Ransomware attacks are very common these days.

Even paramount companies in North America and Europe have fallen victim to this . Cybercriminals spare no one and can attack any consumer or business, coming from all kinds of industries. Various government agencies advise people against paying the demanded ransom as this might stop the ongoing cycle of ransomware attacks.

As a matter of fact, a ransomware attack is designed to extort money from victims by blocking access to their data or systems. There are two most prevailing types of ransomware attacks through which the attacks are deployed; encryptors and screen lockers.

Under encryptors, the index of data on a system is encrypted into an absurd content and can only be restored with a decryption key. Whereas, screen lockers simply block the access to the system by locking screen, declaring that the system is encrypted. Apart from the two prevailing types, there are some infamous ransomware attacks as well.

Major Infamous Ransomware Attacks:

Wannacry Ransomware Attack

This ransomware attack came out as a powerful Microsoft exploit. It was leveraged to create a global ransomware worm to infect over 250,000 computer systems. More than 200,000 systems were locked down in 150 countries. Hackers demanded a ransom which was paid through Bitcoin. Wannacry ransomware attacks infected National Health Service (NHS) and many other organizations across the globe.

CryptoLocker

It is a part of a ransomware family whose job is to extort money from users by encrypting the user’s hard drive as well as the attached network drives. It was first among the current generation of ransomware which required cryptocurrency for a ransom payment. CryptoLocker was spread through an email attachment that claimed to have come from FedEx and UPS tracking notifications.

NotPetya

NotPetya is considered as one of the most destructive ransomware attacks. It was coded in such a way that even if the user pays up the ransom, the data would still be unrecoverable. Infamous as a close relative of Petya malware, it successfully infected a thousand number of computers across the globe in 2017.

How to Prevent Ransomware Attack?

Ignore Unverified Links

Never click on links that come in spam emails or on any unfamiliar websites. If an unexpected download starts when clicked on a malicious link then there are high chances of your computer getting infected.

Never Share Personal Data

If you receive an email, call or text from an untrusted source asking for your personal information, make sure you don’t give out the details. Cybercriminals trick users into getting their personal information in advance of an attack. They use your information to target you via a phishing email.

Backup your Data

If you ever experience a ransomware attack, you must already have a back-up of your data so that you don’t have to pay any kind of ransom to the attacker. Make sure of keeping a copy of every important data in an external hard drive that is not connected to your system.

Never Pay Ransom

Never pay any amount to cybercriminals who carry out the ransomware attack. This is because there is no guarantee of return of data; after all your trust has already been manipulated with data hacking. Paying ransom only encourages cybercriminals to carry out more attacks.

Security Awareness For Employees

The best way to prevent a ransomware attack is by becoming proactive towards the latest cyber attack vectors. An organization must be aware of the harmful attack vectors which can lead them on the verge of losing their data and customer trust. It’s better to opt for preventive measures in advance so that there are fewer chances of falling victim to any kind of cyber attack.

Major Cyber attacks evidenced globally in Q1 2021

Posted on 07/04/202129/05/2021 by Anteelo Master

Cyber crime has been on the rise for years now and it is not showing any signs of slowing down. To make it worse, the arrival of the COVID-19 pandemic in 2020 just fueled the situation. Those who were expecting relief from the increasing terror of cyber crimes in 2021 are to be disappointed as the number of attacks is only increasing day after day.

We have barely crossed the first quarter of 2021 and already several major cyber attacks have made the headlines. Here is a list of some of the major cyber attacks that took place in Q1 2021:

#1 Channel Nine

Australian broadcaster Channel Nine was hit by a cyber attack on 28th March 2021, which rendered the channel unable to air its Sunday news bulletin and several other shows. With the unavailability of internet access at its Sydney headquarters, the attack also interrupted operations at the network’s publishing business as some of the publishing tools were also down. Although the channel first claimed that the inconvenience was just due to “technical difficulties”, it later confirmed the cyber attack.

#2 Harris Federation

In March 2021, the London-based Harris Federation suffered a ransomware attack and was forced to “temporarily” disable the devices and email systems of all the 50 secondary and primary academies it manages. This resulted in over 37,000 students being unable to access their coursework and correspondence.

#3 CNA Financial

One of the biggest cyber insurance firms in the US CNA Financial suffered a ransomware attack on 21st March 2021. The cyber attack disrupted the organization’s customer and employee services for three days as CNA was forced to shut down to prevent further compromise. The cyber attack utilized a new version of the Phoenix CryptoLocker malware, which is a form of ransomware.

#4 Florida Water System

A cyber criminal attempted to poison the water supply in Florida and managed by increasing the amount of sodium hydroxide to a potentially dangerous level. The cyber criminal was able to breach Oldsmar’s computer system and briefly increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million.

#5 Microsoft Exchange Mass Cyber Attack

A mass cyber attack affected millions of Microsoft clients around the globe, wherein threat actors actively exploited four zero-day vulnerabilities in Microsoft’s Exchange Server. It is believed that nine government agencies, as well as over 60,000 private companies in the US alone, were affected by the attack.

#6 Airplane Manufacturer Bombardier

A popular Canadian plane manufacturer, Bombardier, suffered a data breach in February 2021. The breach resulted in the compromise of the confidential data of suppliers, customers and around 130 employees located in Costa Rica. The investigation revealed that an unauthorized party had gained access to the data by exploiting a vulnerability in a third-party file-transfer application. Also, the stolen data was leaked on the site operated by the Clop ransomware gang.

#7 Computer Maker Acer

The globally renowned computer giant Acer suffered a ransomware attack and was asked to pay a ransom of $50 million, which made the record of the largest known ransom to date. It is believed that a cyber criminal group called REvil is responsible for the attack. The threat actors also announced the breach on their site and leaked some images of the stolen data.

#8 University of the Highlands and Islands

A cyber attack targeted the University of the Highlands and Islands (UHI), forcing the university to close all its 13 colleges and research institutions to students for a day. Security professionals uncovered that the attack was launched using Cobalt Strike, a penetration testing toolkit commonly used by security researchers for legitimate purposes. This incident is just another in a series of cyber attacks targeting the education sector.

#9 Sierra Wireless

On 20th March 2021, the multinational IoT device manufacturer Sierra Wireless was hit by a ransomware attack against its internal IT systems and had to halt production at its manufacturing sites. Its customer-facing products weren’t affected and the company was able to resume production in less than a week.

#10 Accellion Supply Chain Attack

Security software provider Accellion fell victim to a breach targeting its file transfer system FTA. Many of its clients were affected by the breach. Some high-profile organizations that got caught in the crossfire include grocery giant Kroger, telecom industry leader Singtel, the University of Colorado, cyber security firm Qualys and the Australian Securities and Investments Commission (ASIC). A lot of confidential and sensitive data stolen from various companies by exploiting the vulnerabilities in Accellion’s FTA tool was leaked online.

How to Protect Your Organization Against Cyber Attacks?

Witnessing the extent of damage cyber attacks can cause should be reason enough to take the necessary preventive measures right away. So, here are some steps you can take to reinforce your organization’s cyber security framework and keep it shielded from cyber attacks.

Generate Cyber Security Awareness: Unaware employees can prove to be an organization’s biggest weakness when it comes to cyber security. Generating awareness among your employees about the prevalent and emerging cyber threats is one of the most effective ways of protecting your business against cyber attacks.

Implement a Phishing Incident Response Tool: Educating your employees will only take you so far if you don’t equip them with the means of dealing with cyber threats. A phishing incident response tool like TAB can empower your employees to detect and report suspicious emails right away, significantly reducing cyber risks.

Carry Out VAPT: Conduct periodic Vulnerability Assessment and Penetration Testing (VAPT) to detect any exploitable vulnerabilities in your organization’s IT infrastructure including applications, servers and networks. Make sure to fix the detected weaknesses on priority.

Keep the Systems Updated: Keep all your hardware and software up-to-date with the latest security updates and patches. Failing to do so can create weaknesses in your security infrastructure and lead to cyber attacks.

Implement MFA: Enable Multi-Factor Authentication (MFA) across all the applicable endpoints of your organization’s networks. This will not only add an extra layer of security but also protect you in case your employees’ user credentials are stolen.

So, don’t wait for your company’s name to be on the list of cyber attack victims and take the necessary precautions immediately.

Vulnerabilities in Critical Infrastructure and its mitigation

Posted on 07/04/202129/05/2021 by Anteelo Master

With geopolitical tension rising in certain parts of the world along with the ambitions of cyber attackers, coming up with a holistic strategy to protect the nation’s critical infrastructure has become a priority for the enterprises handling them. Imagine what would happen if the nuclear plants or the space agencies of a country were hit by a cyber attack. The disruption caused due to a successful cyber attack on a nation’s critical agencies can be far-reaching. It has the potential of causing a major loss of money, time, and even lives. This can be illustrated by a recent incident.

After the release of the largest-ever compilation of breached usernames and passwords, COMB, a cyber attacker wrongfully entered the Oldsmar (Florida) water plant’s computer systems to poison the city’s water supply by changing its pH to dangerously acidic levels. Even though the attack was thwarted before completion, this incident has opened our eyes to the dangerous reality of such an attack being successfully executed in the future.

Tomorrow, this attack can take place in the form of manipulation of boiler pressure in a thermal power plant or a ransomware attack on the country’s top-tier healthcare institutions. All of such attacks are not only potentially life-threatening but also pose a huge risk of material damage.

Other Cyber Incidents Around the World Involving Critical Infrastructure

In February 2020, Saudi authorities reported that their public petroleum and natural gas company Saudi Aramco has seen an increase in cyber attack attempts. This public enterprise suffered a huge cyber attack back in the year 2012 when Shamoon Virus hit the facility and damaged around 30,000 computers.

A few months back, New Zealand’s central bank suffered a huge data breach, where commercially and individually sensitive information was stolen by cyber attackers.

In another event, an electricity grid in the state of Maharashtra (India) was hit by a cyber attack that resulted in a power outage. This incident took place in the month of October 2020 and the authorities suspect Chinese involvement in it.

Discussing the Deterrent

In today’s world, there is cut-throat competition between countries for production and use of resources. Therefore, it is all the more important for enterprises handling and managing the critical infrastructure to adopt a multipronged approach while planning a defense against cyber attacks.

At the organizational level, some of the following measures can help in stopping cyber attacks from affecting the enterprise-

Access Management – Access management is the first basic measure that organizations should take to protect their control systems. Identity Access Management (IAM) in databases and other important IT infrastructure is necessary to limit access and prevent the misuse or leak of information.
Awareness as Defense – One very effective way of preventing cyber attacks on an enterprise is to train the employees in the basics of cyber security. Cyber aware employees form a major defense against attempted cyber attacks on the enterprise.

Email Domain Security – To ensure the security of an organization, it is imperative to address the cyber threats originating from its email domain. Using email domain security tools like KDMARC can be very effective in stopping spoofing of the email domain to protect the enterprise against spear-phishing and BEC attacks.
Data Backup – Frequent data backup in offline locations in a segmented manner is the best approach to defend against ransomware attacks.
Incident Response – Use of incident response tools can facilitate quick detection of and response to a cyber attack. A phishing incident response tool like Threat Alert Button (TAB) can be quite helpful in identifying and removing phishing emails from the employees’ inboxes.
Strong Password Policy – Employees should be encouraged to use strong passwords. This applies to both their work emails and other credentials used for accessing information and operations of critical systems in the enterprise.