#CyberThreats Archives - Page 2 of 2

Massive Cyber Attacks of 2020

Posted on 25/11/202025/05/2021 by Anteelo Master

The year 2020 has become remarkable in many ways, especially when it comes to the surge in cyber attacks. The Covid-19 pandemic has given an unprecedented opportunity to cyber attackers to hack and break down the organizations’ IT infrastructure. The work-from-home working module adopted by such organizations has been attributed to the rise of cyber attacks.

The security gap between the home and office network has played a key role to make way for the data breaches in 2020. This issue has resulted in the theft of confidential information, leading to the loss of millions of dollars for breached organizations.

Today, cyber attackers have come up with more innovative ideas to set a new trend in phishing, cryptojacking, ransomware attack, IoT attack, etc. According to a security research firm, 81 global firms from 81 countries reported data breaches in the first half of 2020 alone.

In fact, 80% of firms have seen an increase in cyber attacks this year. Coronavirus is alone blamed for a 238% rise in cyber attacks on banks. Phishing attacks have seen a dramatic increase of 600% since the end of February.

Whereas due to pandemic, ransomware attacks rose 148% in March and the average ransomware payment rose by 33% to $111,605 as compared to Q4 2019. (Source: Fintech News)

The Top 5 Cyber Attacks of 2020

We discussed how cyber attacks have dramatically increased today. Let us walk you through the five major cyber attacks that have happened in 2020 till now. These staggering cyber attacks have crippled some famous organizations across the world.

Software AG Ransomware Attack

The second-largest software vendor in Germany and the seventh-largest in Europe, Software AG has been reportedly hit by a ransomware attack in October 2020. ZDNet reported that the German tech firm has been attacked by the Clop ransomware and the cyber-criminal gang has demanded more than $20 million ransom.

The report also says that the company has still not recovered from the attack completely. The company disclosed that the ransomware attack disrupted a part of its internal network. But services to its customers, including cloud-based services, remained unaffected. The company also tried to negotiate with the attackers but it all went in vain.

As per the statement released by Software AG, the company is in the process of restoring its system and database for resuming orderly operation.

Sopra Steria Ransomware Attack

French IT service giant Sopra Steria was attacked by ransomware on the evening of 20th October, as confirmed by the company. Its fintech business, Sopra Banking Software, identified the virus which is a new version of the Ryuk ransomware and previously unknown to cyber security providers.

Sopra Steria claimed that it was able to confine the attack to a limited part of its IT framework, even though it caught the attack after a few days. However, following an in-depth investigation, the company did not identify any leaked data or damage caused to its customers.

Ryuk is one of the most inventive ransomware which has already targeted organizations like EWA, a US defense contractor, and Prosegur, a Spanish logistics firm.

Telegram Hijack

In September 2020, hackers gained access to Telegram messenger and email data of some big names in the cryptocurrency business. Hackers used Signaling System 7 (SS7), which is used for connecting mobile networks across the world, to hack the data.

According to cyber security experts, the hackers were most probably after two-factor authentication (2FA) login codes. They spoofed the short message service center (SMSC) of mobile network operators to send a request on location updates to at least 20 targeted high-profile victims.

This attack is believed to have occurred to obtain cryptocurrency. This type of cyber attack is well known in the cryptocurrency community but the users are generally aware of such requests.

Therefore, there are better authentication methods than just SMS or call-based 2FA in the cryptocurrency community. Cyber security experts think telecom standards must move away from using protocols like SS7, which cannot resolve modern issues.

Seyfarth Shaw Malware Attack

The chicago-based leading global legal firm, Seyfarth Shaw LLP became a victim of an “aggressive malware” attack. This attack was later confirmed by the firm as a ransomware attack. The cyber attack reportedly took place on October 10, 2020, and downed the firm’s email system completely, as per a statement published by the company.

The firm claimed in its statement that there was no evidence of client data or firm data unauthorized access or removal. However, many of its systems were found encrypted, following which the firm shut down all of those as a precautionary measure.

The global legal firm notified law enforcement and the FBI has already started an investigation. Apart from this, no further information was revealed on how the attack occurred and what family of ransomware hit the firm.

Carnival Corporation Data Breach:

The world’s largest cruise line operator, Carnival Corporation reported a data breach due to a ransomware attack that took place in the month of August 2020. Hackers stole confidential information from customers, employees, and crew members at the time of the attack.

On August 15, 2020, the company detected a ransomware attack that breached and encrypted one of its brand’s IT infrastructure. Following the attack, the cruise line operator notified law enforcement and hired legal counsel and cyber security experts and launched an investigation.

Though the company claimed that no misuse of exposed personal data has come to light, the type of ransomware and how the attack happened have remained unrevealed.

How to Secure Your Organization Against Cyber Attacks?

The global transition to the work-from-home culture has made a way for cyber-criminals to execute incredibly advanced cyber attacks. Moreover, ransomware, phishing, DDoS, malware, etc., are amongst the most prominent forms of cyber attacks that we have experienced this year, till now.

Here are some of the “must follow” measures to secure your organization against emerging cyber attacks:

Conduct VAPT periodically to check for exploitable security vulnerabilities in the IT infrastructure of your organization.
Back up all the sensitive or confidential data and store it separately from time to time.
Keep all the systems, software, and applications up to date with the latest security patches.
Restrict employees from sharing passwords at work openly and encourage them to use unique and strong passwords.
Block email spoofing, spam, and BEC attack by securing your email domain with email authentication protocols like DMARC, SPF and DKIM.
Run a cyber attack simulation campaign to assess the level of cyber awareness among employees. Then train them accordingly with the best-in-class security awareness training tool.
Make sure to implement the practice of using multi-factor authentication to maintain security and privacy.
Restrict IT admin and access rights to limited employees. Ensure that they are adequately trained on the safe usage and encrypted storage of sensitive data.

Next Big Threat? – Polymorphic Attacks

Posted on 01/11/202029/05/2021 by Anteelo Master

During the first half of 2020, cybersecurity analysts and security experts have discovered that most of the phishing attacks conducted through the use of spoofed login pages. Polymorphic phishing attacks are on the rise in recent times as hackers are coming up with new ways to create spoofed login pages that are almost unidentifiable. This is one of the most frequently used methods implemented by cybercriminals for stealing the credentials of employees and users.Researchers have disclosed that more than 50,000 spoofed login pages replicating 200 popular international brands have been circulating since 2019.

This sudden increase in the number of polymorphic phishing attacks is because spoofed login pages are extremely difficult to identify but are comparatively easier to generate by hackers. Automated phishing kits that are illegally sold over the dark web, are deployed by cybercriminals to instigate these malicious phishing campaigns and to trick employees on a wider scale. This is why phishing awareness and training has become absolutely imperative in organizations in the 21st Century. As a CISO or CIO of your company, taking adequate precautions to prevent polymorphic phishing attacks is the need of the hour.

All you need to know about Polymorphism

In a polymorphic phishing attack, attackers usually make minor alterations in the sender ID of a valid source or spoof an email address. They use social engineering attack techniques to make sure that the spoofed email ID replicates the authentic ID. The hackers then send these malicious emails to the employees in reputed organizations. More often than not, the email lands into the inbox of employees due to the lack of proper email authentication protocol in the company.

This malicious email comes with a link or attachment that redirects the employee to a spoofed login page. The login page asks for the employees’ corporate credentials and passwords. Ill-informed and unaware employees can easily fall for such polymorphic phishing attacks and give up their company login credentials on the spoofed page.

This information is used by hackers to extract valuable data of the company, gain access to company assets and financial information, find out personal details of employees working in the company, and conduct other fraudulent activities.

42% of all phishing attempts in 2020 were as a result of Polymorphism, as per a global survey conducted by security researchers.

According to security officials around the world, while these login pages are fraudulent in nature, they look extremely similar to original webpages. This is why cyber attackers use Polymorphism techniques to phish employees via spoofed login pages and succeed at it.

A cybercriminal can make minuscule changes in the email address so as to replicate a popular brand as closely as possible to skip detection. Since the changes made are very minor, such emails easily evade email security checkers, and email security tools may fail to detect them.

The most probable reasons for the increase in the number of spoofed login pages may be due to the following two reasons:

CISOs, CIOs, and SOC analysts of the reputed brand whose landing page has been spoofed seek ways for taking the fake pages down. This makes the hackers create more new pages so that it can continue to spoof employees.
Certain brands or companies may be an easy target for cybercriminals due to the lack of a well-rounded workplace security policy in their organization. This is the reason why attackers get away with polymorphic phishing attacks.

How to Detect Spoofed Login Pages?

While it may be difficult to detect spoofed login pages and prevent being phished, there are certain ways by which one can attempt to understand whether a login page is from an authentic source or not. Before being redirected to a login page it is always advisable to check whether the email is from a valid IP address as well.

This can be done by paying attention to the domain name and subdomains, as attackers might make minor changes in the same to trick employees. It also advisable to check whether the email has a relevant subject, is grammatically correct, and doesn’t provide lucrative offers or instigate a sense of urgency. After making sure of these pointers and clicking on the URL in the attachment when the login page opens up, employees must make sure:

While hovering over the URL it is redirecting them to the desired page
The login page is well-designed and all the hyperlinks on the page are fully functional and redirect them to the desired pages
The URL of the webpage is secured over HTTPS
The page doesn’t ask them to disclose their corporate credentials or bank account details and password since such information should never be submitted on external platforms

Polymorphic Phishing Attack Prevention and Solution

As a CISO in your company, implementing a robust cybersecurity policy in your organization is imperative. To achieve this, security analysts may take help from the IT department and implement security solutions and tools in their respective organizations. A phishing attack awareness and training program can help employees to gain better insights on social engineering attack vectors. Proper awareness among employees can reduce the chances of polymorphic phishing attacks.

A cyber attack awareness and training program starts working by simulating sophisticated impersonations of real-life cyber attacks on a company’s employees. A number of simulations are perpetrated to increase security awareness.

After this, the training procedure is initiated, by imparting knowledge on the various types of attack vectors. This is done through awareness content giving detailed insight on them, visual presentations on attack identification, as well as video lectures and advisories on the same. Regular cumulative assessments are then taken to ensure improvements and initiate a better response against attacks.

Detailed analysis of simulation reports is provided to track results and monitor progress made via assessments and knowledge imparting sessions taken by employees.

In order to prevent employees from falling prey to phishing attacks, it is imperative for CISO and security officials to implement AI-driven cybersecurity solutions. By upgrading your workplace cybersecurity policy and implementing leading-edge cybersecurity solutions in your company, it is possible to ensure protection against polymorphic phishing attacks.

The Biggest Cybersecurity Threats for 2020

Posted on 10/06/202015/06/2021 by Tushar

Cybersecurity has continued to be a major issue throughout 2019 and as organisations begin to rely even more on IT, it remains a serious concern. While most companies are by now aware of how important cybersecurity is, many have yet to implement the necessary measures needed to adequately protect them. In this post, we’ll look at what security threats 2020 is likely to put in their way.

1. Lack of cybersecurity education

Perhaps the biggest cyber threat to any business is the lack of knowledge and understanding within a company about cybersecurity. Today, the digital revolution is affecting the working practices of employees throughout companies big and small. With more and more employees using connected technologies as part of their everyday jobs, it is more important than ever to ensure all staff are aware of what cybersecurity risks they face and how they can work in a way that will enhance security.

In 2020, expect to see more organisations putting cybersecurity strategies into place that include ongoing training for staff on the latest technologies and threats and, importantly, letting them know how to work responsibly and respond to incidents.

2. The threat of data breaches

The enormous value of personal data to the criminal underworld means that data is a principal target for hackers. As a result, the threat of a data breach will continue to be one of the biggest issues that businesses will face in the coming years. This means companies will need to ensure personal data is secure end to end, from the moment it is sent to them to its safe disposal. The use of SSL certificates, encrypted data storage, logical access, password management and the rapid patching and updating of web applications is vital in this area.

For those who succumb to a data breach, tough fines, reputational damage and even lawsuits await.

3. Skills shortages

The complex nature of cybersecurity means that increasing numbers of organisations are employing the services of highly-skilled, security experts. Unfortunately, as these professionals are in short supply, there is a considerable skills gap in many companies just at the time when the need is the greatest.

In response, many companies are now implementing the use of intelligent, automated security tools that use advanced technologies to scan and block attempted intrusions, infections or other forms of attack like DDoS. These services can often be delivered by your service provider.

4. Leaky clouds

The majority of enterprises use the cloud for at least part of their IT solution and it is increasingly becoming popular as the place to store data and run operational processes. However, its popularity has not been kept a secret from cybercriminals and the number of cloud-based threats has continued to rise.

In 2020, companies will need to maintain the security of critical data and make sure they have real-time threat intelligence in place, to minimise the risk of data breaches or critical operations being taken offline.

5. Mobile device risk

For many employees, the smartphone is now an essential work tool used not only to access the company system but to store important data. This puts organisations at risk from poorly secured connections, mobile malware and device theft. It is critical, therefore, that all mobile devices that can be used to access the organisation’s systems are secured. One solution is to ensure access is carried out via a secure web app.

6. IoT vulnerability

Mobiles aren’t the only remote devices that are vulnerable to attack; perhaps even more at risk are the IoT devices which have proliferated in use over the last few years and on which many organisations increasingly rely. They present a plethora of potential vulnerabilities that organisations need to protect themselves from, such as insecure wi-fi connections, hard-coded credentials, unverified firmware and unencrypted data. In addition, a compromised router or network attached storage server gives an attacker access to data and can serve as a platform to launch more attacks. In 2020, organisations which use the IoT will need to look carefully at how to ensure these vulnerabilities are protected against.

7. Rogue states

It is not just cybercriminals that are out to steal data and cause chaos, unfortunately, some governments are at it too – and these rogue states will have more advanced technologies, IT expertise and financial backing than the average hacker.

While cybercriminals are usually financially motivated, state-sponsored attacks can have a number of purposes, such as causing major security breaches to undermine companies, taking critical services offline using a DDoS attack, industrial or political espionage, spreading fake news to influence elections and even taking those who oppose them offline.

State-sponsored cybercrime is the new cold war and while major companies, public utilities, defence and political organisations are particularly at risk, all organisations need to be aware of their risk of attack and how to protect themselves.

8. Intelligent malware

The war between cybercriminals and cybersecurity teams isn’t being carried out simply by the human brain anymore. Both camps are now using artificial intelligence (AI) and machine learning as tools in their armoury. Unfortunately, this means that cybercriminals are now able to create extremely sophisticated malware and methods of attack and at a pace that cybersecurity companies are finding challenging to deal with. It may only be a matter of time before one of these stealthy attacks strikes with devastating effect.

Conclusion

In 2020, cybersecurity will continue to challenge organisations big and small. We’ll see persistent risks like data breaches remaining high on everyone’s agenda, while the development of new technologies brings new threats, such as intelligent malware and IoT vulnerabilities. As companies expand their use of IT, we’ll also see a need to protect the cloud and mobile devices while ensuring that there are highly skilled IT experts driving security strategies and educating everyone else how to stay secure.

Tag: #CyberThreats

Massive Cyber Attacks of 2020