Saturday, June 25, 2022

The 10 biggest cybersecurity threats today

0
cybersecurity threats

NetworkTigers list of the ten biggest cybersecurity threats today.

The volatile digital landscape requires system administrators and small business owners to be continually on their toes with regard to the latest cybersecurity threats.

As technology and user habits evolve, so too do the strategies and techniques used by criminals to access networks and steal critical information.

Here are the 10 biggest cybersecurity threats today, as well as some tips on how to best defend against them.

1. Phishing

Phishing is the act of sending fraudulent emails or messages impersonating a trusted individual or organization in order to persuade someone to hand over valuable data. 

Scammers may send out hundreds of emails to random accounts hoping to fool a handful of users, or they may engineer targeted attacks designed to trick a particularly valuable target.

According to a report from security firm Tessian, phishing attacks lead to 90% of the breaches that businesses experience. The data gained from a successful phishing campaign is either sold or used to initiate malware or ransomware attacks.

The best defenses against phishing are email security gateways and training that will help individuals on the front lines determine whether or not an incoming message is legitimate.

2. Malware

Malware is a general term used to encompass cybersecurity threats such as trojans and viruses.

This malicious code can enter a system via an email attachment, USB drive, fraudulent websites or an already infected phone or tablet. 

Any network access point carries cybersecurity threats and concerns.

Anti-malware software, safe web browsing habits and endpoint security protocols should all be employed as defenses against malware.

3. Ransomware

Ransomware attacks have made major headlines in recent years, as major companies have had to navigate the fallout and repercussions from them. 

Ransomware encrypts a system’s data and holds it hostage until the victim pays to regain access.

Often the tip of the iceberg, ransomware gangs will often sell or leak stolen data even if paid. Double extortion scams are becoming commonplace as hackers look for ways to pressure victims into paying up.

Ransomware attacks can be prevented using the same techniques that defend against phishing and malware schemes. Maintaining thorough and secure back-up data is essential to recovering from an attack. 

4. Third-party exposure

An organization’s data security is only as reliable as the third parties who are entrusted with it.

Many breaches occur due to third-party companies or contractors implementing poor cybersecurity. Once they get hacked, their clients’ data may also become accessible.

This cybersecurity threat is likely to increase as organizations become more comfortable with remote employees and decentralized workforces. 

Businesses should thoroughly vet any third-party partners and be very selective about what they have access to.

Implementing a zero-trust security model is recommended.

5. Endpoint security and the Internet of Things (IoT)

A network that encompasses a wide range of unprotected devices carries a large number of cybersecurity threats.

From personal phones and tablets to printers and even coffee makers, hackers have discovered many devious ways to access systems via unexpected means.

According to Kasperksy, breaches of IoT devices reached a staggering 1.51 billion in the first half of 2021.

Some organizations create networks that are designed for use with connected appliances. 

These networks do not connect to the company’s main system and therefore do not provide a path to critical data.

Endpoint security can also be enhanced by requiring workers to only use supplied devices that maintain company wide cybersecurity protocols, only allow for restricted access and can be updated remotely by IT administrators.

6. Misconfigurations

Human error is a leading contributor to data exposure.

A folder that was not configured properly, for example, allows anyone to view its contents without a password.

Sometimes these security lapses go unnoticed for long periods of time, meaning that potentially anyone over a number of weeks to months may have accessed, copied or stolen data that should have been protected.

Diligence and attention to detail is required to prevent careless configuration errors. 

7. Bad cyber and password hygiene

Easy to guess passwords, poorly protected devices, using unsecured wifi and not implementing multi-factor identification are all leading cybersecurity threats.

Good security hygiene requires the awareness that any vulnerability could be exploited by criminals.

Passwords should be randomized, impersonal and impossible to guess.

A VPN should be used whenever possible and no critical work should be done using public wifi.

8. Internal cybersecurity threats

In some cases, disgruntled employees with access to important information may turn the tables against their employer. 

Recently, an Amazon employee was found to have used software that she created herself to scan Amazon Web Services for misconfigured accounts. This led to her hacking Capital One, exposing the data of more than 100 million people.

Motivations range from revenge to greed. Because of the human element to doing business, organizations need to be on the ball with regard to who has access to what.

Zero-trust security can help keep workers from accessing data that they don’t require to do their job.

Employees and contractors who no longer work for your business should have their credentials immediately revoked to prevent them from inflicting harm.

9. Cloud vulnerabilities

As organizations take advantage of the conveniences of cloud storage and data management, cloud service providers are finding themselves in the crosshairs of hackers eager to take a peek behind the curtain.

Cloud security is a growing concern, with IBM reporting that cloud breaches have increased by 150% over the last five years. 

Because migrating to the cloud puts a huge amount of data into the hands of a third party, organizations working in the cloud should carefully vet their service providers and maintain regularly updated backups to be used in the event of a breach or service outage.

10. Post-attack weaknesses

When an organization succumbs to a cyberattack, their recovery is often hampered by additional hacks carried out by other opportunists made aware of their weakness.

68% of companies suffer a second attack within a year of being breached. Criminals hope that the victimized organization may be left reeling from their previous blow, or perhaps still not adequately protected. 

A single cyberattack can result in major disruption to a company’s ability to do business and maintain trust. A second one can bring an organization to an end.

To prevent successful subsequent attacks, companies need to work quickly to mitigate the damage from the hack, close the vulnerability that allowed it to happen and also carefully assess whether or not additional weaknesses were created as a result.

Cybersecurity news weekly roundup June 20, 2022

0
roundup June 20, 2022

SAN MATEO, CA, June 20, 2022 — Cybersecurity news weekly roundup. Stories, news, politics and events impacting the network security industry during the last week. Brought to you by NetworkTigers.

More data-stealing apps discovered on Google Play

Researchers from Dr. Web have reported a number of apps downloadable from the Google Play store that contain adware and data stealing malware. The apps discovered include one posing as a camera while another claims to be a horoscope and fortune telling service. Some of these apps actually change their name after being installed and a handful of them have been downloaded hundreds of thousands of times. Read more.

As the travel industry begins to recover after having slowed in the midst of the COVID-19 pandemic, so too have travel-related hacks and scams related to flyer miles and fraudulent requests for login credentials. Travel-related databases are full of personal information that is valuable on the black market and to those looking to engage in identity theft. Read more.

Millions fall victim to Facebook phishing scam

A phishing scam circulating via Facebook Messenger is estimated to have fooled more than 10 million people into handing over their login credentials to what researchers believe to be a single perpetrator. The individual claims to be making $150 for every thousand successful clicks on the fraudulent links. If true, they would have made around $59 million since the scam’s inception. Read more.

Ransomware gang creates new way to pressure extortion victims

The AlphV/BlackCat ransomware gang, believed to be a rebrand of Darkside/BlackMatter, has created a website in which customers and employees of targeted companies can see what personal data of theirs was stolen in the attack. The gang has even gone so far as to create personalized packs for each person that detail what information they contain. The effort is intended to put more pressure on victims to pay ransom demands, as the gang is expecting affected individuals to demand that the target does so. Read more.

New Canadian law would make cyberattack reporting mandatory

Canadian law makers have introduced new legislation that would require industries in critical infrastructure sectors to report any incidents of hacking or cybercrime to the federal government. The proposal is said to also give the country’s Prime Minister greater control over protecting the country from cybercrime. The new law has not yet been debated or passed. Read more.

Human error to blame for 90% of cyberattacks

According to the K-riptography and Information Security for Open Networks, 90% of cyberattacks take place due to human error. The data shows that, in spite of increasingly capable cybersecurity technology, a lack of awareness with regard to the techniques used by hackers and the existence of known vulnerabilities is the leading factor when it comes to breaches and attacks. Read more.

700,000 Social Security numbers leaked in hospital ransomware attack

Arizona’s Yuma Regional Medical Center has reported that the Social Security numbers of more than 700,000 patients were leaked in an April ransomware attack. No gang has taken credit for the attack and the hospital is offering free credit monitoring services to those who were affected by the breach. Read more.

FBI encourages ag industry to bolster defenses

A series of cyberattacks launched against agricultural organizations in the midst of the spring planting seasons has prompted the FBI to encourage the industry to fortify its cyber defenses and be on alert for any suspicious activity. Agricultural companies and cooperatives make lucrative targets for criminals, as the industry revolves around time sensitive growing and harvesting schedules. Read more.

HelloXD ransomware targeting Linux and Windows systems

A ransomware variant called HelloXD, based off of code that was leaked from Babuk, is actively targeting and infecting systems running Windows or Linux. This ransomware does not have a centralized site. Those using it instead preferring to negotiate via Tax chat and onion-based messaging services. HelloXD is believed to have been created by a Russian developer. Read more.

More cybersecurity news

Are your employees the weakest link in your network security?

0
weakest link

NetworkTigers discusses employees as the weakest link in business network security.

One of the greatest risks a business can face often comes from within: employee-driven cyber security threats. The average cost of human error in cyber security is $3.33 million. Most businesses cannot afford this kind of astronomical figure, but even smaller breaches can add up quickly.

While human error has always been an enormous risk to keeping data safe and secure, in recent years the threat has only grown. Remote work, a current trend in the market due to the threat of COVID19, has been tied to an increased cybersecurity risk for businesses. Hackers, always adept at exploiting human fallibilities, have become bolder in their efforts to target bored remote workers looking to download content online. Additionally, making more and more key data available to employees logging in through disparate internet connections has only sweetened the pot for cybercriminals. The takeaway? Your business likely needs increased cybersecurity technology and planning in order to rise to the challenge. 

Rise in Remote Work Leads to Increased Risk

As more and more employees log in from remote offices or hybrid work spaces, your business network is being accessed from a series of unsecured and possibly compromised network connections. Every member of your employees’ households now constitutes a very real business risk, possibly jeopardizing your hard-won proprietary data and customer information.

According to surveys, 70% of office workers report using their work laptops for personal use. Some of the activities for which employees say that they use their work devices include: 

  • Streaming: 36% admit to using work phones or laptops to stream content, such as television shows or movies. The numbers become even more alarming among millennial office workers. Among the age group of those 18 to 24, the figure of those who admit to work device streaming rises to 60%. 
  • Playing games: The parents of young children may be particularly at risk when it comes to allowing game playing on their work devices. 43% of remote workers with children ages 5-16 say that they play games themselves or allow games to be played by their children on work devices. 
  • Remote learning: 40% say that they have used work devices to complete homework or for online learning in the recent past. The parents of children ages 5-16 report doing so even more frequently, with 57% saying dedicated devices are used for home learning as well as work. 

Overall, 33% say that they download content more regularly from the internet now than they did before the pandemic. Additionally, over one third of remote workers admit to allowing other people free rein on their work devices. 85% of IT leaders say that this kind of behavior constitutes a concerning security risk. 

New Hacking Techniques Target Employee Behavior

Rest assured, hackers are taking note of these changes in behavior. Remote work is in some ways a perfect storm for inventive hackers. Just as employees are using less secured and more diverse internet connections, they also are often needing to access more and more data over these networks. Confidential information that could be shared in one-on-one settings, or on paper, is now shared almost exclusively over a VPN or cloud connection. 

Some of the biggest new cyber security threats are often disguised as downloadable content, or being hosted on streaming and gaming platforms. For example, cyber security analysts with KuppingerCole report a 54% increase in phishing attacks and other malware tied to gaming platforms like Fortnite. 

Human Error and Network Security 

Even before the pandemic, however, employee error was always one of the biggest threats to network security. Simply put, not every employee is a data security expert, but almost every employee has internet access. While some errors are due to inattentiveness or laziness, such as not updating key software, installing a risky app or downloading non-work content on a work laptop, others are simple accidents. Most scams and schemes are constructed to look like legitimate work problems that may arise during the course of business. 

Company emails, for instance, are one of the greatest areas of risk. 71% of all cyber crime attacks are currently thought to take place as phishing scams. Oftentimes, employees who fall for one of these common cyber crimes think that they are just doing their job. An email arrives from a client or vendor that seems legitimate. It might contain an invoice on convincing letterhead, a request for payment, or sound like a frustrated customer requesting a refund. The employee responds with due diligence, and without realizing it has perhaps exposed their company to a hacker-driven data breach. 

Keep Your Company Safe, and Your Employees Educated

One of the best ways to ensure network security is to work with your employees to make doing so a priority. Implement data security training programs that empower employees to recognize fishy emails or requests. Increase transparency, so that employees have a sense of what is business as usual, and what seems suspicious. Foster a supportive company culture, so that employees feel comfortable reporting data hacks and issues as soon as possible, even if they may have stemmed from being duped or distracted while at work. 

You may also want to consider using a VPN, or other secure network, to help keep remote work a feasible option for your company. Speaking with network professionals can help you pinpoint weak areas in your network security plan, and upgrade where necessary to keep your business safe.

How to identify and prevent phishing attacks

0
phishing attacks

NetworkTigers discusses how to identify and prevent phishing attacks.

Phishing attacks continue to plague individuals and industries in all sectors, thanks to the ease with which they can be launched.

While the media often depicts cybercriminals employing a wide range of sophisticated, surgical strikes in order to extort their victims, the reality is that most hackers are opportunists who prefer to cast a wide net when it comes to finding easy prey among internet users.

Because they provide an effective way to reach a large number of potential victims, phishing attacks have not only endured but have flourished in recent months.

What is phishing?

As defined by Phishing.org, “phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.”

Simply put, phishing attacks involve a hacker, or hackers, attempting to fool their victims by pretending to be someone else.

This type of deception is nothing novel and is based on the same techniques criminals have used for decades to commit extortion via mailed letters that inform recipients that they won a contest and need to provide personal data to claim their prize, or correspondences that purport to be from the IRS or other major government agency.

The first known phishing attempt was carried out in 2001, and the scams have been coming in incessantly ever since.

There are a handful of terms associated with various types of phishing attacks.

“Spearphishing,” for example, is a term used to refer to a phishing attack that is designed to target a specific person.

These attacks often involve hackers researching their intended victim in order to create a trap that appears to be as legitimate as possible. This may even involve them taking note of the language and writing habits of the person or organization they are attempting to impersonate.

A spearfishing effort that targets a high ranking official such as a CEO or manager is referred to as “whaling.”

Attacks are on the rise

Even though the majority of internet users have an awareness of the dangers of opening suspicious emails, phishing attacks have been rising astronomically over the last couple of years. 

Due to the pandemic shifting so much work to the online space, the internet is simply busier with more people opening emails, communicating electronically and performing their tasks remotely via cyberspace than ever before. 

Criminals have been quick to use the changes to their advantage.

Phishing attacks hit a record high in the first quarter of 2022, with more than one million scams identified, according to data collected from the Anti-Phishing Working Group (APWG).

Hackers are also getting better at what they do, with some expertly-designed scams looking nearly identical to the source material and requiring diligent inspection to identify them.

How to recognize a phishing attack

Phishing attacks tend to have a number of characteristics that can make them identifiable to the trained or experienced user. Here are some of the most common attributes that phishing scams share:

Urgency/emergency. From emails describing medical emergencies and asking for charitable donations to messages designed to look like they originated from a friend or coworker in need, hackers know how to push people’s buttons and make them feel as though time is of the essence. Applying pressure to a victim is a time tested technique that criminals use to get their victims to bend to their will.

Attachments and hyperlinks. Hackers will sometimes attach viruses or malicious code directly to the emails they send out. Even seemingly mundane files can include snooping software or links to sites that can put your system at risk by scraping your computer for data. Dangerous links and attachments may also arrive via text messages or other means. 

Unknown senders. Phishing scams often arrive as emails, texts or messages from unknown sources. This could be an email address you don’t recognize or a phone number or name you have never seen before.

Contests, prizes, free money, etc. Phishing scams sometimes attempt to trick victims into believing they won a contest or will have access to a prize or cash reward if they follow some basic steps or click embedded links. These “too good to be true” scams, silly as they may seem to experienced internet users, continue to be effective when deployed against the right demographics.

Typos and bad grammar. Cybercriminals operate from all corners of the world. As a result, the language of their target may not be one that they have a fluent understanding of. Broken English and poor grammar in an email that is purported to have originated from a major company or organization is a dead giveaway that it is fraudulent. 

Bizarre or incorrect email addresses. Hackers go to great lengths to make their efforts appear visually legitimate. However, many include addresses that give up the deception. An email from Paypal, for example, will originate from an address that maintains the company’s standards with regard to formatting and domain. A scam attempt may originate from a sender that slightly misspells the company’s name or from an address that is nothing more than a seemingly random series of letters and numbers.

How to prevent a phishing attack

Cybercriminals are continually developing new ways in which to socially engineer their victims. As a result, the techniques needed to properly defend against phishing attacks are constantly evolving.

Antivirus and antimalware software. In the event that a bad link is clicked, properly implemented security software designed to block viruses and malware may kick in and save the day. Be sure that all software is set up to update automatically so that your system always has the latest defenses at the ready.

Spam blockers. A blunt force tool with regard to hack prevention, spam filters and blockers can still go a long way in preventing scam emails from appearing in an inbox. While these filters are designed to separate junk mail from important messaging, they are not 100% accurate. As a result, garbage emails may still appear from time to time and occasionally a legitimate email may be incorrectly flagged as spam.

Scam reporting. Some organizations, those in the financial sector in particular, take an active role in preventing criminals from impersonating them by taking legal action when possible. While hack prevention is a bit like an endless game of whack-a-mole, there are benefits to reporting scam emails to the companies that they are attempting to impersonate. 

If a scam technique becomes ineffective over time due to it having been identified, reported and exposed, it will likely be abandoned.

Keep your system and browser updated. Falling behind on security updates and patches puts your entire system at risk. Implement automatic updates on all of your software, as developers are continually pushing updates to their products in real time as new threats and vulnerabilities are discovered.

Use firewalls. Firewalls continue to be solid defense tools for those looking to keep unauthorized users off their networks. Install a software firewall on your computer and a hardware firewall to create a fortified system that can prevent most intruders from getting through.

Home office users and network administrators alike can purchase refurbished firewalls from reputable dealers, saving money and bolstering security at the same time.

Awareness and training. Ultimately, a phishing scam depends on a victim actively clicking the message, attachment or link that is harboring malicious code. Because the end user is the last barrier an attack has to cross in order to come to fruition, maintaining a properly trained and aware staff is the most critical defense an organization or business can implement.

From cybersecurity meetings to seminars, online resources and professional training, there is a wide range of techniques that businesses can use to keep phishing awareness top of mind.

Because of the nature of cybercrime, and how easy it is to click a dangerous link, staff should be regularly encouraged to keep phishing awareness top of mind.

Cybersecurity news weekly roundup June 13, 2022

0
Cybersecurity news

SAN MATEO, CA, June 13, 2022 — Cybersecurity news weekly roundup. Stories, news, politics and events impacting the network security industry during the last week. Brought to you by NetworkTigers.

First quarter of 2022 sees phishing attacks at all time high

According to the Anti Phishing Working Group (APWG), phishing attacks in the first quarter of 2022 have reached an all time record having surpasses one million for the first time. March of this year was the worst month yet recorded with more than 384,000 attacks logged. The majority of the attempts targeted financial organizations. Read more.

US water utilities vulnerable to cyberattack

US water utility providers remain underprepared for cyberattacks, according to a statement from the Center on Cyber and Technology Innovation (CCTI) and the Cyberspace Solarium Commission (CSC 2.0). Due to the decentralized nature of facilities that serve small towns, many plants are understaffed and do not have the budgetary means to create a robust defense system. Read more.

Average American has suffered 7 data breaches since 2004

A report from Surfshark reveals that US citizens face a greater number of online threats than the rest of the world with around 15% of all breached users globally being American. Most of these breaches occur as a result of poor password hygiene and a lack of adherence to basic cybersecurity principles. The data shows that the average American has had at least seven instances of their data being breached since 2004. Read more.

Paying after ransomware attack increases likelihood of further hacks

According to Cybereason’s April ransomware survey, victims of ransomware attacks who paid their attackers were often attacked repeatedly as a result. Furthermore, the data shows that often the data returned to the victim is corrupted due to the decryption process. The report shows that nearly 50% of those who paid their attackers fell victim to a subsequent attack within 7-10 days. Read more.

Chinese hackers breach US telecoms

In a joint security advisory, CISA, the FBI and the NSA has reported that state-sponsored Chinese hackers have been hard at work breaching telecom companies to nab credentials and data. The advisory describes how hackers used known vulnerabilities to hack into everything from major networks to unpatched personal routers. The government agencies are urging all to update their systems to the latest software versions and ensure that all patches are installed properly. Read more.

FBI shuts down SSNDOB black market

In a collaboration between the FBI and International authorities, the domain belonging to SSNDOB has been seized. SSNDOB is a popular marketplace for purchasing Social Security numbers and other stolen personal data with Bitcoin. Data for more than 24 million people from the US, as it largely focused on information belonging to American citizens. Much of the data posted on the site was obtained via healthcare breaches. Read more.

2 million people affected in Massachusetts healthcare breach

Massachusetts-based Shields Healthcare Group has reported that is suffered a a breach that has potentially impacted 2 million people. In late March, an individual gained unauthorized access to information including Social Security numbers, full names and a wealth of personal health information. Shields Healthcare Group has over 30 locations in the New England area. Read more.

CISA initiates “More Than A Password” social media campaign

In an effort to increase the implementation of multi-factor identification among the public and businesses, CISA has initiated a social media campaign called “More Than A Password.” The most common password in the US is “12345” and hackers take advantage of lax password hygiene and habits employed by everyone from small business owners and individuals to high level executives and more. Read more.

QBot malware used to push Black Basta ransomware

The Black Basta ransomware gang has teamed up with the purveyors of QBot malware to spread their ransomware through infected systems. Qbot is technically a banking trojan that steals login credentials on Windows systems. However, QBot’s devs have collaborated with a number of ransomware gangs, allowing them to piggyback on the malware, which is usually spread via phishing. Read more.

Bored Ape Yacht Club (BAYC), one of the internet’s leading NFT collectives, has been hacked. The hack was carried out due to a successful phishing attack that impersonated the community’s manager, Boris Vagner, after using his Discord login credentials. Thieves made off with $360,000 worth of Ethereum cryptocurrency. Read more.

Russia’s Ministry of Construction site hacked

Russia’s Ministry of Construction’s website has reportedly been hacked, now leading to a site that says “Glory to Ukraine.” While hacktivist collective Anonymous has declared war against the country’s government in response to the invasion of Ukraine, it is not currently known who is responsible. Russia’s state news agency has relayed information that states that no personal data was stolen in the hack. Read more.

More cybersecurity news

5 ways to save money on cybersecurity and network equipment

0
save money on cybersecurity

As any IT administrator can attest, robust data protection does not come cheap. Any means by which one can save money on cybersecurity gear is welcome.

Between hardware upgrades, repairs, replacements, service subscription fees and even the additional expense of keeping your network equipment cool and ventilated, most companies find themselves dedicating between 0.2% and 0.9% of their revenue to their cybersecurity, with this number varying due to company size and industry. 

Financial organizations, for example, spend about 10% of their IT budget on security. 

Microsoft, however, allocates $1 billion a year to cybersecurity initiatives, which are obviously a tremendous priority for such a major tech enterprise.

While determining how much of your company’s budget to spend on security can be a complicated consideration, finding a few ways to save money along the way is simpler than one might think.

1. Save money on cybersecurity with refurbished gear

Buying brand new gear comes with more than just a hefty price tag.

New hardware that has not had time to be fully utilized in wild, real world security environments may harbor exploits that are yet to be discovered by developers and hackers alike.

New tech may also be rife with built-in bugs. This can make recently purchased, cutting edge gear a time bomb, ready to explode the moment you attempt to implement it in a situation that the manufacturer may not have adequately tested for.

Purchasing refurbished gear is therefore not only a way to save money on cybersecurity equipment, but also a more sound security strategy altogether.

Previous years’ equipment has had months of actual implementation across a wide spectrum of applications and configurations. During this time, manufacturers are able to release security patches and firmware updates that address any vulnerabilities as they are discovered.

Additionally, widely used gear will likely have a large user base from which to gain knowledge. 

If you are not able to find the information you need already posted somewhere, IT and cybersecurity websites, YouTube channels and forums will have users from all over the world who may be able to answer questions you may have from their own personal experience.

However, it is important to purchase equipment from a reputable supplier that carries refurbished products from highly regarded manufacturers. Be sure the company in question provides easily accessed customer service, as well as a guarantee that lets you know they stand by their products.

At all costs, avoid low cost knockoffs or too-good-to-be-true prices from marketplaces like Amazon and eBay. These sites are often full of knock-off products and some sellers provide few options for recourse in the event of your dissatisfaction.

2. Fully utilize the tools you already have

Hardware manufacturers may lead the public to believe that the only way to fully protect your network is by purchasing their new products. 

Being that cybersecurity is a quickly and constantly evolving field full of opportunists fast to pounce on newly discovered exploits, there is a kernel of truth to the sense of urgency that this type of advertising language employs.

Occasionally there are indeed cases where a company has a unique threat that is specific to their business and requires a new or very specific piece of technology. However, a shiny new box is rarely a substitute for proper implementation of the tools you likely already have at hand.

A protocol that implements a firewall, an intrusion detection system (IDS), anti-malware protection, authentication/authorization processes and an auditing system will cover the bases needed to maintain security.

Be sure to keep your system properly adjusted and dialed in to prevent any cracks from forming in your defenses.

Tightening up your network under the direction of an experienced security administrator may even result in some equipment becoming redundant. As an added bonus, gear that is not needed can be sold, with the resulting money put back into your security budget.

3. Use older hardware to perform basic functions

It may seem counterintuitive to use old gear against new threats, but putting outdated computers to work performing basic network jobs is a great way to save money on cybersecurity and networking equipment. 

By using the Linux platform, seemingly obsolete hardware can be re-purposed in order to perform as firewalls, fire servers, routers and more. Without needing the power requirements to run the latest Windows OS, many laptops and desktop computers can find new life performing simple, foundational background tasks.

Be sure, however, that your older machines don’t introduce any new vulnerabilities into your system via compatibility issues, unpatched exploits or unsupported legacy products.

4. Migrate to the cloud

One of the biggest ways to save money on cybersecurity and network hardware is to not have to purchase it at all.

In today’s age of cloud computing, many companies opt to outsource their networks to cloud service providers and, in turn, follow suit with their security. 

There are many advantages to taking this approach. Most notably, companies are able to save the funds that they would otherwise need to pay for the space and additional staff needed to house and administer an in-house network.

Usage of the cloud also allows for further flexibility when it comes to remote workforces.

However, cloud computing is not for everyone and does come with its own special security considerations. Additionally, monthly subscription expenses that see you paying for services you may not require will add up over time.

Business owners and IT administrators will need to think carefully about whether or not they should adopt a cloud strategy. 

5. Maintain your equipment properly

Network and cybersecurity equipment is meant to be continually running to provide you with nonstop service.

This constant activity, however, means that you will need to maintain your equipment properly in order to extend its working life. 

Cleanliness is critical. Environments full of dust or moisture can significantly decrease the lifespan of your gear.

Particulates accumulate in fans and on circuit boards, insulating components and forcing them to work under high temperatures.

Humidity can corrode delicate metal components and also cause dust to cake and stick more easily to surfaces.

Equipment requires space with adequate cooling and ventilation. Temperature settings need to be maintained low enough not just to keep your gear at safe operating temperatures but also to contend with the heat it will naturally produce while operating. 

While cooling and ventilation comes at a cost when it comes time to pay the utilities, you are likely to save money in the long run on the equipment itself if you can squeeze a few extra years out of hardware that has not been consistently running hot under adverse conditions.

Sources

Remote cybersecurity ensures safe working from anywhere

0
remote cybersecurity

NetworkTigers discusses how remote cybersecurity ensures you can work safely from anywhere.

Remote work, and therefore remote cybersecurity, has become a mainstream topic thanks to stay-at-home mandates and safety protocols initiated in response to the COVID-19 pandemic. 

However, working from home, while traveling or from a coffee shop creates a potentially dangerous cybersecurity environment. Unsecured wifi and web browsing without the safety of a company-wide firewall or security system can have potentially dire consequences. 

In today’s world of remote workforces, what are some ways that you can take full advantage of modern work’s flexibility while still maintaining tight security?

Remote cybersecurity demands excellent password hygiene

Advice regarding passwords is easy to ignore in favor of simple, easy to remember credentials that you can apply across a wide range of user accounts.

However, the importance of strong passwords when it comes to remote cybersecurity can’t be overstated.

With simple guesses and social engineering tactics, the bad guys are experts at exploiting weak login credentials. For users who keep the same passwords across everything from work email accounts to banking apps, a compromise can result in disastrous consequences.

Passwords should be impossible to guess and made up of a random series of letters, characters and numbers. Never use important dates, names of loved ones, sports teams or any other words or phrases that might be guessed.

Also, do not use the same credentials across multiple accounts. Doing so can give a hacker a potential skeleton key that can unlock all of your personal and business accounts.

Set up multi-factor identification

With hackers finding ever more devious ways to scrape the internet for information and leverage credential stuffing to break into user accounts, it takes more than just a challenging password to feel safe.

In addition to login credentials that are randomized and impossible to simply guess, set up multi-factor identification across as many accounts as possible. The more obstacles you can put between your data and the bad guys, the less likely you are to suffer a compromise or breach.

Cybercriminals are largely opportunistic. If you make cracking your account challenging, hackers attempting to break in will likely become disinterested and seek softer targets.

Avoid public wifi whenever possible

Public wifi puts no barriers or walls between your web activity and the eyes of criminals looking for easy targets. 

From airports to cafes, public wifi is a convenience that is likely not worth the risk.

Avoid public wifi by using a cellular device as a hotspot. This will prevent the general public from having the means to view your web traffic and keep your work to yourself.

Major carriers, for an additional fee, will allow you to use your smartphone as a hotspot device. While its usage will count against your data allotment, many plans are available that prioritize hotspotting and data usage.

Do the research and invest in the ability to maintain remote cybersecurity while working in public places.

Use a virtual private network (VPN) to maintain remote cybersecurity

Whether working remotely or in the office, it’s wise to use a VPN.

VPNs allow you to shield your network and internet usage from view. To put it plainly, if the internet is a highway then a VPN provides you with your own personal tunnel that prevents your travel from becoming public.

Be sure to shop carefully before purchasing a VPN service. Different providers cater to different types of users. You will want to use a VPN that provides the type of security you’re looking for but doesn’t cost you an arm and a leg in features that you don’t need.

Don’t use your personal devices for work

It can be tempting to use your personal phone, tablet or computer to take care of some quick work details.

IT administrators need to continually keep up with security updates and patches. These updates tend to take place in the background, meaning that your work devices are likely to maintain current security fixes that your personal ones may lack.

Employees utilizing their own, unsecured devices to access company apps and systems is referred to as shadow IT, and is a major headache when it comes to organizations’ efforts to maintain tight cybersecurity.

To keep your data, as well as your company’s, as secure as possible, only use business-provided devices for work.

Hide your screen

It may seem old fashioned, but snooping is still an effective way to gather information on someone that could be used to gain unauthorized account access.

Try to work in areas where people aren’t able to sit behind you to view your computer or phone screen. 

You can also install privacy screens on your devices that greatly restrict the viewing angle one needs to actually see your display. This means that only the person directly in front of the screen is able to read or view it. 

It may be surprising to learn how critical the prevention of basic social engineering and spying tactics is when it comes to remote cybersecurity.

Don’t neglect physical security

With so much focus on digital espionage and theft, it can be easy to forget about the physical security of your devices. 

A stolen laptop, tablet, phone or memory drive can put a tremendous amount of access into the hands of a criminal. 

Never leave your devices unattended. Laptops left on a table while you refill your coffee are easy marks for snatch and grab schemes and working regularly from the same area using a range of expensive devices can make you a target.

Additionally, never leave your devices in your car, especially in plain sight. 

Keep your devices in a backpack or other bag on your person at all times if you have to get up and move. 

Additionally, be sure to keep your devices locked up with a password. While most physical thefts are perpetrated by those looking for a quick resell, criminals are becoming savvier and many are realizing that the data kept on a company-provided laptop may be worth far more than the machine itself.

Never use a mysterious thumb drive

It may sound silly, but hackers will sometimes leave thumb drives loaded with malware near organizations that they wish to breach knowing that human curiosity sometimes outweighs prudence.

Plugging a mysterious USB drive into your machine opens your system up to whatever may be lurking on it. 

While a “free” memory stick might be a lucky find, avoid the temptation of looking into it. Instead, bring it to any relevant lost and found desk in case someone accidentally left it behind. 

Implement a zero-trust remote cybersecurity strategy

If you are an administrator looking to keep security tight in spite of a remote or hybrid workforce, zero-trust architecture is quickly becoming the new standard for remote cybersecurity.

Zero-trust strategy operates by assuming that every user is a potential security threat. Each access point requires explicit permissions that can be revoked by an identity management system. Implicit trust is no longer granted meaning that every step a user takes is continually validated and vetted for security. 

Sources

Cybersecurity news weekly roundup June 6, 2022

0
roundup June 6

SAN MATEO, CA, June 6, 2022 — Cybersecurity news weekly roundup. Stories, news, politics and events impacting the network security industry during the last week. Brought to you by NetworkTigers.

Pharma company Novartis hacked

Novartis, a major pharmaceutical company, has been hacked by a data extortion gang known as Industrial Spy. Industrial Spy has put Novartis’ data, in the form of 7.7 MB of PDF files, up for sale on their Tor marketplace with a price of $500,000 in Bitcoin. Novartis has stated that they are aware of the incident and that no sensitive information was breached in the attack. Read more.

Evil Corp gang uses LockBit ransomware

The Evil Corp cybercrime gang, in an effort to evade sanctions from US authorities, has begun to use LockBit in their ransomware schemes. Experts believe that this switch may be partly to allow Evil Corp to continue operations without using a proprietary piece of malware that may lead authorities to them. It is also considered that this switch might be allowing Evil Corp the ability to develop their own RaaS software while still continuing to pull in money from scams. Read more.

FluBot malware network dismantled

FluBot, a piece of malware that has been plaguing Android devices since 2020, has been in the crosshairs of international authorities who have just taken down the malware’s network, rendering it inactive. FluBot was spread via text messages that purported to send Android users to a package tracking service or voicemail, but instead installed the FluBot trojan on their device. The trojan would then send similar messages to all of the user’s contacts. Read more.

New Clipminer malware steals crypto

Clipminer, a newly discovered malware operation, uses its trojan of the same name to mine for crypto on infected machines, hijack transactions and steal wallets. The malware has been spreading via YouTube videos, P2P networks and torrent indexers. The malware has allowed its purveyors to bring in $1.7 million in stolen funds. Read more.

FBI blocked cyberattack targeting children’s hospital

According to a statement from the director of the FBI, last year the organization thwarted Iranian cybercriminals in their effort to hack Boston Children’s Hospital. The planned attack is said to have had the capability to disrupt the hospital’s operations and potentially seriously affect the patients under the facility’s care. Read more.

Twice as many healthcare organizations choose to pay ransom

According to data from Sophos, healthcare organizations experienced a 94% increase in ransomware attacks in 2021. Last year also saw 61% choose to pay a ransom to release their system as opposed to 34% in 2020. It is unknown if the increase in attacks has simply inflated the numbers or the willingness of healthcare organizations to bend to the will of their attackers has made them more popular targets. Read more.

Anonymous claims credit for Belarus hacks

Belarus government websites were taken offline by Anonymous, according to a hacker associated with the group. Belarus has been in the crosshairs of the hacktivist group due to the country’s support of Russia’s invasion of Ukraine. The websites are back online, however, and it does not seem as though the takedowns have created any long term damage or disruption. Read more.

“Follina” bug compromises Microsoft Office

A zero-day exploit has been found within Microsoft Office that can give an unauthorized user the ability to run malicious code on a victim’s computer. The bug, named Follina, uses the remote template feature in Microsoft Word and is able to bypass Microsoft’s Defender AV scanner. It is not known if this eploiut has been used yet in the wild. Read more.

Social engineering is favored tactic for financial org hacks

According to a report from ZeroFox, social engineering is the number one tactic employed by hackers seeking to infiltrate the networks of financial organizations. Social engineering is the manipulation of a human employee in order to gain login credentials or access to protected data. Hackers have been known to use humanitarian crises, such as the invasion of Ukraine, to create narratives that encourage people to provide the information they need. Read more.

CISA releases 5G security check

CISA has created a five-step plan that can be implemented in order to help organizations remain secure while deploying 5G apps. The report also mentions security considerations that people may not be aware of when moving to 5G. In spite of 5G being more secure, the complexity of the transition may allow vulnerabilities and security gaps to appear. Read more.

More cybersecurity news

Should you implement network segmentation for better cybersecurity?

0
Network segmentation

NetworkTigers discusses network segmentation.

To help maintain a robust degree of privacy and cybersecurity, many organizations are turning to network segmentation. With both pros and cons associated with it, network segmentation is not for everyone and should be carefully considered before implementation.

What is network segmentation?

Traditionally, a company’s network is singular, allowing anyone within it to access a wide range of files and data related to a variety of operations.

Network segmentation is the breaking up of an organization’s network into “sub-networks” that can be compartmentalized as an administrator sees fit.

A segmented network will contain smaller networks that are each associated with specific departments, operations and data accessibility. Unless given high level permissions, employees or contractors only have access to the sub-network they need to perform their tasks and are unable to poke around into files and data that are not required in their day to day work.

Network segmentation pros

Increased hacking protection

A segmented network means that if a sub-network is breached, the threat actor is now confined to that area and will have to work once again to force their way into another part of the system. This means that cyberattacks take longer to carry out and can be more easily contained.

Containing a threat to a single sub-network allows IT administrators the extra time they may need to bolster security elsewhere, fully understand the type of threat they are experiencing and therefore prevent it from accessing other parts of the organization.

Damage from a breach can also be isolated and addressed easier than if it were to spread to the entire network.

Additional security layers

Building walls between sub-networks makes it harder for unauthorized users to view, download or otherwise access information that they shouldn’t.

Even a seemingly innocent or accidental viewing of proprietary data or the private data related to clients or the company itself constitutes a “breach.” Making it challenging, or even impossible, to explore other parts of a network goes a long way to preventing human error or internal data compromises.

Less network congestion

Network segmentation can facilitate a better experience as it prevents sub-networks from being bogged down by web traffic that is not associated with it.

For example, a company can put their public wifi into its own sub-network, allowing the devices associated with actually doing business to not suffer from the burden of a congested network.

Network segmentation cons

Complex implementation

Segmenting a network, especially a large one that may be used by tens if not hundreds of employees, can pose a significant logistical challenge to administrators looking to compartmentalize their systems in a way that makes sense.

The various permissions, passwords and firewalls required to maintain segmentation quickly add up and may pose additional risks with regard to human error.

Segmenting an existing network that has already been in use for a number of years means that many old habits will need to die hard and entirely new workflows and processes will need to be designed, implemented and overseen in order to ensure that work can continue with little interruption.

Less flexibility

Modern workforces thrive on flexibility and the quick, easy exchange of information.

While this free workflow can allow for swift, holistic business operations, it also contains within it the specter of shadow IT and the risks associated with it.

A segmented network will contain a degree of rigidity that, while a benefit for security, may sometimes frustrate or obstruct collaboration. 

Especially with hybrid workforces made up of remote employees and contractors, network segmentation can create hoops to jump through and red tape to cross in the form of permissions and access restrictions.

Cloud networks vs. traditional networks

Segmenting a traditional network that exists physically in a server room involves an investment in the hardware, wiring and infrastructure needed to literally break the system up into smaller portions.

A network that exists in the cloud requires different considerations in that it necessitates breaking the network up into virtual private clouds (VPCs).

Your organization’s current network arrangement will play a large part in determining whether or not an investment in the time and money needed to properly segment it makes sense.

Is segmentation right for your organization?

Given the pros and cons of network segmentation, it may not be the right path for businesses that are especially small or do not implement a hybrid workforce. 

Most small to medium businesses might be better off using a single traditional network, especially if segment implementation will require a substantial investment in new hardware and additional staff.

Small companies may want to simply set up an additional network for employee devices and internet of things considerations that will provide at least a degree of separation between a widely trafficked wifi network and the machines and data used to conduct business.

Implementing a virtual private network (VPN) is also a major step when it comes to keeping your data safe from outsider access.

However, larger organizations that are already used to maintaining tight permissions and prioritize efficiently siloed workflows may find the transition to be less painful and worth the effort.

Maintain good cybersecurity

Regardless of which direction you opt for when it comes to your network, basic cybersecurity protocols should be in place. Most hacks and breaches occur not because of highly sophisticated criminal enterprises but because cybersecurity rules are either not in place or poorly enforced.

  • Keep everything updated. Whether you’re hardware based or up in the cloud, ensuring that your operating systems, web browsers, firmware and antivirus protections are continually and regularly updated will help keep you defended against exploits and continually evolving malware.
  • Educate your workforce. Phishing attacks are successful because criminals know that a certain percentage of people on the receiving end will fall for their tricks. Be sure to keep your staff fully aware of the tactics used by hackers. Consider sending out a weekly newsletter keeping them up to speed on the latest threats.
  • Stay informed. A wealth of cybersecurity resources are available online that will keep you privy to the latest cybersecurity news. From state-sponsored hacks to the latest bugs, updates and phishing scams, keeping a finger on the pulse will help you stay safe.
  • Maintain and enforce good password hygiene. Be sure that network passwords are impossible to guess and are not used across multiple accounts. Consider a policy in which passwords are regularly changed to help prevent old credentials from  being used to create new problems.

Sources

What is cybersecurity TCO and why does it matter?

0
Cybersecurity TCO, Total cost of ownership

NetworkTigers discusses cybersecurity TCO.

Investing in cybersecurity is crucial in today’s modern landscape. However, in order to do so effectively, one of the most important things to understand is cybersecurity TCO. Accounting for TCO can help you make informed decisions about cost, setup, efficacy, and the longevity of systems. 

What is Cybersecurity TCO?

TCO stands for Total Cost of Ownership. There are many factors that need to be accounted for in order to fully understand the TCO of a cybersecurity installation.  

TCO could be a comprehensive assessment of the information technology landscape of your company over time. It can also be broken down per security structure, in order to calculate and justify the possible return on investment. 

Understanding TCO

TCO is much more than the price tag up front of upgrading to a new system, or hiring a new IT manager. Cybersecurity is a complex field, and many factors may be included when assessing TCO. When making decisions about your cybersecurity networks, there are some ways to shape and understand your TCO so as to “hack” your own upgrade expenses. 

Aiming for a lower TCO may mean investing in slightly more expensive equipment at the start. It may also mean choosing less expensive refurbished gear, and investing those financial savings in extended user training to reduce overall error. There is no one right way to reduce TCO in cybersecurity. However, by understanding what to account for in your calculations, information technology can be chosen with the most effective path forwards in mind.

What is Included in TCO?

Some examples of what to look for when accounting for TCO include:

Equipment Cost

The initial cost of equipment is the easiest to factor in when it comes to understanding TCO. The sticker shock of purchasing new cybersecurity equipment often gives consumers pause when deciding to invest in upgrading their operating systems. However, by choosing quality refurbished equipment, businesses can lower their overall TCO by reducing the upfront cost. The lower price tag of refurbished cybersecurity gear not only leads to lower initial expense, but a reduced total cost of ownership over time. 

Service Costs

Some cybersecurity gear has a higher operating cost over time. Programs that are difficult to install or use, networks that require extensive upkeep, or especially skilled IT professionals to maintain, will have higher service costs than others. 

Warranties may reduce overall service costs, lowering your TCO. Additionally, choosing gear without annual licensing fees can also reduce your upkeep expense over time. 

Training

Researchers at Stanford University estimate that approximately 88% of data breaches arise because of human mistake, or user error. The data also shows that employees are less willing to admit to or catch their own mistakes when in environments that will judge them harshly, or impose severe consequences. A punitive work environment, as well as lack of user training, are two main hurdles to ensuring that costly cybersecurity equipment can work as promised.

When selecting cybersecurity gear, it is crucial to bear in mind who will actually be in charge of implementing and using the software. If extensive training will be necessary to make even lower-cost gear work as promised, the overall TCO will be higher than expected. 

Calculating Hidden Costs

In order to calculate TCO, you must assess the purchase price of an asset (ie, a new firewall system) plus the added costs of operation. This equation will give you a more full financial picture of the true cost of the purchase, and how much value it can add to your organization balanced against the total cost of investment. 

One unforeseen hidden cost that comes from not investing in upgraded cybersecurity measures is lack of consumer or business-to-business trust. A loss of confidence in data protection can be deadly for a business. When assessing the total cost of an upgrade, a balanced analysis will also account for the risk of not upgrading as well. Data breaches are costly experiences not only in terms of real dollars – they also take a toll on a business’s overall credibility and brand worthiness. 

Examples of Comparative TCOs

In cloud-based systems, there are often very low up-front costs. Implementing most internet cloud-based systems has a starting cost of zero. Additionally, the cost of user training may be lower, as many employees might already be familiar with certain cloud-based operating systems. However, the cost down the road of expanding can be higher, as storage fees can rise with certain cloud-based systems. 

Why Does TCO Matter?

TCO can be used to:

  • Justify the cost of upgrading cybersecurity equipment
  • Make smart choices about the overall cost of financial decisions
  • Protect and preserve consumer, client, and inter-business trust
  • Create a shortlist of comparative investments 

Additionally, by investing in refurbished equipment, businesses can significantly lower their overall TCO, taking a more streamlined and cost-effective approach to cybersecurity. 

Budget-friendly cybersecurity is possible, and TCO is a method of maximizing your total IT spend. Assessing total cost of ownership, as opposed to just sticker cost, of cybersecurity methods can help businesses make the smartest possible decisions for their needs and account for lasting longevity and growth. 

Sources