Knowing, Assessing and Understanding the Threats to the InfoSec Body (Part Two)

Article Published – By Stephan Kaplan

Thank you for continuing to learn and understand the threats to the infosec body.  Here are some of the more prevalent threats to your organizations CyberSecurity Wellness:

Ransomeware

Ransomware: Although there has been a slight downturn in its use overall (especially when large corporations are the intended target), ransomware still weighs heavily on the mind of CyberSecurity experts and especially on the minds of small and midsize business owners. Ransomware typically finds its way into your organization through social engineering methods such as phishing, ransomware blocks access to a system or certain data until money is paid. Ransomware code is not typically terribly sophisticated because it does not need to be undetected to achieve the desired result.. It is “easy to implement” and easy to spread, making it a high ROI for hackers and others keen to get their hands on your data, your ransom payment, or both. The best ransomware architects and distributors are well-versed in e-marketing and understand the mind of the average computer user. Their campaigns to get their files into your system will count on a certain lassiez-faire attitude and lack of training on behalf of your staff, as well as your inattention to cybersecurity wellness best practices from a technological standpoint.

Some truly diabolical folks will also set up websites themed around defeating the ransomware. When you access their site, they will infect you further once you download from their site to fight your original infection.

There are hundreds of Ransomware, but some of the more creative ones take advantage of holidays to gain entry into your system. For instance, in February 2019 an entrepreneurial group of hackers embedded ransomware into emails containing valentine’s day cards, using subjects just innocuous (and fun!) enough to lure the casual employee to open the message. Do so, and your computer (and possibly your system) would then be infected with “GandCrab,” the most prevalent and effective ransomware varietal.

Cryptojacking

Cryptojacking uses an untapped resource connected to the internet to create an alternative revenue stream for games or media sites, and reduce reliance on ads. It works by embedding a JavaScript component in a website that can leverage a visiting device’s processing power to mine cryptocurrencies.

Cryptojacking (via a website visit) requires NO download, starts instantly, and works extremely efficiently. Making it even more dangerous, hackers sneak a mining component onto unsuspecting websites and steal cryptocurrency off of the legitimate site’s traffic. This allows the sites to essential ‘steal’ the power of the targets site, its servers, and the CPUs of all entities visiting the site. It siphons off small amounts of energy at a time, but if widely distributed those small amounts add up to large-scale rewards for the cryptojackers. This can be performed not only with your computer but many other devices installed at home , which are connected, commonly known as the Internet of Things (“IoT”).

Cryptojacking effects computer performance and can cause your machine to overheat. For companies, such malicious activity can slow system performance and potentially render systems unusable. The effects can be dramatic or gradual with many victims unaware of their infected status. Indeed, Cryptojacking can occur even on fully patched systems or individual computers.

Another type of Crytojacking occurs via a file infection/virus much like ransomware. One example, “WannaMine” uses a specific exploit which targets Windows PCs and specifically servers. In an infected system, this script then allows external entities and hackers to use the power systems for their own revenue-generating ends.

Cryptojacking will wax and wane with the highs and lows of cryptocurrency, but hackers who understand how to engineer exploits at a large scale will continue to benefit from its existence, and suck the performance out of your machines in order to power their own money-making schemes?. Innovation in this space is likely to continue as a result.

Advanced Persistent Threat

An Advanced Persistent Threat (APT)[i] is a targeted/focused attack that uses a very wide variety of techniques to gain access to your system. It may use SQL exploits, malware, spyware, phishing/spam, and other methods to penetrate. Upon infecting a system, an APT will not immediately announce itself and call for action (like ransomware would). Instead, an APT will allow a hacker access into your targeted/compromised system, where they can browse information and access systems for either extracting certain valuable targeted data or simply browse until something of value is discovered. APT’s are designed for extended long-term occupancy, allowing them to continue to provide data to their operators (by Web mail, for example) for a long period after the actual date of compromise?

To date, APT attacks have been launched at government agencies and facilities, defense contractors, and manufacturers of select products that are highly competitive on global markets as well as vendor or partner organizations that do business with their primary targets.   Many CyberSecurity experts forecast that these “second level” entities are the next fruitful targets for these very sophisticated threats.

We have learned about how we can (and should) look at our information systems and their health the same way we look at our physical bodies and their wellness. In doing so, the concept of CyberWellness, threats to the information system body, and practicing great prevention and fitness begin to make sense.

The three types of CyberWellness threats above represent only three of the largest groups of attacks, within each you will find countless varieties. Scarier still, hacker engineers who create and distribute these threats are constantly innovating. The question we must ask ourselves: are we doing enough to assess our CyberWellness? How well are we protected? Survey results of US businesses, specifically small and midsize businesses, indicate that more than likely your honest answer is “not enough.”

 

In our next article, we will discuss all the methods cybercriminals use to get these nasty elements into the body of your systems and some tips on how you can take preventive wellness steps to prevent entry.

– Stephan Kaplan

About GoldSky Security

GoldSky Security offers small and medium sizes business cybersecurity solutions across the US and currently has offices in Denver, Nashville, Orlando, Phoenix, Tampa & Washington D.C.