To view VB Transform 2023 sessions, visit our on-demand library. Please register here.
Many of us connected to the Internet are constantly concerned about the growing threat of cyberattacks. Malware, phishing, and social engineering are all tactics that can easily target the average user.
It’s natural to worry about how cyber threats are carried out, but the typical hacker portrayed in the media – using sophisticated programming and malicious programs to attack targets from dark basements Most of the stories about harassing and harming people are fiction. Actual attacks are more routine, but have equally serious consequences.
The harsh reality is that most of today’s cyberattacks are not as sophisticated as once thought, especially when compared to previous tactics that have grown with the increasing popularity of interconnected devices. While some attack techniques have become more sophisticated and mature, many attack vectors have remained the same over the years and still remain highly successful, largely due to social engineering and human error. Thing.
Maintain (and maintain) cyber resilience
Cyber resilience is an organization’s ability to anticipate, withstand, and recover from potential threats without significantly impairing or disrupting business productivity. By leveraging new technology, staying “cyber fit,” and building a comprehensive recovery and recovery system with the right tools and resources, you can stay one step ahead of cybercriminals.
So, continuing to maintain cyber resilience is one of the most important steps you can take to protect yourself and your organization.
In this two-part series, we outline some of the biggest cybersecurity risks across industries and how to mitigate them. This starts with the easiest computers to hack: people.
most hackable computers
The human brain has always been one of the easiest computers to hack. Although some attack techniques have evolved over the years, the use of social engineering in carrying out most attacks remains consistent.
Most successful cyberattacks result from simple user mistakes or failure to follow established best practices. For example, using weak passwords or using the same password for multiple accounts is a very dangerous but unfortunately common practice.
When a company is compromised in a data breach, account details and credentials can be sold on the dark web, and attackers can try the same username and password combinations on other sites. This is why the use and implementation of both third-party and browser-native password managers is on the rise. The practice of two-factor authentication (2FA) is also increasing. This security method requires the user to provide another form of her identity other than a password. This is usually done via a verification code sent to another device, phone number, or email to his address.
The next step is the Zero Trust access method. Here, additional data about the user and his/her request is analyzed before access is granted. These measures help ensure password security by storing passwords encrypted or adding an additional layer of security through secondary authentication.
Phishing remains prevalent
The human tendency to be easily manipulated is evidenced by the consistent deployment and success of malicious phishing emails. No matter how well a company’s staff is trained in security awareness, there will always be at least one curious user who falls for the scam and clicks on his phishing link.
These malicious links can lead to well-designed websites that impersonate other known sites, tricking users into giving up their credentials, or leading to unknown sites that may contain malware. Make the attachment open. Although these emails are usually not very sophisticated, social engineering can be very convincing. 98% of cyber attacks It is carried out through social engineering tactics.
Social engineering is when an attacker exploits the volatility of human error through social interaction to victimize a target, usually by impersonating a trusted organizational representative. Therefore, users must adopt a multi-level cyber protection approach to keep their systems truly secure.
Sophisticated Advanced Persistent Threat (APT) groups
That being said, some very sophisticated attack techniques exist, primarily carried out by the Advanced Persistent Threat group (APT). For example, in a software chain attack, an attacker uses malicious code to compromise legitimate software before it is distributed. This type of attack is not easy to block and is not new. Examples include CCleaner, ASUS, SolarWinds, and many others.
In this type of attack method, the threat actor attempts to compromise a trusted vendor and use that channel to infiltrate the target. This can occur to varying degrees, but the most sophisticated is when an attacker manages to completely compromise a software vendor and embed a backdoor into the next software release.
If successful, this could be very sneaky as the malicious update would be sent from the original vendor’s website and also include official release notes and a valid digital signature. Unfortunately, until that point, the user has no way of knowing that the update is malicious.
Even if the victim only installs the update on a few computers to test compatibility, the malicious payload may not be revealed. This is because such malware typically “sleeps” for several weeks after installation before releasing its payload. For this reason, the only viable way to protect against such attacks is to monitor the behavior of all applications on the system in real time, even if the program is believed to be legitimate.
Beyond the Trojan Horse
Attacks through the supply chain are not limited to embedding Trojan horses in software. Last year, his application services provider Okta was compromised by his Lapsus$ attacker group. The malicious group gained access to part of the admin panel and was able to reset passwords, allowing attackers to bypass strong authentication. This resulted in data breaches for some of Okta’s customer base, including high-profile customers such as Microsoft.
Similarly, MSPs are increasingly facing infrastructure attacks. Using this technique, attackers compromise the very software tools used by service providers to deploy new software packages, deploy patches, and monitor various endpoints.
For example, if an attacker guesses an administrator’s email password or obtains it through a phishing attack, they could reset the software deployment console password, at least if multi-factor authentication is not enabled. There is a gender. Once they gain access, cybercriminals can distribute their own malware through the same process.
Attackers can then exploit efficient software control methods to not only compromise all of an MSP’s customers, but also use the same methods to disable security and monitoring tools and delete backups. There is a possibility.
In Part 2, we discuss other types of attacks that remain common across industries, including subscription-based attacks and new threats posed by AI.
Candid Wüest is Vice President of Research. acronis.
data decision maker
Welcome to the VentureBeat community!
DataDecisionMakers is a place where experts, including technologists who work with data, can share data-related insights and innovations.
If you want to read about cutting-edge ideas, updates, best practices, and the future of data and data technology, join DataDecisionMakers.
Why not consider contributing your own articles?
Read more about DataDecisionMakers