Massive shifts in the cybersecurity landscape makes businesses even more vulnerable. Are you prepared?
With more talk of ransom attacks—ones like the 2017 Equifax attack that originally had underestimated the number of people impacted—business cybersecurity in 2018 is changing in ways even security experts could not have predicted a year ago.
With massive vulnerabilities spanning the gamut from hacking Intel chips to data breaches at major IT vendors like Allscripts (which impacted hundreds of thousands of patient records!), businesses are scrambling to figure out: (1) what to do in 2018 to prevent an attack or costly data breach and (2) how to implement effective business IT security without paying out the nose for it.
Since many businesses in and around the Philadelphia metro have been victims of ransomware and phishing attacks already in 2018, I wanted to take another stab at laying out what are some things to critically think about with your leadership teams NOW in Q1 to avoid risking your business continuity from an attack this year, which are predicted to increase as the year progresses.
What are cybercriminals doing differently this year so far?
Essentially, they are adding more fuel to the fire! Cyber masterminds are testing new ways to more effectively penetrate old vulnerabilities. One of the newest ways criminals are detecting your unpatched or under-protected network is by using a variety of sophisticated network scanning tools.
Looking from the outside in, they are able to evaluate hundreds upon hundreds of recently (and not so recently) identified network vulnerabilities to give them virtually carte blanche access to your servers, protected user data, and valuable client information.
What exactly do these cybercriminals detect in network scans?
These criminal masterminds are using state of the art network scanning technologies—similar technologies that we use to detect security risks during our free network security assessment—to hunt down sitting duck targets for their ransom campaign.
Essentially, criminals are looking for unapplied patches to Windows, Adobe, or other software on your network where updates are available (updates either you or your IT Support guy forgot about or still on a To Do list somewhere) that could severely threaten your business data security or business continuity if left unfixed. They also are looking for legacy systems (software or operating systems that no longer are supported).
‘Clickless’ attacks are becoming the norm rather than the exception
While in 2017 we noticed an uptick in phishing scams, it looks like the rest of 2018 might be dedicated to clickless attacks that bypass users altogether.
[Note: Phishing scams ARE still a very real concern in your business cybersecurity landscape. W2 scams are rampant all over the US right now. All a scammer needs is some basic info—your SSN, name and date of birth and they can file your taxes for you (and claim a nice hefty refund). If you haven’t filed your taxes, you might want to consider doing so ASAP!]
Given that users are becoming more wary of the current phishing scam techniques (but I’m sure scammers will come up with some new ones we’ll soon be talking about), they have found that IT Security itself is inherently weak and much easier to attack and penetrate since IT teams aren’t vigilantly patching, monitoring and securing business networks (that’s where 3rd party network security assessments may save your bacon!).
Why try to convince users to do something when IT guys aren’t paying attention? It’s easier to simply penetrate your network by looking for all the overlooked or deferred maintenance on your network. Having removed your end-users out of the equation in many attacks makes it easier for them to massively attack numerous businesses at once.
Clickless attacks leave entire networks encrypted—that means your billing, accounting, sales, marketing, operations—you name it—without critical files to get their jobs done. In addition to risking paying ransoms (which will simply bolster more attacks, you risk downtime for your ENTIRE staff, legal fees and PR nightmares that might risk your business’ longevity.
Are you sure your network is secure enough to avoid an attack like this?
The oldest security advice in the industry—make sure patches are applied AND tested regularly. Identify your risks and prioritize fixes to your biggest vulnerabilities or those that pose biggest risk to the sustainability of your organization. Consider a 3rd party security assessment that can spot out malicious activity or open doors to these ‘bad guys’ if in doubt.
And criminals are in fact parasitizing your network
Who would have thought that cybercriminals would use your network tools against you? Known as ‘living off the land’, attackers are leveraging your IT infrastructure, processes, and tools to evade detection on your network.
Some of the most recent malware use your Windows Management Instrumentation to propagate throughout your network. Others have shown to hijack PowerShell or Windows Credentials Editor to break through. The common theme that’s been popping up is that viruses are able to spread through large networks (hitting every single workstation or server connected to it) like wild fire.
One of the biggest issues with these attacks is that your IT Security team likely won’t deem network activity used by recent viruses as suspicious because the processes being used are routine in your environment. When the line is blurred between malware and administrative tools, your IT team probably won’t detect anything until it’s too late (unless they really know what to look for).
To help prevent spread of a virus throughout your network, your IT team really should disable tools and processes that aren’t used. They should consider deploying security monitoring that doesn’t solely depend on file scanning.
Criminals are also ‘worming’ around your network
As we’ve seen over the past year or so, malware with worm capabilities is on the rise. The problem is these worms are much more malicious than those worms we might remember in the ‘90s.
Malware with worm behaviors are able to laterally snake through your network autonomously, making them hard to stop once they’ve gotten in. These attacks have commonly arisen from unpatched networks or from phishing campaigns. These worms can leave backdoors in your network, allowing for recurring security nightmares down the line.
Your IT team critically needs to be able to stop an attack from the outset. Waiting for users to report symptoms of an attack—such as encrypted files popping up on their desktop—is too little too late in this current threat landscape. Because criminals have been seriously thinking about how to most effectively penetrate your entire network, the likelihood of a complete infection once users start reporting issues is quite high.
Bottom line: the 2018 cyber threat landscape is worse than before. If your IT support is thinking it can rely on tactics it had ten years, five years or even a year ago, they’re sorely mistaken. Rapidly evolving attacks are being released at an alarming rate this year. You need to not only be aware of these new threats, but understand how to effectively implement security that will prevent an attack from shutting your network down.
First step to cybersecurity prevention? Understanding what needs to be fixed. Consider a FREE network security assessment ASAP!