Posts

Phishing Attacks Spike Amid COVID-19 Crisis

/in

Cyber AttackIt should be no surprise to you that we are seeing a surge in phishing and other cyber attacks, as criminals look to take advantage of the COVID-19 crisis. A sample of recent news reports illustrates the scope of the problem.

  • In April, the FBI issued a warning about COVID-19 stimulus package scams (CNET).
  • In mid-April, Google reported the daily volume of malware and phishing attack emails jumped to more than 18 million per day (The Verge).
  • Last week, TechRepublic reported a surge in phishing emails trying to exploit DocuSign and COVID-19.
  • Hackers are impersonating Zoom, Microsoft Teams, and Google Meet for phishing scams (The Verge 5/12/20).

Understand the Risk

The risk to your business, employees, and customers is greater at time when your systems may be less secure.

If your employees are using home computers while following stay-at-home orders and guidance, your risk of falling victim to an attack is significantly greater.  Most home computers do not have commercial-grade, next-generation endpoint protections and many run outdated versions of the consumer-grade products installed.

CPR is Still the Best Practice

Our model remains the best, holistic method of avoiding attacks at the human and tech levels, and for responding should something slip through.

Communicate & Educate

  • Remind your employees to be on the look out for suspicious emails, phone calls, web links.
  • Encourage your team to get help and verification if a message or interaction appears or feels suspicious in any way (better safe than sorry).
  • Consider testing employees with simulated attack messages and identify those that may need additional training and guidance.

Prevent & Protect

  • Deploy multi-factor authentication (MFA) and, optionally, single sign-on (SSO) services to prevent the use of compromised accounts.
  • Install Advanced Threat Protection solutions for inbound and outbound email to catch phishing, ransomware, and other illegitimate message.
  • Deploy “next generation” endpoint protection on computers and mobile devices to detect, prevent, and undo damage from dangerous files and applications.
  • Put Web and DNS protection services in place to prevent downloading attacks from hacked websites and identity impersonation.
  • Monitor the “dark web” for direct and third party breaches that may compromise your employees’ business accounts.
  • Take advantage of data loss prevention features built into G Suite and Microsoft 365, and consider tools to identify and prevent unauthorized access, permission errors, and data loss.
  • Eliminate the use of “shadow IT” services, particularly free or consumer-grade services by providing those capabilities to employees and making sure they know how to use them.

Restore & Recover

  • Ensure that you back up and can recover your data, regardless of location.  Your data is not just on your physical or virtual servers, it resides in your Microsoft 365 or G Suite environment, in SaaS applications like Salesforce, on desktops and laptops, and on mobile devices.
  • Put business continuity systems in place with affordable services that let you spin up and run images of your servers and workstations in a cloud data center while you recover your primary systems.
  • Have a breach response plan and service in place as an increasing number of attacks are stealing information, as effective data breach response involves:
    • Forensic analysis and recovery
    • Legal compliance with reporting requirements
    • Legal strategies to minimize liability
    • Increased customer service demand
    • Communications with customers, stakeholders, and the media
    • A potential need to provide consumer protection services
    • Cyber Insurance claims management

Fortunately for most businesses, putting these protections in place is affordable and can be done with minimal impact on your employees and their productivity.  Understand your needs, assess the value proposition (include the risks and costs of doing nothing), and deploy a solution that is the best fit for your business.

Please contact us for assistance as you evaluate your risks, needs, priorities, and solutions.

 

Drive-by Downloads

/in ,

This post is part of our Cyber Threat Series.

The Challenge:

Drive-by downloads are exploit kits that download invisibly from infected websites. These websites may be malicious sites built for malware distribution or trusted sites infected by hackers. Many of these attacks take advantage of weaknesses in popular software and tools, including video players, Java, and Adobe Reader.

Downloads may install and run other malware or may themselves be malicious. Many drive-by downloads install cryptoware, or ransomware, that encrypts files and holds them for ransom.

What to Do:

User education and web protection are the best protection from drive-by downloads. Cyber-aware users understand the risks and can avoid malicious links and sites. Web protection can prevent unexpected downloads and malicious behavior from reaching your systems and users.

DNS protection and secure DNS services provide additional protection by preventing impersonation, hijacking, and domain level attacks.

 

Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.

 

Brute Force Attacks: What are They and How to Protect Against Them

/in ,

What is a brute-force attack?

A brute-force attack is a method used by cybercriminals to crack passwords or encryption by trying all possible combinations of characters until the correct one is found. It involves using automated software that systematically tries different combinations of characters until the password or encryption key is discovered. Brute-force attacks can be successful if the password is weak or if the encryption key is short. They can also be time-consuming and resource-intensive for the attacker if the password or encryption key is long and complex. To prevent brute-force attacks, it’s important to use strong passwords, enable multi-factor authentication, and use encryption methods that are difficult to crack.

This post is part of our Cyber Threat Series.

The Challenge:

Hackers use Brute Force Attacks to target a single service exposed to the Internet, including Remote Desktop, Outlook Web Access, and email services. Brute Force Attacks gain access by trying every viable access method or password.

Hackers use these attacks to access your data or to install other malware within your systems. Patient hackers space out attempts; they are difficult to notice or detect. When hackers rush, the impact can be similar to a DDOS attack.

Hackers can launch Brute Force Attacks externally or from malware-infected systems on your network. Internal attacks often target specific systems and vulnerabilities, such as SQL Server and SQL Injection vulnerabilities.

How to prevent brute force attacks

Require robust passwords; they are your first protection from Brute Force Attacks. Put controls in place to enforce best-practice password structure and expiring passwords can thwart an attack.

Deploy Multi-Factor Authentication. MFA creates and additional level of protection since a compromised password is not sufficient for access.

To protect against internal attacks, ensure systems run current operating system versions. Keep all systems current with patches and updates.

Revisit the four pillars of cloud security, and make sure you fully understand the most important strategies for protecting from brute force attacks.

Deploy “Next Gen” protections to keep Brute Force Attack malware from making it onto your servers and clients:

  • Advanced threat protection (ATP) for email
  • Endpoint and mobile device protection
  • DNS security and protection
  • Web protection and filtering

FAQs

How common are brute force attacks?

Brute force attacks are one of the most common types of cyberattacks and are used by attackers to gain unauthorized access to user accounts, servers, or other systems. The frequency of brute force attacks depends on various factors, including the target system’s popularity, the type of authentication mechanism used, and the complexity of the password or encryption key. For example, systems that use weak passwords or no multi-factor authentication are more vulnerable to brute force attacks. According to a recent report by Akamai, brute force attacks accounted for more than 30% of all login attempts on web applications in 2020. As such, it is essential to implement robust data protection and security measures to prevent brute force attacks and protect sensitive data from unauthorized access.

What are the two types of brute force attacks

The two types of brute force attacks are:

  1. Online brute force attack: In this type of attack, the attacker tries to guess the password or encryption key by repeatedly attempting to log in or decrypt data using different combinations of characters. Online brute force attacks are typically carried out against web applications or online services and are often automated.
  2. Offline brute force attack: In this type of attack, the attacker obtains a copy of the encrypted data or password hashes and attempts to crack them offline by running automated software that tries different combinations of characters until the correct password or encryption key is found. Offline brute force attacks are more time-consuming than online attacks, but they can be more successful as the attacker has more time to try different combinations of characters.

What are the signs of a brute force attack?

Here are some signs that your system may be experiencing a brute force attack:

  1. Multiple failed login attempts: If you notice multiple failed login attempts from the same IP address, it could be a sign of a brute force attack. The attacker may be trying different combinations of usernames and passwords to gain access to your system.
  2. Unusual account activity: If you notice unusual activity on a user account, such as logins from different locations or at odd hours, it could be a sign of a successful brute force attack.
  3. Slow system performance: A brute force attack can cause a system to slow down or crash due to the high volume of login attempts.
  4. Unusual network traffic: A brute force attack can generate a large amount of network traffic, which can be detected by monitoring network activity.
  5. Brute force attack tools: If you find tools used for brute force attacks on your system, such as password cracking software or script files, it could be a sign that your system has already been compromised.

If you suspect that your system is being targeted by a brute force attack, it’s important to take action immediately to prevent further damage and protect your sensitive data.

Contact us to discuss cyber threat protection best practices, and ensure you are set up properly to avoid a brute force attack in the future. The Cloud Advisory session is complimentary and without obligation.