The threat of data breaches has been keeping many companies up at night. No executive wants to be the one who didn't do enough or worse, the one who did nothing to protect the companies and the public's data. Here are 5 steps to consider when preparing for the inevitable.
1. Hire experts. Do not mistake a professional who knows their way around a router or a firewall as someone equally adept at protecting the information behind them. Bring in professionals who can push your systems to their limits and find their weaknesses, just like a hacker would.
2. Understand the expectation of reasonableness. Check-boxes and compliance regimes are not enough in this new landscape of data breaches. Focus on security as a journey, not a destination. Maintaining a current incident response plan that is regularly reviewed, tested and updated is a great start.
3. Train your staff. Cybersecurity is a people problem, specifically, an employer problem. It should be recognized as everyone's responsibility. Train all your staff, regardless of their level within the organization, to be vigilant and report anything they find as suspicious. Be prepared to listen to what they may find. Positively reinforce and reward those who demonstrate they "live" cybersecurity in all they do.
4. Admit there is a cybersecurity problem. Invest to identify and fix issues. Not all attacks are about profiting from your data. Social conscious hacking can be far more damaging to your business operations and reputation than data theft.
5. Learn from your mistakes. Attacks are going to evolve. Do not limit your compliance/security team. Take a holistic view of cybersecurity and make sure you have the right people doing the job for you right now.
Data source: Legaltechnews.com "Cybersecurity and 8steps to Preparing for the Inevitable"
Far too often companies see cyber security just as an expense, it does not generate any profits and companies will only do the bare minimum regarding this type of security. They will put up fences and install security alarms on their properties and hire security guards, but they often leave the online door unlocked or easily opened. With the rash of online security breaches in recent history, it is evident that cyber crime is on the rise with no indication of being curtailed by the extensive efforts law enforcement. This means that companies need to invest more in their online security as well as educate their staff on social engineering attacks. These attacks come with a high cost to the companies and affect the citizens that deal with these companies. Now just imagine that it was your Financial institution that was compromised and your life savings at risk. Obviously there need to be regulations and standards in place to ensure the security of Financial institutions.
Fortunately, the Federal Financial Institutions Examination Council’s (FFIEC) is in place to ensure financial institutions protect your money and that they do not take short cuts in security. The Federal Financial Institutions Examination Council’s (FFIEC) has been established to develop standards and reporting requirements for Financial Institutions by the Federal Reserve. The purpose of this institution is to provide guidance to determine the quality and effectiveness of the financial institution’s IT risk Management. It provides information and standards in many categories of risk assessment and management. These regulations and standards are regularly updated to stay current with the constant changes in cyber crime and the FFIEC conducts audits to enforce compliance.
The standards set forth by the FFIEC are to provide guidance in Auditing, Business Continuity Planning, Development and Acquisition, E-Banking, Information Security, Management, Operations, Outsourcing Technology Services, Retail Payment Systems, Supervision of Technology Service Providers, and Wholesale Payment Systems.
The assessment risk Profiles include:
Technologies and connection types such as number of ISP connections and Wireless network access
Delivery channels such as online and mobile presence
Online/Mobile Products and Tech Services such as Person to Person payments and debit/credit cards
Organizational Characteristics as in changes in IT and security Staffing, mergers and acquisitions
External threats from cyber attacks.
The risk profiles need to be monitored with every change in the organization to maintain proper levels of Cyber Security. Even small changes can have an impact on the financial institution’s security. To provide guidance as to how to deal with these changes, the FFIEC has an examination handbook which contains IT booklets and work programs. This handbook can be found online here FFIEC IT Examination Handbook.
What does seem to be missing from the Handbook is training on social engineering attacks. Currently Training materials for most users focus on issues such as end-point security, log-in requirements, and password administration guidelines. Training programs should include scenarios capturing areas of significant and growing concern, such as phishing and social engineering attempts, loss of data through e-mail or removable media, or unintentional posting of confidential or proprietary information on social media. As the risk environment changes, so should the training. The institution should collect signed acknowledgments of the employee acceptable use policy as part of the annual training program.
There is a growing trend that data breaches are due to attacks on the weakest link in the security chain, the human. As recently as June 2019 there was a massive data breach at Desjardins in Canada which affected around 2.7 million people and 173,000 businesses, more than 40 per cent of the co-operative's clients and members. This breach was due to an employee collecting information on members of the institution and leaking it to a third party. Often this type of information ends up on the darknet for sale to persons who will use it for nefarious purposes such as Identity theft. Social engineering attacks are responsible for many other data breaches which can be found with a simple google search.
It is important to note that the FFIEC does not currently regulate cryptocurrency. Crypto currency in its current state is the wild west of international finance. It is used for numerous illegal activities and has been subject to high profile thefts from Crypto exchanges. It is imperative that this form of Finance become government regulated as soon as possible to avoid destabilizing the current financial institutions and adversely affect the economy.
The FFIEC is doing a good job in a difficult situation. Cyber crime is on the rise and all companies and people are at risk. With their standards and regulations, the risk is decreased, and Financial institutions have robust security in place to deal with these risks. However further and ongoing education of staff is required to deal with the social engineering element.
There is a new form of Linux based cryptojacking malware that targets both Windows and Mac operating systems. The Bird Miner is being distributed via pirated copies of Virtual Studio Technologies software and has been going on since August 2018. Users download the various VST audio editing software using Torrents and a VST Crack download site from the internet. People using this software would usually have computers with good processing power which is required for crypto mining. It is not coincidence that the malware is attached to this software. Users will not be surprised at the high CPU usage that the audio software incurs, thus hiding. the cryptojacking malware.
Once this malware is installed it created more files on the infected machine and launches a virtual machine in the background to run the crypto mining program. The Malware was first seen in a pirated version of Ableton Live 10 installer which is used for high-end music production. Since the first discovery, this malware has been found in other installers distributed through the same site as well.
What is crypto jacking?
Cryptojacking is the unauthorized use of a computer, tablet, mobile phone, or connected home device to mine for cryptocurrency.
For those not familiar with this fairly new terminology, a cryptocurrency is a form of digital currency that can be used in exchange for goods, services, and even real money. Users can “mine” it on their computer by using special programs to solve complex, encrypted math equations in order to gain a piece of the currency.
Why crypto jacking is growing
Cryptocurrencies gain value based in part on the principle of supply and demand and the difficulty of obtaining them. For example, there are only a finite number of Bitcoins that have not been completely mined. There are other variables such as how easy the currency is to use, the energy and equipment put into mining it, and more.
For these reasons and others, cryptocurrency has fluctuated in value in the past several years. In 2010, a Bitcoin was set at less than 1 cent. Before the end of 2017, the value soared to almost US$20,000 a Bitcoin. As of June 2018, some cryptocurrencies equal as much as US$6,750.83 per unit.
According to Symantec’s Internet Security Threat Report, crypto jacking also skyrocketed in 2017.
In a sense, crypto jacking is a way for cybercriminals to make free money with minimal effort. Cybercriminals can simply hijack someone else’s machine with just a few lines of code. This leaves the victim bearing the cost of the computations and electricity that are necessary to mine cryptocurrency. The criminals get away with the tokens.
Toward the end of 2017, when the value of cryptocurrency was at its peak, there were about 8 million coin-mining events blocked by Symantec in December alone. Because crypto jacking can yield lucrative results, coin-mining activity increased by 34,000 percent over the course of the year.
How crypto jacking works
Coin mining on your own can be a long, costly endeavor. Elevated electricity bills and expensive computer equipment are major investments and key challenges to coin mining. The more devices you have working for you, the faster you can “mine” coins. Because of the time and resources that go into coin mining, crypto jacking is attractive to cybercriminals.
There are a few ways crypto jacking can occur. One of the more popular ways is to use malicious emails that can install the crypto mining code on a computer. This is done through phishing tactics. The victim receives a seemingly harmless email with a link or an attachment. Upon clicking on the link or downloading the attachment, it runs a code that downloads the crypto mining script on the computer. The script then works in the background without the victim’s knowledge.
Another is known as a web browser miner. In this method, hackers inject a crypto mining script on a website or in an ad that is placed on multiple websites. When the victim visits the infected website, or if the malicious ad pops up in the victim’s browser, the script automatically executes. In this method, no code is stored on the victim’s computer.
In both these instances, the code solves complex mathematical problems and sends the results to the hacker’s server while the victim is completely unaware.
Cryptojacking in action
Cryptojacking malware can be found across multiple platforms and devices, including Macs®, since these attacks can be executed in a browser. The second most common Mac malware strain is a stealthy cryptocurrency mining application.
In September 2017, a user on Twitter pointed out that a few of Showtime’s online streaming websites had a script running in the background that was used to mine cryptocurrency. In February 2018, a researcher found the malicious crypto jacking code on the Los Angeles Times website.
How to detect crypto jacking
As with any other malware infection, there are some signs you may be able to notice on your own.
Symptoms of crypto jacking
High processor usage on your device
Sluggish or unusually slow response times
Overheating of your device
How to prevent crypto jacking
A strong internet security software suite such as Norton Security™ can help block crypto jacking threats.
In addition to using security software and educating yourself on crypto jacking, you can also install ad-blocking or anti-crypto mining extensions on web browsers for an extra layer of protection. As always, be sure to remain wary of phishing emails, unknown attachments, and dubious links.
Cryptojacking is the new ransomware
Conversely, crypto jacking incidents appear to be growing.
According to Kevin Haley, director of Symantec Security Response, “Stealing has moved from using a gun to using a computer. And as long as cryptocurrencies have value, criminals will use computers to steal it. What crypto jacking shows is that someone doesn’t even need to own cryptocurrency to be a victim.”
The US army has released video supporting its claims that Iran is responsible for assaults on tankers within the Gulf of Oman this week.
The new footage shows the images in color and with a sharper focal point an incident which had prior to now been introduced in a grainy black and white video. This image is of a patrol boat with black-uniformed sailors along one of the crucial tankers.
A commentary accompanying the video released on Monday mentioned the incident was filmed from a US helicopter and came about after blasts had hobbled the 2 ships on June 13th. The sailors of the M/V Kokuka Courageous had noticed an unexploded mine at the hull and abandoned ship.
Almost a thousand U.S. troops and assets consisting of intelligence aircraft, engineers and fighter pilots are heading to the Middle East as tensions rise. Altogether, the US Defense Department will have about 1,500 troops along with a Patriot missile defense battalion that was deployed to the region earlier this month.
On June 12, 2019 Telegram Messenger App reported on Twitter that they were encountering a DDoS attack against their Server. The denial of service attack effectively shutdown the secure digital messaging app Telegram which citizens were using to communicate during the protests.
These protests which expanded over the past week were against a bill allowing extraditions to mainland China spawned a coordinated effort by demonstrators to leave no trace for authorities and their enhanced tracking systems.
According to the outspoken chief executive Pavel Durov. “IP addresses coming mostly from China,” are suspect for these attacks “Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram). This case was not an exception.”
It's not the first time Telegram has been hit with a suspected DDoS attack originating from China. In 2015, the company experienced an attack just as China was set to crack down on human rights lawyers who were using the service.
Author
Henry B. Hill
Cyber Security news Blogging and content writing for hire.