It’s no coincidence that National Cybersecurity Awareness Month falls in the same month as our scariest national holiday. Chucky, Pennywise, Freddy Krueger and other ghoulish creatures, can be seen out and about on Halloween night. But, while we celebrate Halloween with these fictional characters from our nightmares, perhaps the most frightening things are real and lurk beneath the surface – Dark Web, Cybercrimes, and Ransomware.
The Dark Web: Below the Surface of the Internet
There’s no doubt you have heard talk of the “dark web” as a hotbed of criminal activity — and it is. Many wonder if merely entering the dark web could be considered a criminal offense. The answer is a resounding no, it is legal to surf the dark web. However, it’s important to use caution when visiting sites or clicking links as the dark web is rife with sites offering hit men, firearms, forged papers, and worse.
Accessing the dark web requires the use of an anonymizing browser called Tor (The Onion Router) or I2P (Invisible Internet Protocol), which utilizes masked IP addresses in order to keep users and site owners anonymous. Tor is downloadable software and works by building encrypted connections on servers around the world, creating multiple layers of encryption creating an “onion effect,” hence its name.
Dark websites look pretty much like any other site, but there are important differences. Many dark websites are set up by scammers, who constantly move around to avoid the wrath of their victims. Even commerce sites that may have existed for a year or more can suddenly disappear if the owners decide to cash in and flee with the escrow money they’re holding on behalf of customers. If you find your own information on the dark web, there’s precious little you can do about it, but at least you’ll know you’ve been compromised.
Cybercrimes: A Modern Day Horror Story
On the morning of October 31, 2018, the senior management of the company John Doe Inc., received calls from several branches that employees are unable to access emails or files. Management initially thought it was a glitch that would be cleared up quickly, unfortunately, all was not as it appeared (Cyber-attack).
Over the next few hours, branches were reporting that all computer systems, access to emails and documents have been revoked, and phones lines were down (DOS). It became apparent that the company was hit with a catastrophic cyber-attack (Malware) as all computers across the company displayed a ransom demand of $400 in Bitcoin per branch (Cryptocurrency), or else their data will be destroyed (Ransomware).
At first, the company decided not to pay the ransom but instead activate their backup, however, it appeared that their backup system was also infected with the same malware (Data recovery). After several hours of total shutdown, the company finally decided to pay, but only minutes after all of the company information was wiped out (Wiper).
Later that evening, large clients of John Doe Inc. report the same issues with their computer network (Worm\Virus). It was a matter of time until the attack hit the headlines, and caused chaos among clients and regulators (Reputation & Compliance).
After nearly two weeks without complete access to system’s data, the damage was even greater than expected, as confidential data of the company and its clients were being auctioned off to the highest bidder (Data Breach + Spyware) on several online marketplaces (Darkweb). It is yet unknown if John Doe Inc. will ever recover from this cyber-attack.
This horror story is the reality of many companies, organizations, and individuals, that wake up one day to discover that a cyber-attack has destroyed their business or even their life. As a CEO of a company (CybintSolutions.com), this is my biggest nightmare, because I know that nobody is immune from it, not even a cybersecurity company.
While computers have made our lives much simpler, they have also brought on an enormous risk of cybercrimes that can dramatically damage our lives. The motives behind cybercrimes cover a wide spectrum, spreading from desire for financial profit to commercial espionage and advancing a political agenda. Cybercrime can affect an individual or groups of people, depending on the target of the attack and motives of the attacker. As long as we are a digital society, we will have cybercrime.
Ransomware: Know Your Enemy
The first step to deal with this new array of threats is to Know Your Enemy, i.e. to know the different types of cyber-attacks and malware, understand how they work and how we can protect ourselves, our businesses and our clients.
Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files until a ransom is paid. Modern ransomware families are collectively categorized as crypto-ransomware. They encrypt certain file types on infected systems and force users to pay the ransom online to get the decryption key. Ransomware can be downloaded when unsuspecting users visit malicious or compromised websites. Ransomware can also arrive as a payload either dropped or downloaded by other malware. Some Ransomwares are known to be delivered as attachments from spammed email, downloaded from malicious pages, or dropped by exploit kits into vulnerable systems. The rise of Bitcoins contributed greatly to the increasing popularity of ransomware among hackers.
One of the worst Ransomware attacks in history occurred in 2017 when the WannaCry outbreak occurred and affected hundreds of thousands of computers worldwide in a matter of hours. Subsequent investigations of the ransomware led researchers to link WannaCry to the Lazarus attack group, which was previously behind attacks on the Bangladesh Central Bank and Sony Pictures.
You Are the Weakest Link
The cybersecurity of any organization is only as strong as its weakest link. The most serious vulnerabilities of a system are not necessarily found within hardware or software, but rather with the people who use it. It is estimated that 95% of cybersecurity breaches are due to human error. More than half of all security attacks are caused by individuals who had insider access to an organization’s IT systems. An attacker always goes after the low hanging fruit first. The first obstacle for an attacker is perimeter security. Breaking the perimeter is much harder today than it used to be. It is easier to exploit vulnerabilities of end users and to gain access to a private network from the inside. For example, if a file can be uploaded directly to a computer inside an organization, then it can effectively bypass all of the existing protection software without detection.
It is our responsibility to assess the gaps in our organization’s cyber knowledge and provide the training and skills to necessary to narrow the gap and minimize risk. In addition to cybersecurity awareness training, another important human aspect of cybersecurity is – plan ahead. You should have a cyber-game-plan for prevention, detection and recovery from cyber-attack. You need to know exactly what are you going to do in each step, who needs to be involved and what tools and resources you will need. It’s also important to practice and simulate cyber-attacks as you practice other emergency drills like fire or earthquake because the damage might be even bigger than any other catastrophic events.
If you need assistance in the assessment, training and planning of your cybersecurity and cyber intelligence readiness, we are here for you.
Roy Zur, CEO of Cybint Solutions