InfoSecBulletin Cybersecurity for mankind
The New Face of Digital Threats
In an increasingly digitized world, cybersecurity has become a paramount concern for businesses across the globe. As we transition from an era of physical boundaries to one characterized by virtual landscapes, the dangers of cyberattacks and data breaches have escalated exponentially. It’s a world where virtually every organization is intricately interconnected with its customers, partners, and employees, presenting unprecedented challenges and risks.
ALERT: SEKOIA REPORT
PlugX Malware Plagues Over 90k IP Addresses over 170 countries
Palo Alto network shared latest remediation of CVE-2024-3400
CISA Launches Ransomware Vulnerability Warning Pilot for Critical Infrastructure
WhatsApp warns India to exit, If…
Fake e-mail of Rajshahi Univ VC’ name-picture, sending messages
Bad actor threat to expose BSNL 2.9 million data
India’s ICICI Bank exposed thousands of credit cards to ‘wrong’ users
CISA Releases Eight Industrial Control Systems Advisories
Google fixed critical Chrome vulnerability CVE-2024-4058
Hackers backdoored Cisco ASA devices via two zero-days
With the advantages of a globally connected digital ecosystem come inherent complexities, leading to new cybersecurity threats. A significant transformation can be seen in how data security has shifted from traditional on-premises systems to an era dominated by the Internet of Things (IoT).
Traditionally, companies relied on a perimeter-based security approach, akin to securing a house with a boundary, locked gates, doors, and windows. Today, however, the digital landscape resembles a house without a roof or doors, where everything inside is exposed. In this Internet of Things era, where everything from your phone to your car is interconnected, each node becomes a potential entry point for cyber threats.
The Five Prime Threats in Today’s Cybersecurity Landscape
In this new era, we can identify five major cybersecurity threats:
1. Constant Criminal Attacks
One of the major threats comes from incessant criminal attacks such as phishing. Attackers conduct comprehensive research to gather information about an organization or individuals, crafting convincing emails that trick users into downloading malicious attachments, divulging passwords, or sharing sensitive data. Let’s have a closer look:
Phishing: This type of social engineering attack where attackers send emails that appear to be from a legitimate source, such as a bank or credit card company. The emails often contain malicious links or attachments that, when clicked or opened, can install malware on the victim’s computer.
In 2021, there were over 3.1 billion phishing emails sent every day. This means that, on average, every person on Earth receives one phishing email per week.
Spear phishing: This is a more targeted form of phishing designed to target a particular individual or organization. Spear phishing emails are often more sophisticated and may contain information that the victim would be more likely to believe, such as the victim’s name or the name of their company.
In 2020, the Colonial Pipeline was the victim of a spear phishing attack that resulted in a gasoline shortage in the southeastern United States. The attackers sent an email that appeared to be from a legitimate law firm, and the email contained a malicious attachment. When the attachment was opened, it installed malware on the victim’s computer, allowing the attackers to access the company’s systems.
Malware: This is software that is designed to harm a computer system. Malware can be installed on a computer in various ways, such as by clicking on a malicious link, opening a malicious attachment, or downloading a file from an untrusted source.
2. Physical Damage
Contrary to popular belief, physical damage to hardware, including power losses or natural disasters, poses a cybersecurity threat. Organizations may find themselves liable for data losses occurring due to these issues.
Power losses: Power losses can cause data corruption or loss if systems are not properly protected. For example, a power surge can damage hardware and corrupt data, while a power outage can cause systems to shut down unexpectedly, resulting in data loss.
In 2019, a power outage in New York City caused the Metropolitan Transportation Authority (MTA) to shut down all subway services. The outage lasted for several hours, and it caused significant disruptions to the city’s transportation system.
Natural disasters: Natural disasters such as floods, earthquakes, and fires can also damage hardware and data. For example, a flood can damage servers and storage devices, while a fire can destroy data centres.
In 2021, a fire in a data centre in Strasbourg, France, destroyed over 100,000 servers. The fire caused data loss for several companies, including the French government.
3. Malware, Viruses, and Ransomware Attacks
The digital world is rife with malware and viruses capable of damaging, destroying, or making critical data inaccessible. Ransomware, a prominent threat, locks users of their files until a ransom is paid.
Malware: Malware is a broad term that includes viruses, worms, trojans, and other types of malicious software. Malware can be used to steal data, disrupt operations, or even take control of a computer system.
In 2022, the Emotet botnet was responsible for over 70% of all malware infections. Emotet is a modular malware that can steal data, spread other malware, and even take control of computer systems.
Viruses: Viruses are malware that can spread from one computer to another. Viruses can be spread through email attachments, infected websites, or removable media such as USB drives.
2017 the WannaCry ransomware attack infected over 200,000 computers in over 150 countries. The attack caused billions of dollars in damage, highlighting businesses’ vulnerability to ransomware attacks.
Ransomware: Ransomware is malware that encrypts a victim’s data and demands a ransom payment to decrypt it. Ransomware attacks have become increasingly common in recent years and can devastate businesses.
4. Unsecured Third-party Systems
Often, organizations use third-party systems to manage various business functions. However, these systems can become weak data security links without sufficient security measures and periodic checks.
Third-party systems: Third-party systems are not owned or operated by the organization that uses them. These systems can pose a security risk if they are not properly secured. For example, if a third-party system is hacked, the attacker could gain access to the organization’s data.
In 2018, the Equifax data breach was caused by a vulnerability in a third-party credit reporting system. The breach exposed the personal information of over 143 million people, and it was one of the largest data breaches in history.
Insufficient security measures: Third-party systems may not have the same level of security as the organization’s own systems. This is because multiple organizations often use third-party systems, and it can be difficult to implement the same level of security across all of them.
In 2020, the SolarWinds hack was caused by a vulnerability in a third-party software update. The hack allowed the attackers to gain access to the systems of several government agencies and Fortune 500 companies.
Periodic checks: Third-party systems should be regularly checked for security vulnerabilities. This can help to identify and mitigate risks before attackers exploit them.
5. Misconfiguration
Surprisingly, even expert cloud engineers can misconfigure systems, posing significant cybersecurity risks.
Cloud engineers: Cloud engineers are responsible for configuring cloud-based systems. If they make a mistake during configuration, it can create a security vulnerability. For example, unauthorized users could access sensitive data if an engineer does not properly configure access controls.
In 2019, a misconfiguration in Amazon Web Services (AWS) allowed unauthorized users to access sensitive data for several days. The misconfiguration was caused by a mistake made by an AWS engineer, and it highlighted the importance of proper configuration of cloud-based systems.
Most considerable threat: According to a 2018 Cybersecurity Insiders and Crowd Research Partners survey, misconfiguration was the most notable threat to cloud security. This is because misconfigurations are often challenging to detect and can be easily exploited by attackers.
According to a 2018 Cybersecurity Insiders and Crowd Research Partners survey, misconfiguration was the most considerable threat to cloud security. This is because misconfigurations are often difficult to detect and can be easily exploited by attackers.
Summary
Given these threats, organizations must adopt a ‘least privilege, zero trust’ model where access is strictly limited and verified. With the rapid pace of technological advancement, investing in the right expertise to devise, implement, and maintain data security plans is essential.
In this challenging scenario, traditional perimeter security is no longer adequate. Organizations must leverage the power of cloud technology to strengthen data security against more sophisticated threats. Collaboration with cloud providers is critical to navigating these complex issues and ensuring the safety of an organization’s digital assets. The broader technological ecosystem continues to evolve, bringing with it new threats. Businesses must be prepared to meet these challenges head-on.
Writer: Enamul Haque, Author, Researcher & Data Whisperer
