The Danger to Computer Systems

The Gartner Board of Directors Survey indicates that cybersecurity threats are the second-highest source of risk for firms after regulatory compliance. In addition, Gartner expects a dramatic increase in Boards of Directors having a dedicated cybersecurity committee in the near future.

Destiny Corporation uses the latest technology and techniques to provide protection to clients’ information systems. The Destiny Four-Step Threat Solution plan describes areas of concern and recommended response.

While there are many approaches to increase security, password protection is an excellent starting point – a vulnerable area that can be made safe with minimal cost. Note that weak or inadequate passwords are responsible for 50% of cyber attacks according to a recent study by Gartner.

hsbb
swep

The Problem of Inadequate Passwords

Hackers keep ‘dictionary lists’ of common passwords and benefit from the fact that many people use the same password for multiple logins.

Most businesses do not know how employees use and maintain passwords which greatly increases cyber risk.

The Result of Inadequate Passwords  

Here is alarming evidence from a leading password solution firm.

  • 81% of breaches are due to weak password security
  • 67% of security personnel indicated that remote employees use of personal devices to access work systems has harmed the organizations’ overall security
  • 47% of security personnel indicated concern about the lack of physical security in remote work areas

The Solution to Inadequate Passwords  

Creation of a strong, random password that is automatically filled in is the ideal solution to save time and effort as well as protect systems.

The best password management creates strong, unique passwords that are encrypted and stored on each user device.

The safest service providers uses a model of encryption AND data separation to protect against a remote data breach. They have no way to access the stored passwords or encryption keys and hence no data of value can be stolen from them.

A superior password solution includes analysis of how effectively people are relying on strong compared to weak passwords so they can improve their use.

Ransomware

There are different forms of ransomware attacks with variations in damage capability. The average cost to an organization that is victimized by ransomware exceeds $1 million. The average down time is 9.6 days.

In addition, the CEO is often fired while the brand value declines. Although insurance may cover the loss, premiums will rise significantly.

Two harmful ransomware examples are described below.

Case Studies

In March, 2018 a ransomware virus attacked Atlanta government computer systems by guessing weak passwords. Two months earlier, an audit found over 1500 vulnerabilities in the city’s systems. In June, 2018 about one third of the Atlanta software systems were offline or disabled, and many files were permanently deleted.

Contractors were allocated $2.7 million to recover, but later estimated the total cost at $9.5 million. More details are available at the following link.

https://bit.ly/2LS8QSq

In 2019, a credit monitoring firm found that 37,000 people had data compromised after a legitimate password was used to break into their systems. The access had occurred about a month earlier. The firm stated it was not a breach, but clearly this indicates poor systems design. For more information click the link below.

https://bit.ly/3bcR4lo

The major types of ransomware are listed below.

Crypto malware. This encrypts files, folders, and hard drives and it has spread within global corporate networks.

Lockers. Devices cannot be accessed because users are locked out. It is often based in Android.

Scareware. Scareware acts like an antivirus or “cleaning” instrument. The explanation usually indicates that there are problems with the computer and requesting money to fix the trouble. It may lock the computer or place alerts or pop-up messages on the screen.

Doxware. Alternate names are leakware or extortionware. It contains a threat to publish stolen information online if ransom is not paid.

RaaS. This malware is also known as “Ransomware as a service”. It is hosted anonymously and includes malware distribution, payment collection, and decryptor management. Operators get a portion of the ransom to support the nefarious business.

Mobile ransomware. A malicious application indicates a device lock due to illegal activity.

WhiteRose. A recent type of distinctive ransomware attacks with unusual ransom notes. Its payload may be delivered through unsecured Remote Desktop services, though the exact method has not been determined.

Whiteware. A virus enters your systems and deletes every file.

cahbc
dfsts
FIND the THREATS

Logs track the activity of the computer but can be altered by hackers to say anything and can be difficult to locate evidence then. If logs were the only tool that required investigation the ransomware could be detected with its examination.

Flows are the more likely place to see evidence of the problems – conversation between computers – and they cannot be easily modified and totally avoid detection. The router or switch monitors this dialog and a File Hash can be found.

In government systems, Forensics can be used, since the person’s actions are recorded and can be played back to show what the person did exactly.

User Behavior Analytics is the combination of Logs and Flows, and how the two relate to each other, and it varies from one user to another. As a result, a deviation from normal behavior for a specific person can be noticed by the software.

Half of the threats identified are caused by internal users as opposed to external threats from outside the organization.

CONFIRM the THREATS

Did an assumed adverse action occur?  Known threats are often Googled by investigators but only 20% are listed — so additional confirmation approaches are needed. A threat intelligence organization can provide details on these menaces or AI can be used instead.

Confirmation may take an expert 6 to 8 hours of investigation, or it can be done in about five minutes with AI.

False positives are mislabeled security alerts and the threat is indicated when there is none. They may be caused by software bugs, software that is written badly, or even unrecognized network traffic.

The majority of security staff are used to ignoring false positives, but this can cause them to miss actual threats.  This occurred in the Target data breach. Nevertheless, investigation of false alerts is often a large waste of time.

Regular testing of security software is the way to minimize prior known threats in addition to current unknown cybersecurity risks. In addition, whitelisting (or default-deny of unauthorized software) has proven effective – even on morphing software that changes itself. 

FIX the THREATS

The worst situation is Zero Day Attacks because they are a complete unknown – no data has been collected on them this early. But if, for example, brand new servers are brought online with the addition of malware then organizations rely on expert teams that can quickly block the malware to protect systems.

Awareness and automation together is how protection is maintained. And awareness can only occur with experience.

Isolation of the bad machine is often the critical first step that can be done if the threats were found and confirmed. The next step is to remove the ransomware and perhaps reformat the disk.

Machine learning can distinguish between suspicious transactions – that differ from normal activity – and acceptable ones. It can analyze large amounts of data more efficiently and react more quickly.

FEDERATE the ENVIRONMENT

Finally, consider the industry of the organization, and have queries run that typify the current threats to that type of firm to see if the result shows a specific type of malware. This is utilization of security intelligence and the most proactive investigation.

If a variety of known components are examined by security analytics (Intrusion Prevention System, firewall, IDs) then ongoing system examination can find discrepancies very quickly.

The key to this step is that the data being queried does not have to be moved.  This streamlines the analytics process.

Destiny Cybersecurity Threat Assessment

Contact us for more information.

WANT TO LEARN MORE ABOUT OUR CYBERSECURITY ASSESSMENT?

CONTACT US NOW and let's work together

Contact Us !