Ransomware: The King of Ransom

The concept of taking sensitive data hostage is quite old. The original ransomware – dubbed the AIDS trojan – cropped up in 1989, as its creator distributed a floppy disk at the World AIDS convention. Claiming to include information on the titular virus, the disk instead contained a payload that would first count the number of boot cycles, then – upon the number hitting 90 – proceeded to encrypt system files with a simple encryption method. To have their files decrypted, victims were told to send to an address in Panama. Thankfully, the encryption was fairly simple, and decryption programs were soon commercially available. 

Ransomware attacks did not hit their stride until well into the 2000s. This was partially due to a lack of suitably anonymous payment. By the time Bitcoin hit the scene in 2010, encryption technology had advanced to an almost irreversible state. Military-grade encryption is now easily available for the aspiring criminal, and the rapid adoption of cryptocurrency perfectly set the stage for major ransom attacks. 

Individuals and businesses the world over were totally unprepared for the explosion of CryptoLocker in 2013. This brand-new breed of ransomware made use of cryptography key pairs, generated from a command-and-control server, making sure victims had no way out unless they sent the ransom of $300. 

The Rise of Encryption-Free Ransom

Ransomware’s sheer profitability predicted its meteoric rise in popularity. A key component to the ransom process is removing the target’s control over their data via encryption. Increasingly, however, cybercriminals have achieved this through remote data theft. Part of the success of this technique relies upon the spiraling cost of data breaches: the average cost of which has already increased by 2.6% this year, from $4.24 million in 2021 to $4.35 million now.

The number of ransom attacks that are veering away from encryption shows that cybercriminals are rapidly exploring an easier, less demanding form of ransom. By exfiltrating unencrypted data, and threatening to leak it publicly, the legibility of the data means a company must make the choice between paying the ransom and letting their customers’ data be publicly leaked and sold to other criminals.

Karakurt is a new extortion gang that relies purely on these unencrypted ransoms. With victims’ losses as high as $13 million, the group attacks indiscriminately. Karakurt attackers will steal sensitive data including security numbers, email addresses, company blueprints, and more. Once they’ve stolen this data, they reach out to victims’ employees, business partners and clients, demanding the ransom to be paid. The threat of a data breach hanging heavy, many organizations cave to the incessant harassment and pressure to pay up.

Ransom Distributed Denial of Service (RDDoS) attacks heighten the stakes even further: the business is not offered a choice between paying the ransom or suffering a data breach. Instead, the business must pay extortionate fees to simply remain online. RDDoS groups extort victims via large scale DDoS attacks that are even easier to pull off than data exfiltration attacks. Requiring absolutely no access to company systems, and with operational botnets plentiful on underground marketplaces, it is now easier than ever to commit high-profit extortion attacks on unsuspecting victims. Consider the fact that DDoS attacks cost US businesses an average of $218,000 per attack: any ransom priced below this presents a genuinely tempting option. 

Attackers may launch DDoS attacks first, then send a ransom note later – lazy criminals may opt for a note first. It is never wise to assume the latter is telling the truth, as opportunistic scammers are more than happy to profit off the technical capabilities of real cybercriminals. 

The RDDoS Hit List Grows

RDDoS attacks hit the scene in 2020, and rapidly made waves. The New Zealand stock exchange battled multiple instances as their network service provider was struck from overseas. This greatly impacted NZX connectivity, causing a complete halt in the cash trading markets by mid-afternoon. 

A second attack proceeded to bring down the NZX’s website, their announcement platform, the NZX debt and Fonterra shareholders’ markets. For this time, many organizations and individuals were unable to participate in the market. Connection was restored four hours later, once the attack had ended and connection was finally re-established.

An active DDoS attack can be incredibly alarming to both customers and organizations alike. Whilst it’s unclear whether the NZX decided to pay up for the ransom or mitigate the attackers’ attempts, a growing number of cybercrime gangs are simply opting for the easy way out. This perfectly describes the so-called Armada Collective. This group follows a very recognizable set of steps.

First, they find a company – any will do, though the bigger and more public-focused, the better. They then reach out to any email address available, with a highly alarming message.

Introducing themselves as the Armada Collective, the email explains how the victim’s network will be DDoS-ed, starting at a specified date in the very near future – unless the company pays a fee of 10 Bitcoin. 

The gang then proceed to detail how – if the 10 BTC is not paid by the set date – a DDoS campaign will begin, and the fee to make it stop will rise to 20 BTC, then continue to rise by another 10 BTC for every day that the attack continues. 

The gang signs off by telling their victims not to respond: simply that they will know when they have been paid. The email details the Bitcoin wallet address, and reassures the reader that the payment is totally anonymous. This is correct – and also shows the holes in the attackers’ gameplan. As the payment is anonymous, it is, in fact, impossible to tell who has paid the extortion fee. This is supported by the fact that Armada Collective has actually never followed through with their DDoS threats – regardless of whether the fee is paid or not.  Despite the group’s lack of true damage, an analysis of their listed Bitcoin wallet address revealed a shocking number of victims. Many victims have paid the ransom fee out of fear.

How to Protect Yourself From RDDoS

DDoS threats are originating from increasing numbers of cyber gangs. Fancy Bear, Cozy Bear and Lazarus Group are all organizations of concern, and the only way to nullify their power over your organization is a solid form of DDoS mitigation. 

DDoS mitigation defends against volume attacks on your servers and networks. Automatically detecting traffic from malicious IP addresses, the fraudulent connections are diverted away from your server before the site request has initiated. This way, your server is not crushed under the weight of a million-strong botnet, and legitimate customers are still allowed access to your page. Pull the rug from under profit-seeking criminal gangs, and keep your brand online with a comprehensive DDoS defense.

Also Read: PCB Benefits To Integrating Into Your Manufacturing Business

The post ID11 Cyber Threat Actors Branch Out to New Forms of Extortion appeared first on Trends Tech Blog.

Computer Threats Are Constantly Evolving

More and more legal regulations and laws seek to protect organizations, and it is essential that we define a security governance strategy, manage risks well, and comply with legal regulations. The success of the world of digital information depends mainly on trust. The trust of our clients, our partners, etc. But how can we create, maintain, and even increase that trust over time? The objective is to increase confidence in the use of technology by companies and people.

Real challenges we face:

• Lack of commitment from leaders
• Lack of clearly defined policies and standards
• Unconscious practices at the public and private level
• Lack of definition of security architectures
• Increase in fraud and computer crime.
• Collection and unauthorized use of user information.
• Lack of awareness and dissemination among users.

Cybersecurity and Privacy Risks:

• Multi-million dollar losses
• Loss of user trust
• Increased legal liability
• Loss of user information
• Loss of own information
• Loss of income
• Loss of image/loss of reputation
• Legal or regulatory non-compliance

We must all work together to avoid those losses that make individuals mistrust technology. We must seek solutions that build user trust, improve economic opportunities, increase operational efficiency, reduce fraud and theft, and ensure compliance with legal requirements.

How Do We Solve The Cybersecurity Problem

100% cybersecurity does not exist; we have to reduce the level of risk to the maximum, which allows us to continue working in our business and complying with legal requirements. Surveillance is key; organizations have to take proactive actions to protect their assets and information resources. There is no single answer to cybersecurity, nor is there a 100% foolproof solution, but there are some common sense things we should do:

• Working together, governments and the business world
• Design and implement cybersecurity plans

Cybersecurity Program

The first thing we have to do is carry out a cybersecurity program, which will depend on our business profile. To do this, we must define cybersecurity policies and standards and information technology infrastructures and cybersecurity governance and leadership organization.

We must be aware that people are the most significant risk to cybersecurity in companies. Perhaps many times, without being fully aware of it, they violate the cybersecurity of our company due to human error or lack of preparation or adequate training. The best technology will get us nowhere if we don’t start by knowing the main threats to our business.

The life cycle of comprehensive cybersecurity management is a continuous process. The phases would be evaluation, planning, design and implementation, training/awareness and cybersecurity services. But when we get to this last phase, we have to re-evaluate since it is very likely that something has changed in your infrastructure, in your business objective, in threats, in your environment. We must re-evaluate to see if we have to start the whole process again.

1. Security And Privacy Assessment: Identify new methods that allow us to improve and grow corporate achievements while mitigating the risks that may affect our organization:

• Global security and privacy assessment.
• Vulnerability assessment: “scanning”, penetration tests and ethical hacking.
• Safety evaluation of technological systems.
• Network risk management (assurance assessment).
• Estimate based on recognized standards: for example, ISO 27001.

2. Security And Privacy Planning: We must plan the measures and actions to be taken based on the recommendations obtained through the evaluation previously carried out:

• Service strategy
• Cybersecurity Policies and Procedures
• The architecture of technological systems and community infrastructures
• Cybersecurity Program Design
• Risk management and assurance planning
• Business continuity planning

3. Design And Implementation Of Security And Privacy: We must design and implement solutions that generate and increase the degree of trust necessary so that it is projected into the success of the business to:

• Improve the degree of availability of the systems.
• Improve response time and coordination in the face of security incidents, including viruses, malware, ransomware, targeted attacks, etc.
• Reduce the impact of fraud and/or theft.
• Increase the confidence of our clients.
• Reduce costs and facilitate compliance with legal regulations and regulations.
• Improve corporate profits.
• Maintenance of “brand image”.

4. Training And Awareness Plans: It is necessary to invest in cybersecurity education and personal privacy as the first line of defence, facilitating it through various means such as webinars, instructors, distance study, etc.

• Seminars for Management
• Disclosure for users
• Introductory courses
• Mentalization courses
• Technical training or training
• Awareness of legal compliance and ethical behavior

5. Ongoing Cybersecurity And Privacy Services: Launch of specialized services that facilitate compliance with the specific cybersecurity and privacy needs of our business:

• Surveillance and continuous monitoring (SOC) services
• Cybersecurity Government Services
• Permanent consulting
• Ongoing improvement services of processes
• Technology Incident Response Services (SIRT)
• Consultancy specialized in each sector of the industry
• Security tools expertise
• Experience in the use of technology

• Additional resources: 

  • • MirrorWeb – maintaining and preserving your digital footprint
    •  Solutions to work in secure cloud environments
    • 5 cybersecurity myths that need to go
  • o

Also Read: What Are The Most Effective SEO Methods For A Website

The post Improve The Cybersecurity Of Your Company appeared first on Trends Tech Blog.

So much so that, recently, the press reported a cyber attack on a cannabis club. It would be a bit of a laugh if it weren’t for the fact that you soon fall into the criticality of the data stored by that type of association. And it is that all organizations, whatever they do, have stored data likely to attract hackers, specialists, extorting money and extorting money in multiple ways.

The Importance Of Deploying A Cybersecurity Layer In Its Projects

The pandemic has forced most companies to reset themselves to have the most negligible impact on their business. Establishing the technological infrastructure necessary for teleworking has taken most of their efforts. To this is added, a review of the processes to adapt them to the new reality and reduce costs as much as possible.

The consequence of this is that a vital aspect in recent years, such as cybersecurity, has been somewhat neglected, especially in sectors such as health and education, which are the ones that have focused the most on solving their deficiencies to face the new demands. Precisely these two areas, together with the traditional financial one, are the ones that have suffered a more significant number of cyberattacks.

The Risks Of Teleworking For Business Security

Teleworking opens up numerous vulnerabilities if your technological deployment is not well done. The rush has led to misconfigurations that are a drain for cyberattacks. The WAN networks, using environments multi-cloud, using very different mobile devices using Wi-Fi mainly, the proliferation of VPN networks, are inherent to work in remote and modernization of enterprise IT infrastructure. These circumstances, along with the deployment of IoT data, are expanding the corporate perimeter almost limitlessly. A traditional perimeter protection approach is now outdated and risky.

Double Extortion Ransomware, Leading Top Cyberthreats For 2021

The cyberattack trends in 2021 drink from what has happened in 2020 and are its continuation only to grow in quantity and diversity of objectives. Among these, the double extortion Ransomware stands out. This attack begins with the theft of information before encrypting a computer and requesting a ransom. As a pressure, some stolen data is being published on the ‘Dark Web. The most common way of stealing information related to ransomware is the carelessness of end-users when using their email, responding to phishing emails, or accessing websites with malware, which are increasingly being circulated by armies of botnets, such as the famous Emoted.

Added to this is vishing. What is vishing? In the business sphere, it is limited to telephone calls received by teleworking employees in which they impersonate company executives who request confidential information from them. The hyper connectivity brought by 5G and the IoT open new ‘highways’ for cybercriminals who always have their sights set on the continuous increase in mobile devices both by end-users and in an automated way in multiple gadgets, cameras, sensors.

Keys To Deploying An Effective Cybersecurity Strategy

With this landscape, protecting cloud environments, networks, and applications is vital so that critical information does not reach the hands of cybercriminals. It is essential to prevent a cyber attack from spreading throughout the company’s infrastructure. To achieve this, it is vital to educate end-users of corporate technologies by asking them for full responsibility in their actions. The enterprise IT architecture must also be audited for vulnerabilities and systems patched and updated.

In this analysis of the IT infrastructure, it is essential to update passwords and deploy profiles with specific authorizations to access systems and data, accompanied by monitoring mobile devices with MDM (Mobile Devices Management) solutions. But given the sophistication of current cyberattacks, it is practically essential to deploy automated prevention solutions based on Artificial Intelligence and Machine Learning. The solutions IA and ML allow current practices ahead of cyber-attacks thanks to information gathered earlier about their modus operandi.

Fortunately, market research shows that cybersecurity budgets are increasing in companies. Contingency plans should always be included in these strategies as a critical piece of security. Since, if necessary, having an effective Backup and Disaster Recovery plan is the best protection against a cyberattack.

Also Read: What Are The Benefits Of Master Data Management

The post What Cybersecurity Strategy To Follow In 2021 appeared first on Trends Tech Blog.