Jump to content

almikel

Cyber risk during COVID-19

Recommended Posts

I'm seeing a massive increase in cyber attack attempts on our organisation.

 

Hackers are seeing COVID-19 as a golden opportunity to compromise you/your organisation, while attention is directed elsewhere...

  • busy/distracted people clicking on links they shouldn't
  • IT resources stretched thin
  • people working from home with less than ideal WiFi security
  • people working on shared unsecured WiFi

 

For everyone - be extra vigilant - think before you click - and think again, then again before providing a username and password - all of our "near" compromises have come from

  1. users clicking on links they shouldn't
  2. much worse, users entering user names and passwords after clicking a link they shouldn't have

 

For those involved in managing IT:

  • if you don't have Multi Factor Authentication implemented do it now - this one control that has blocked probably 50-100 attacks on our small organisation over the last 12 months.
  • we recently ran a vulnerability/penetration test and were able to crack a bunch of user passwords/hashes that were too simple - we contacted all the users on that list to change their passwords to something stronger...and less than a week later one of those users had a hacker try to login to their account numerous times before giving up

The bad guys are poking everywhere - make sure you've got a plan and a process in place just in case you are attacked...it's too late once you've been cryptolocked:

  • would your organisation pay a ransom? (I've raised it, but I didn't get a clear answer)
  • have you tested your restore processes recently...most backup all the time, but usually incrementally, and have faith in the software to get a proper recovery from all the incrementals added together...have your tested a recovery?
  • do you have a cyber attack plan in place?
  • have you scenario tested a cyber attack against your plan? 

 

We're in unprecedented times - maintain or increase your IT security requirements and be conscious that the bad guys are literally having a field day - don't let them in...

 

...I'm not a techo, but happy to provide high level guidance as I can.

 

Mike

 

Share this post


Link to post
Share on other sites

Have you been able to find out where these attacks are coming from, @almikel?

 

(IE. a country targeting us - or bad guys from everywhere?)

 

Andy

 

Share this post


Link to post
Share on other sites

We do have our own "bad guys".......

Share this post


Link to post
Share on other sites

Have a firewall active, for Windows 7 and up try Tinywall at https://tinywall.pados.hu/.

This application will only make itself known when it has a outgoing request from an application it does not know about, managed via a list

Most routers have firewalls in them, worth a look.

 

Fully BACKUP your DATA, with at least two copies, applications can be reinstalled, your data cannot be easily recovered or remembered.

Schedule a regular data backup to a USB HDD, as an example see https://www.instructables.com/id/1-How-to-Schedule-a-Backup-in-Windows-7/

Try to have an off site backup, a bit difficult now I admit, but it can be done.

 

Run a spyware scan regularly

Superantispyware from https://www.superantispyware.com/?tag=SUPERANTISPYWARE

and

Malwarebytes from https://www.malwarebytes.com/

Install HTTPS Everywhere https://www.eff.org/https-everywhere on your browser if you can (if it is not installed) and if not sure check security of sites before using them by clicking on the little key as shown in this link CBA_login.jpg.4916af29cd6bf265b9faddbb0e9813aa.jpg.

Doing this will open a new window with lots of details about the security of the site.

 

I also have PiHole  https://pi-hole.net/ running on a Raspberry Pi with Raspbian https://www.raspberrypi.org/downloads/raspbian/ .

This way you can blacklist nasties easily via a blacklist and also stop a great many adverts at the same time.

A bit of IP addressing (DNS address) knowledge required, but worth it.

There a large number of black lists available, you can also make your own.

Share this post


Link to post
Share on other sites


On 30/03/2020 at 10:36 AM, andyr said:

Have you been able to find out where these attacks are coming from, @almikel?

 

(IE. a country targeting us - or bad guys from everywhere?)

 

Andy

 

this is not a country targeting anyone - it's hackers everywhere seeing opportunity with the "look over there" activity with COVID-19, and lots more people working from home creating more potential holes for cyber attacks.

 

A classic example of a control that would only stop "lazy" hackers is "impossible travel" - implemented by numerous providers - it's blocked numerous attacks on us...but a hacker can present themselves as originating from anywhere they want

 

mike

Share this post


Link to post
Share on other sites
On 30/03/2020 at 1:08 PM, soundbyte said:

Fully BACKUP your DATA, with at least two copies, applications can be reinstalled, your data cannot be easily recovered or remembered.

agreed

too many people have personal data eg photos etc stored on a single hard drive...that they haven't checked actually works in years...

...regardless of COVID-19 or hackers - backup your data - hard disks fail, houses burn down - keep a copy offsite...

I'm guilty of this also - my music collection has been spread to numerous "offsite recovery locations", but not personal photos...this is crazy - all of my music can be recovered, but none of my personal photos have copies "offsite" (Cloud storage gets costly fast)

 

mike

Share this post


Link to post
Share on other sites

Most people don't realise exactly how vulnerable they are and now I see amazing potentials for script kiddies, (not even hackers, just kids running 10 year old scripts).

A simple example: You browse your work or personal emails using a mailing application on your home network without a VPN.

You have WiFi enabled in your home secured by a password that isn't a completely random string of characters.

 

A hacker uses a long range WiFi antenna and scans for nearby networks. They happen to pick your network as a target. Using a certain tool, they are able to force one of the devices on your network (a phone for example) to disconnect and then automatically reconnect. This re-connection involves an encrypted exchange of credentials and is captured by the hacker.

The hacker can then attempt to decrypt your credentials remotely. The are able to try 1-2 million passwords every second or 86.4billion over 24hrs on a home computer, possibly 20x of that on a server. With various techniques they are able to crack a significant amount of home networks.

Now that they're on your home network, they are able to do view any credentials that you use with a desktop mailing application and get into your emails. They can see anything you type into a HTTP website, they can see what remote servers you're accessing, on an outdated browser, they can show you a fake version of a website instead of the real thing and get you to divulge your password. Worst of all, they maybe be able to gain complete control of your machine. All of this can happen without you knowing and irrespective of your operating system.

 

This has been possible for over 10 years run running publicly available scripts, yet never has there been so much "valuable" information to be gained.

 

Share this post


Link to post
Share on other sites

I am a part owner of an ISP and a founder and Director of a cyber security manager services provider. We’re seeing massive amounts of attacks lately, with a real uptick in the level of sophistication.
 

Many users in businesses are still being compromised by phishing or spear phishing emails, but the quality of these emails is really being ratcheted up a notch. The domains people are being redirected too are much more professional and behave much like an O365 portal.
 

We’re also seeing a lot of brute force activity that has been occasionally successful, telling us password complexity / variability isn’t that we’ll adopted in a business.

 

We’re still seeing too many businesses being compromised with partial MFA or none at all. Worse still, is when a business has it enabled and available but don’t enforce it and make it optional.

 

this year I’ve seen in excess of $10m of cyber theft from fraudulent invoicing, people changing bank account details and various forms of related bait and switch.

 

we are also seeing a lot more data vacuuming going on. When someone gets compromised, the attacker downloads all of the user / organisation data and then deletes it all.

 

we get called in to do post breach investigations and the work involved to map out the who, how and what is not trivial to replay. You are often staring at gigabytes or more of logs and it’s tedious work. 
 

when we have a managed customer with our MDR platform we can often knock these kinds of attacks on their head in a half hour, but even then it’s frustrating as we’re just catching the bad guy when the customer should have had that door locked in other ways.

 

it’s a slow process to continually press your customers to be better prepared for cyber attacks. Most smaller businesses think having a firewall and antivirus is enough. It’s far from enough.

 

it’s obviously good for business for us, but the amount of active attacks at the moment is really scary to most. When we got visibility into one customer’s network after deploying our MDR solution a month ago, we’ve dealt with over 15 serious attacks and breaches that they would never have even known we’re going on beforehand.

 

- mfa / password managers are a must (no excuses)

- use a dns filter which has a malicious domain and ip range filter to block connections to known c&c servers

- get a real endpoint protection solution (we recommend crowdstrike) that’s not just an antivirus solution but also does advanced threat protection

- if you can pay for it (a business) get someone competent to monitor all of your security events for attack 24x7.

Share this post


Link to post
Share on other sites


High time to head in the needed direction for software, if you are not there already, namely:

 

https://www.fsf.org/

"Free software developers guarantee everyone equal rights to their programs; any user can study the source code, modify it, and share the program. By contrast, most software carries fine print that denies users these basic rights, leaving them susceptible to the whims of its owners and vulnerable to surveillance"

 

 

 

Share this post


Link to post
Share on other sites

I've got a little piece of software that monitors all outgoings and notifies me if anything I haven't previously approved happens. 

It was a bit of a pain to set up 'cause so much software has hidden outgoings.

Share this post


Link to post
Share on other sites
23 minutes ago, GregWormald said:

piece of software

Which is?

Share this post


Link to post
Share on other sites

Little Snitch on a Mac does this. Great app.

 

Share this post


Link to post
Share on other sites


Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Classifieds Statistics


    Currently Active Ads

    Total Sales (Since 2018)

    Total Sales Value (Last 14 Days)

    Total Ads Value (Since March 2020)
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...