Over the past few months the Cyber Landscape has shifted dramatically and all organisations should be thinking about how to adapt. Whether you work for a large corporation or run a small business — today I’m going show you what key things to consider to protect yourself from typical cyber attacks in this dramatically changing cyber landscape.
The Current Landscape
Back in February 2020 the world was completely different. Most businesses were based from offices, with a large part of the workforce based from a central hub. Our work environment, our technologies and our sphere of protection was based around this centralised structure. Businesses and cyber security product companies have existed to service that market.
But come the middle of March, the deck of cards have been thrown up into the air and it all comes back down completely different. As lockdown began, organisations were scrambling to get employees set up for remote working. Even today, there is still a difficulty in buying printers, webcams, laptops, or because people just invested in technology with no real thought or process.
All of a sudden IT teams had a huge problem on their hands. In a company of 50 staff, they were now having to think about protecting devices across 50 remote locations. Needless to say, everything got pulled very thin, very fast.
Rise of Malware
Possibly the biggest problem we're seeing in the cyber landscape is the rising threat of malware. The most prevalent and the most damaging to business trade is ransomware. It exists purely to destroy your systems to the point that you have to pay that ransom. And if your company is not prepared or organised to recover from a ransomware attack, then you have two stark choices: Start again or pay the ransom.
Whether it's credential, worms or good old plain viruses — these different types of Malware all look to do the same thing. They look to exploit system misconfigurations in your network, incorrect permissions and vulnerable software. So whether you're running out of date operating systems, old versions of plug-ins or still running default credentials — you’re at risk.
How does malware get onto systems?
There are three common methods that attackers will use to get malware onto your system: phishing, remote desktops and drive-by-downloads.
This type of attack has been around for years and years, even before we had emails. Essentially, an attacker is looking for you to click on a link inside an email, after which it can do a number of things. Out of thousands and thousands of emails they sent out, it will work perhaps only 0.5% of the time.
At Wolfberry we frequently run phishing simulations for our clients to understand the unique threats they face. We'll pick an appropriate situation and a scenario, and our team will then build a specific attack, very much like a cybercriminal would do. When running these tests on business teams, our average for a successful click rate is 14%.
With an average of 14% success rate on people click on those emails, at some point — every client has to assume they’ve had some sort of breach whether an email has been clicked and the attackers have a foothold inside your network.
2. Remote Desktops
This one has really come to the surface with the recent changes to the way we work is. If your network is not being isn't being monitored, you really don't know what is going on at any point. And one of the huge problems we saw initially in March was organisations not having the technology to be able to run Remote Desktop Services properly or securely.
To make matters worse, many organisations failed to properly vet their software and actually ended up installing dodgy software that has already been compromised or in some cases designed to trick users into thinking it was a genuine service.
3. Drive-by Downloads
Perhaps one of the most nuanced approaches is Drive-by Downloads. This is where a seemingly innocent website displays advertising banners which are infected with malware or scanners that are able to review your browser and machine search for vulnerabilities it can exploit.
It's a very clever way for cyber criminals to get into a corporate network. These can really go under the radar as these little pieces of software sit on top of the website. It's not the website that is infected but it's bringing those adverts from another location that is causing the problem.
How to protect yourself as an organisation
Understand your vulnerabilities
All these methods are one thing in isolation but will often be combined together by an attacker. Awareness of the vulnerabilities that exist on your system is so important. How can you best protect your organisation unless you understand your weaknesses? And how do you even find them?
One way is to hire a cyber security company to conduct a penetration test which simulates a cyber attack and evaluate the security system across infrastructure testing (internal and external), application testing, wireless testing, red teaming and social engineering.
The reason we do this is to help companies across the globe find out their weaknesses and remedy them as soon as possible so that your systems, applications and network are as secure as possible.
Cybersecurity companies like ourselves can also monitor network traffic and respond to any security issues / threats that are trying to gain unauthorised access to your company infrastructure. Dedicated monitoring solution that keeps eyes on all aspects of your network and are able to respond quickly and efficiently to keep threats at bay.
At Wolfberry, we are also able to provide your company with threat intelligence reports to help keep your security posture proactive and to limit the potential issues you could face.
Establish Governance, Disaster Recovery and Backup Processes
Once you fully understand your vulnerabilities and have mitigated risks where you can — it’s time to establish governance to effectively coordinate the security activities of your organisation. Done correctly this will enable the flow of security information and decisions around your organisation.
Disaster Recovery and backup processes are so important, they are one of the last lines of defence against a ransomware attack, as the county in Bristol can attest to it, they didn't have a viable backup process, they only had a connection they had a whole number of backups.
But they were all accessible, which meant the cyber criminals could just wipe them out exactly what they did. So you know, you want to review your posture. And that's something you should be doing quite often at least quarterly and then get monthly reports for your systems.
Basic Virus Hygiene — Cyber Essentials
We’re not talking about COVID here. If you don't have antivirus enabled on your computer, your system could well catch a virus. Simple as that and it’s basic digital hygiene. Malware protection is really, really important but you should also understand that it isn’t a full solution.
Cyber Essentials is a simple but effective, Government-backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.
Cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They're the digital equivalent of a thief trying your front door to see if it's unlocked.
Certification gives you peace of mind that your defences will protect against the vast majority of common cyber-attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.
Move towards constant monitoring — VIPER at Home
What I would suggest is, you would look for a provider to provide you with ongoing support, because any cybersecurity testing that you do has a line in the sand test. Meaning that… Microsoft could release a patch in the afternoon that changes that landscape completely. What you want to look at is try to get an arrangement with a provider where you establish a constant process of testing.
We have been developing our Viper technology over the past four years using our experience as one of the UK’s leading cyber security technology companies. Our research has led us to develop a small form device that when connected to your company’s network enables us to review the security posture of every connected device.
With our VIPER at Home Edition, we've taken the technology from our VIPER VS devices and applied it to individual homes rather than business infrastructures. The device can sit on your home network (with easy installation), identify any potential issues and help secure your home network.
It's an easy to use, affordable technology that can give you peace of mind; whether you're remote working, or simply want to secure your home network further. Working similarly to our VIPER VS technology, the VIPER Home Edition can feed directly into our SOC services so that you know, if there is a potential threat, Wolfberry will be able to pick it up and block it as soon as possible.
Understand the tactics used by cybercriminals
For an attacker, a key element is always adding urgency and paranoia. In March, we started working with a couple of clients to help them better anticipate the tactics cybercriminals might deploy during the pandemic playing on people’s fears. Just mentioning COVID within an e-mail in the email increased hitting 20 to 30% success rate on clicks.
Continue reading: Changing Cyber Landscape Part 2: The Power of Emotions in Cybercrime — Professor Pete Burnap from Cardiff University, School of Cyber Security.