Identifiable Threats and How to Block them
By Frances Dewing, CEO, Rubica
As smaller companies rely on technology to do their day-to-day business, their risk of being hacked increases. For some people, this may seem counterintuitive. Hacking larger corporations offer bigger payoffs and we tend to only hear of cyber attacks on big companies such as Adobe, Sony, and Equifax. On the other hand, smaller businesses do not have the resources nor the money to invest in robust cyberinfrastructures, leading them to be vulnerable. The result is loss of money, production and client information – and negative impact on reputation. These smaller businesses can also be the gateway to access the information from big corporations. For example, The Target hack, which resulted in tens of millions of consumer’s credit card details stolen, stemmed from hackers infiltrating a small HVAC company which allowed them to access credentials to Target’s network.
According to Small Business Trends, 43% of cyber-attacks are targeted at companies with 250 employees or less. A small business is particularly at risk if they have frequent wire transfers or payment transactions, deal in customer personally identifiable information (PII), financial info, health data, intellectual property, or contract with larger entities or high-profile individuals (where they could be targeted as a weak link into them). Fortunately, there are a few things companies can look out for to prevent risks.
We do a multitude of things on our mobile devices: texting, gaming, GPS, calendaring, emailing, web browsing, social media, photo sharing, banking, streaming, even buying a home. The list goes on. With the rise of portable devices that house all our information and online habits, so comes the rise of targeting those devices. Mobile devices are more apt to be used as a hacker entry point due to users clicking-without-thinking and falling for phishing and social engineering schemes. If a person uses their phone for personal and business use, which a majority of the population is known for, it becomes a juicier target for criminals due to the increased opportunities to gain access to the device through personal and business activities.
Recently, there has been a rise in virtual worlds, live-action gaming, and a pivot from console-based to mobile-based gaming. While this innovation opens more doors for developers, it also opens up more doors for hackers. STEM games have been a known vector for nation-state actors for years, and now with more games showing up in the app store, these games will become a gateway for cybercrime.
Malware often hides in plain sight, disguised as legitimate apps, games or software – even available in the official app stores waiting for unsuspecting users to download. When these programs are downloaded and their terms and conditions are accepted, consumers are voluntary – albeit, unwittingly – giving these malicious programs access to read, write, modify and steal data from their phones. This is the problem with “grey ware” – it’s not black or white, or a per se violation of the rules. It finds a loophole in the system and exploits it to evade police. This is what cybercriminals do best. Use our own habits, systems and blind trust against us.
Data itself is valuable. If an organization can gather info about consumers and their behavior – where they go, what they do, and when they do it – that’s powerful information that can be used to influence and manipulate them.
Persistent & Patient Cyber Actors
The thing about cybercrime is that it doesn’t hit right away. Sometimes it’s a waiting game. Command-and-control (C2), Advanced Persistent Threat groups (APT) and backdoor malware provide cybercriminals access to devices and networks and the ability to exfiltrate data or initiate other later attacks. They pursue their objective over months and sometimes years. They also adapt to defenses and will most likely retarget victims.
Knowing that these factors can happen at any time, here are a few tips to help prevent cyber-attacks:
Think before clicking. Beware of phishing and social engineering in traditional channels (emails and social media) and emerging channels (gaming). Behavioral-based detection & IDS/IPS solutions (like Rubica) can help detect and block malicious sites and software, but educating your team is worth investing in. If employees understand the part they play in security and how their actions can impact the business, they are more likely to think before they click.
Scrutinize app permissions. Although there are harmless uses for device permissions, these same permissions can also be used to surreptitiously download malware or steal account login information. Be particularly wary of permissions like “read/write/modify files or storage,” access to the camera, microphone or GPS, “retrieve a list of running apps,” download files without notification, and “display over other apps.” It’s not just about which permissions – it’s about who has access to the permissions. Only give access to trusted apps.
Use continuous monitoring, detection, & response system. Diligently analyzing the traffic flowing in and out of the network and device(s) is one of the only ways to prevent certain threat vectors. Intrusion detection and prevention systems (IDS/IPS) can be installed on the company network or on each device to monitor and defend regardless of what network is connected. Threat-hunting in the “calls over the wire” is one of the best positions to detect hidden malware reaching out for instructions or pulling down the next phase of the attack.
Ensure the whole team has multifactor authentication enabled on all email accounts. Email is still the most common delivery method for malware. Only allow employees to access their work email from secure work devices (not their personal device or a device shared with a family member). Passwords for the email should be completely unique and never reused on another site.
About the Author
Frances Dewing is the CEO of Rubica. Since the company’s inception, Frances built and directed Rubica’s core operations teams, including cyber operations, customer support, finance, legal and human resources. Formerly COO of Concentric Advisors, a consultancy specializing in cyber and physical security for some of the world’s most high-profile figures, Frances was instrumental in developing Concentric’s business in Seattle and Silicon Valley. Frances is a Washington State attorney with a JD from the University of Washington. She can be reached online via LinkedIn and at our company website www.rubica.com