hackers

Coronavirus Being Exploited By Hackers

by
Coronavirus

Coronavirus is sweeping the world with hackers taking advantage of people’s vulnerability and the uncertainty that exists in this situation.

The cyber threat landscape remains the same as do the techniques and methods that hackers utilize but hackers are also being more inventive and praying on innocent victims.

Phishing Attacks

This remains one of the most common forms of cyber attacks. The National Fraud Intelligence Bureau (NFIB) has announced that they are seeing cases of fraud where Coronavirus has been an avenue for cyber attacks. The losses are understood to be in excess of £800,000. Emails are inadvertently opened to trick individuals which leads to personal information being accessed by the hackers who then use this for illegal means.

This could include the impersonating of third party suppliers or the provision of business services. Another method is the bulk selling of face masks and hand sanitiser.

Also being seen are vishing (voice calls) and smashing (SMS) messaging. Everyone needs to be alert even more so to these dangers.

Hacker Scams 

Another pattern emerging is bogus emails coming from research agencies who are affiliated to bodies such as the World Health Organisation (WHO). The e-mail content pretends to be able to divulge information on individuals  who may have the infection.

https://www.bbc.co.uk/news/technology-51838468

Remote Working 

A large proportion of the work force is now working from home and with this comes an increased exposure to cyber risks. Good housekeeping is therefore important and should include the following:-

  • Ensure that communications are secure
  • Ensure that strong passwords and multi factor authentication
  • Raise awareness of cyber attacks within the organisation
  • Make sure laptops are kept secure and in a safe location
  • Be careful not to disclose personal credentials
  • Log – off when not using the network
  • Review the Remote Desktop Protocol (RDP)
  • Impose stricter procedures for financial processes and monetary transfers

Managing The Cyber Risk 

All organisations are facing a huge challenge with this infectious disease and the consequences that it brings with  business interruption being one of the main threats.

Cyber insurance includes incident response services which can assist with cyber attacks that may befall a company these include forensic investigation costs , public relations consultants and legal assistance. In the current climate it is even more important to have access to these specialist vendors.

 

Image : Shutterstock

What is Cryptomining?

by
Cryptomining

So what is Cryptomining ? 

This is an emerging cyber threat to businesses where hackers gain access to cryptocurrencies by utilizing a computers’ processing power .

A recent report by Checkpoint Research revealed that 20% of companies are the subject of cryptoming attacks every week and a leading source of malware attacks.

https://www.checkpoint.com/press/2019/cryptominers-hit-10x-more-organizations-than-ransomware-in-2018-but-only-1-in-5-it-pros-aware-of-infections-shows-check-points-2019-security-report/

How is Cryptomining carried out ?

This involves the use of a computers’ processing power to solve very complexed mathematical equations in order to confirm that cryptocurrency transactions are as they should be. As a sign of reward the cryptocurrency provides a specific amount of the cryptocurrency to the user who has verified the transaction the quickest.

The more computers utilized the quicker that it is possible to mine the cryptocurrency in question, this however does generate an enormous amount of actual processing power and bandwidth which in turn requires a great deal of electricity to facilitate this.

Out of the 21 million bitcoins available, 17 million have already been mined leaving just 4 million.

How do Hackers infiltrate the computer system?

  • Hackers can fool a user to download a cryptomining code to their computer system via a phishing attack normally disguised in an e-mail where a link is innocently clicked upon. This will then be activated so that the code can access the computer.
  • An alternative to this is where a user visits a website that contains a code which operates in the background to mine cryptocurrency.
  • Similarly a user could click on an ad pop up where again it operates without the user knowing whilst the code takes advantage of the processing power of the computer.

The principle concern with cryptomining is that these forms of cyber attacks can go undetected for sometime without the user being aware of what is happening to their computer system.

Proactive Risk Management 

When a cryptomining incident has been discovered it is of course too late to do anything about but measures should be put in place to avert a reoccurrence these can include:-

  • Ensure all computer systems are effectively and regularly patched
  • Make regular back-ups are carried out.
  • Improved training of users so that a potential attack can be identified.
  • Implementation of zero day prevention techniques
  • The cloud is a common threat vector for cryptomining and focus should be given on the latest security protection available.

Cyber Insurance

This form of specialist insurance can provide coverage for cryptomining where a business suffers a financial loss arising from this type of cyber attack. Just as important is the vendor services that this policy provides which includes forensic investigation and the use of legal assistance in managing and mitigating this form of cyber attack. 

 

 Image : Shutterstock

Hackers don’t go on holiday over Christmas…..

by
Christmas

Hackers don’t go on holiday over Christmas and consequently everyone needs to be more vigilant than usual during this busy time of year were individuals and businesses can be preoccupied.

The theft of data is is very much on the mind of hackers over the Christmas period as this considered to be a prime time where many transactions are undertaken on-line with bank and credit cards in particularly being targeted.

One of most common methods utilized is via Phishing  which can  occur as follows:-

1.Individuals can be tricked into sharing sensitive data by using a website that is not what it seems

2.Clicking on a dubious website link

3.Responding to an e-mail from a bogus sender.

Risk Management within a business and good cyber hygiene are key to preventing the loss of data and should be practiced at all times irrespective of the time of year.

Some examples of this is as follows:-

Ensure that the latest software patches are installed

Make sure passwords are strong and that they are not replicated by individuals  and consider the use of a password manager.

Apply two factor authentiification as this provides and extra layer of protection 

Outside of Work individuals should practice the following:-

Individuals should practice similar cyber hygiene and carry out the following :-

Be care when entering your debit or credit pin into a machine whether at a shop or withdrawing cash.

If you some reason you do not feel that things feel right do not go through with a transaction of your computer and check the legitimacy of a website.

Ensure that the website you are in is the actual website and not one that pretends to be the website.

Do not click on links from Facebook or other social media sites unless you know who they are from.

Ensure that your Wi-Fi is secure and password protected with your own password

Look to change the default passwords on new toys or devices that are connected to the internet to help avoid hackers accessing these.

The Human Factor plays a fundamental role in managing cyber risks http://cyberbrokers.co.uk/human-factor-cyber-risk/

Whether at work or at home the unpredictable factor of humans may well determine how safe or secure you are and is recognized as a major driver for cyber related losses.

The underlying message is that hackers are all around us and that we must have our wits about us as all times.