While some were home baking, reading, playing games and working on their passions, others were building hack tools and infiltrating large companies’ supply chains. Hackers are always looking for a new way in. They consistently work on finding exploits and Zero-Day vulnerabilities that they will use to gain access to essential systems. This new “normal” really does not just speak about the COVID-19 hardships we have had. IT systems are evolving, and the work environment is becoming more hybrid than ever before. Security must be a top priority for all businesses and organizations – big and small.
Withum’s Cyber and Information Security Services Team is constantly monitoring and researching the newest security threats. Our team provides comprehensive security assessments to help businesses and organizations get a complete picture of their cyber threat landscape. Here’s what we’ve learned this year.
Let’s be honest: IT is not on every business leader’s mind. Some companies look at IT as a cost and something that does not return on its investment. This, unfortunately, is a very untrue statement and causes multiple businesses and organizations to suffer from cyberattacks. From the largest to the smallest, hackers want your information. With the new “normal” that 2021 has brought us, companies rely on their technologies more than ever before. Working from home, rotating working schedules and other hybrid designs are causing companies to rely on the internet to get what they need done. Some organizations provide their employees with company computers, and some use their home shared PC to perform work. So many endpoints, so much risk. Where does it end?
2021 has been an interesting year. While some of the techniques hackers use might not change from year to year, it does not mean they don’t get smarter or more dangerous. The internet is a dangerous place already, and with everyone being so very connected, there are more and more targets. Here are three cyber hacking techniques to be aware of and some tips on how to avoid them.
Cryptojacking, also known as cryptomining, specifically for cryptocurrency, uses high level CPU and GPU cycles to solve complex mathematical problems and gain cryptocurrency. After these problems are solved, the cryptomining software writes back to the master Block Chain saying you completed the transaction data and provides you with some amount of cryptocurrency. Many people participate in cryptomining today. There are multiple different crypto coins and everyone is trying to make some money from this new peer-to-peer currency system.
Hackers naturally have come up with their own way to cash in on the crypto boom. Cryptojacking: a new form of hacked cryptomining that causes the suspect to cryptomine and not even know it. By embedding a small cryptominer in a malicious package, hackers get their software on your system. The miner then takes hold and uses your system’s CPU and GPU cycles to mine their cryptocurrency.
Cryptojacking saw a 163% increase in detections, compared to the previous quarters. Symantec’s Threat Landscape Trends Report for Q2 2020
A True Cryptojacking Story: In April 2021, a small construction contractor firm was hit by a huge ransomware attack. During the cleanup of this attack, security tools were added to all servers and systems to make sure all hacker access had been removed and the threat was secured. During the weeks after cleanup, we found an odd alert in the security console. When investigating the alert, a cryptojacking miner was found installed on the system. Digging deeper into what this company uses this system for and how it was setup, there was a discovery.
This system was unpatched and unsupported – even by the vendor. Onsite IT had the system publicly accessible via HTTP/HTTPS, but there was a known vulnerability in the site’s coding. After tracking this all down, we disabled external access and worked with the client’s team to setup secure communication to this device.
The leaders of this construction firm were distraught and did not understand how their small business could have ever been hit and affected. The unfortunate truth is that hackers do not care how large your business is. In this example, hackers used web scanning technologies to find the vulnerability and exploit it.
When you think about hacking and hackers you think of unauthorized access, stealing of data and compromised systems. However, some hacking strategies are much more thought out and well executed. A fitting example of this is supply chain hacks. Supply chain hacks include infections of a third-party system and/or tools.
Supply chain hacks work something like this: Hackers gain access to your network where they are undetected and start to poke around. They find something you might offer clients (software, tools, scripts) and start to modify and inject their own code. After the hackers confirm the malicious code is on multiple devices, they use their malicious code to run an exploit. This is exactly what happened with both SolarWinds and Kaseya earlier this year. SolarWinds and Kaseya are both large companies that create tools to help manage IT systems and monitoring. Each of these companies were breached without their knowledge and hackers were able to input malicious code into their tools. Many companies who use their products were then installing malicious software on their workstations and servers without ever even knowing. Big or small, all clients were targeted. Because the hackers used a supply chain hack, they were able to attack way more than just SolarWinds and Kaseya. They attacked their customers.
Ransomware threats are on the rise. Hackers are using ransomware to destroy systems, information and hold people’s data hostage. The topic of ransomware comes up often during NCSAM and is a critical topic to cover. In the last few years alone ransomware has shutdown hospitals, destroyed Intellectual Property data, and even caused a shutdown of the East Coast oil pipeline. Ransomware is getting harder to detect, harder to stop and is becoming even more deadly. The most recent ransomware being reviewed by researchers not only tries to encrypt your files and look for special file types, but also spread to any and every machine. They have found that these ransomware are even working on brute force and capturing sensitive passwords to keep moving. In May of 2021, a major East Coast pipeline system was a victim of a ransomware hack. The hack brought the system to its knees and stopped all production and movement of fuel. This created a ripple effect all over the country. These types of attacks are becoming increasingly common and organizations must protect themselves.
The average bill for rectifying a ransomware attack, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc. was US$1.85 million more than double the US$761,106 cost reported last year. Sophos’ Annual Ransomware Survey, 2021
Withum’s Cyber and Information Security Services Team is here for you. The experienced team has seen it all and have helped mitigate the worst of them. The team works hard to understand your business, putting pride on generating the best possible solution that not only takes security, but your organization into account.
Let Withum review your current policies for things such as Bring Your Own Devices (BYOD) Policies, Mobiles Device Policies, Remote Access Policies, Cyber Insurance Policies and many more. The team inspects all facets of your network and infrastructure to find gaps, holes and vulnerabilities. With a complete picture, the Withum team works with your business to fully understand what is going on. Withum works with your current IT team to help update and secure, or bring in our own IT professionals to transform your security posture. IT and Cyber security can be tricky, but Withum’s Cyber team would like to take that next step with you to harden and secure your organization. Contact us today.
Explore our Cyber and IT Security Services and build a quote for your own custom protection package.