Executives Level Summary – Cyber Threats

Alliance Partner Education Industry News New Updates

Executives Level Summary – Cyber Threats


By Mandry Technologies

Account Take Over (ATO)

Description:

Bad actor(s) obtain credentials (username/password; authentication token; etc.) and login to a user account such as local desktop/laptop; network/active directory; Microsoft Exchange Online; Cloud based software application and engage in malicious activities disguised as the original user.

Harmful activities:

  • Sending emails out as the original user to perpetrate further malicious activities
  • Deleting content within application data sets
  • Posting user data to the Dark Web for sell
  • Exfiltrating data from the organization to use for harmful purposes (i.e. ransom; public exploit, etc.)

Attack vectors:

  • Phishing email that takes end-user to a disguised site and asks for credentials
  • Clandestine software residing on websites that can extract digital tokens from Phished users
  • SMS (Texting) Phishing (aka Smishing) cell phone users for credentials

Activities to Prevent:

  • Phishing simulation for end-users to build skills and awareness of attempts for Phishing activities
  • Two-Factor / Multi-factor authentication (2FA/MFA) for all platforms where possible
  • Regular password change requirements
Ransomware – Encryption

Description:

Software is downloaded onto local desktop or network device (i.e. File Server) and encrypts files on those devices.  Users are notified of encryption activity and instructed to contact the 3rd party for instructions on how to submit payment to release decryption keys.

Harmful activities:

  • Organization cannot access business critical data
  • Federal / State regulatory compliance violations
  • Deleting content within application data sets
  • Posting user data to the Dark Web for sell
  • Exfiltrating data from the organization to use for harmful purposes (i.e. ransom; public exploit, etc.)
  • NOTE: It is not uncommon that even if ransom is paid and decryption keys provided that later the malicious software can launch again in an attempt to re-ransom data.

Attack vectors:

  • Phishing email that takes end-user to a disguised site and users unknowingly download malicious software
  • Portable or mobile media (i.e., CD-ROM disks, USB / Thumb drives) are inserted into devices and software automatically downloaded
  • Email attachments
  • Open external ports or unaddressed vulnerabilities that allow 3rd parties access into the network
  • Unattended vendor access where access is enabled through that party’s external access

Activities to Prevent:

  • Phishing simulation for end-users to build skills and awareness of attempts for Phishing activities
  • Actively managed Anti-virus/Malware/End-Point protection application
  • Effective network / IP scheme architecture that can prevent spread of malicious software
  • Properly managed firewall and external facing entry points into the network (firmware updates, patching, routine threat assessments)
Ransomware – Exfiltration/Publication

Description:

Software is downloaded onto local desktop or network device (i.e. File Server) and harvests files on those devices.  Data is transferred to external parties who then contact organization and inform them of possession of key business and privacy data with instructions for payment to prevent release of data to the public.

Harmful activities:

  • Federal / State regulatory compliance violations
  • Posting user data to the Dark Web for sell
  • Public reputation of the organization
  • Harm to persons that have identified data leaked (financial or medical fraud, identity theft, humiliation, etc.)
  • NOTE: It is not uncommon that even if ransom is paid the external parties will request additional monies in the future as there is no guarantee that the exfiltrated data has been destroyed.

Attack vectors:

  • Phishing email that takes end-user to a disguised site and users unknowingly download malicious software
  • Portable or mobile media (i.e., CD-ROM disks, USB / Thumb drives) are inserted into devices and software automatically downloaded
  • Email attachments
  • Open external ports or unaddressed vulnerabilities that allow 3rd parties access into the network
  • Unattended vendor access where access is enabled through that party’s external access

Activities to Prevent:

  • Phishing simulation for end-users to build skills and awareness of attempts for Phishing activities
  • Actively managed Anti-virus/Malware/End-Point protection application
  • Effective network / IP scheme architecture that can prevent spread of malicious software
  • Properly managed firewall and external facing entry points into the network (firmware updates, patching, routine threat assessments)
Distributed Denial of Service (DDoS) Attack

Description:

External party continuously issues response requests to your organization that forces your firewall, internal servers, or other externally facing devices to respond and in essence rendering them unavailable due to performance capacity.   This overloads the device with requests and prevents legitimate requests and processing needs from being fulfilled.  From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination

Harmful activities:

  • Poor performance of business-critical applications and processes
  • Public reputation of the organization based on non-available IT assets for business processes
  • Resource distraction and costs related to addressing such attacks

Attack vectors:

  • 3rd Party applications with poor configuration resulting in vulnerabilities
  • Unaddressed vulnerabilities within the network infrastructure
  • Downloaded malicious software that enables ‘bot’ activity within the network

Activities to Prevent:

  • Regular vulnerability assessment of internal and external facing devices and applications
  • Managed network Layer 3 (or higher) switching and routing
  • Managed firewall(s)

Write a Comment