According to a report from ESET Research, government agencies in Europe are learning this lesson the hard way. The GoldenJackal hacking group has allegedly breached at least two air-gapped systems by using custom toolsets, primarily utilizing USB pen drives to compromise the systems.

“With the level of sophistication required, it is quite unusual that in five years, GoldenJackal managed to build and deploy not one, but two separate toolsets designed to compromise air-gapped systems,” the report notes.  

How Air-Gapped Systems Can Be Compromised

By definition, air-gapped systems aren’t connected to networks (much less the internet). Organizations typically air gap the systems that meet two criteria: One, they’re vital or valuable in some way; and two, they hold data that does not require regular access from multiple users.

In enterprise settings, air-gapped systems are often backups or archives. But in government, air-gapped systems may be even more valuable — they might hold voting data, control power grids, or serve other essential functions.

“The purpose of such attacks is always espionage, perhaps with a side of sabotage,” ESET notes. 

Compromising an air-gapped system requires time, patience, and ingenuity (not to mention a few key errors on the part of the victim). GoldenJackal allegedly utilized a “new, highly modular” toolset to collect and exfiltrate files. 

ESET and Kaspersky have not identified a vector for the two attacks, which impacted a South Asian embassy in Belarus and a separate European entity. However, researchers believe that executables were delivered to the target air-gapped systems via USB drives. 

That component — nicknamed GoldenDealer by ESET — was accompanied by a backdoor (“GoldenHowl”) and a file collector/exfiltrator (“GoldenRobo”).

Related: Paying a Ransomware Ransom Is (Usually) Illegal

Enterprises Air-Gapped Systems May Be Susceptible to Other Attacks

In general, bad actors will target networked systems when attacking enterprises, for a simple reason: It’s much, much easier than creating and delivering a set of novel tools for an air-gapped system. 

But in tape backup recovery cases, we’ve seen ransomware variants that were intentionally designed to sit on systems without executing; the goal is to ensure that the malicious software infects all systems, including air-gapped computers, to prevent recovery efforts following said execution. 

One potential solution is to create a “golden copy” backup with essential functionality that can be used following a major attack. Of course, this approach sacrifices valuable data — a robust security policy is just as necessary as a strong backup/disaster recovery plan. 

Protecting Your Air-Gapped Backups

While air gaps are not impenetrable, they remain a valuable security layer, provided that other potential vulnerabilities (such as USB access) are properly sanitized.

Organizations can strengthen their defenses by implementing comprehensive security measures:

• Security Awareness Training: Educate employees about social engineering tactics, the risks of removable media, and the importance of secure practices.
• Strict Access Controls: Implement strong authentication and authorization mechanisms for both physical and logical access to air-gapped systems.
• Regular Security Audits and PEN Testing: Conduct periodic security assessments and penetration (PEN) testing to identify vulnerabilities and ensure the effectiveness of security measures.  
• Endpoint Security: Deploy robust endpoint protection solutions to detect and prevent malware infections on connected devices that could potentially interact with the air-gapped systems.
• Data Encryption: Encrypt sensitive data at rest and in transit to minimize the impact of a successful breach.
• Incident Response Plan: Develop and regularly test an incident response plan to effectively handle security incidents and minimize data loss.

If you’re building a ransomware strategy, Datarecovery.com can help. With resources for disaster recovery planning, enterprise data recovery, penetration (PEN) testing, and dark web monitoring, we provide organizations with essential tools for limiting vulnerabilities — and for recovering from novel attacks.

To learn more, call 1-800-237-4200 and speak with a member of our team.

The post Bad Actors Compromise Air-Gapped Government Systems in Europe appeared first on Datarecovery.com.

According to the Identity Theft Resource Center, the number of data breaches jumped 68 percent in 2021 — setting a new record with a total of 1,862 events.

To IT security experts, the numbers aren’t surprising. Bad actors use extremely sophisticated methods to target sensitive data, and malicious attacks have become a prominent concern over the past several years for both government and private entities.

In order to respond to a data leak, organizations should start with a careful assessment of the leaked data and the attack vectors that compromised your system. Here’s a quick guide.

1. Audit to determine the extent of the data leak.

When data breaches occur, it’s imperative to identify whether personally identifiable information (PII) was compromised — and if so, to what extent.

Some breaches don’t expose PII to bad actors, but unfortunately, that’s not always the case. Stolen information often ends up on the dark web, available for purchase to identity thieves. Your data leak response plan should include a thorough audit of dark web resources to determine whether your company’s data is directly available. Auditing the breach can also identify the attack vectors used to compromise the data.

Regular audits are helpful even if your company hasn’t identified an active leak. Unfortunately, the vast majority of companies do not detect data breaches until the leak has been identified by third-party sources (such as news reports or law enforcement notifications). According to a report from Mandiant Consulting, the average time between the initial data leak to discovery is about 146 days.

Datarecovery.com can help your organization identify breaches by using proprietary methods to search for data on the internet and the dark web. Contact our forensic experts at 1-800-237-4200 or click here to request more information.

2. Follow your state’s reporting laws for significant data breaches.

All 50 states require entities to notify affected individuals of the unauthorized acquisition of PII. In most states, notifications must be sent within a reasonable time frame — usually 30-60 days.

Check your state’s data breach notification laws after fully auditing your breach. Depending on the nature of the stolen data, you may face significant civil penalties for failing to report the issue.

3. Create a data leak response plan.

In addition to auditing and reporting the data breach, your organization will need to form a full response plan before returning to business as normal. Some quick tips for developing a strategy:

• Designate responsibilities and set clear goal outcomes. Include managers, technicians, business partners, your legal team, forensic experts, and any other individuals who will play a role in addressing the breach.
• Identify the compromised systems and set a timeline for restoration of service.
• Engage in penetration testing (or pen testing). Pen testing services attempt to infiltrate your system using common vectors of attack. Datarecovery.com offers pen testing with remediation guidance for enterprise-level systems.

Don’t access the affected systems until you’ve fully audited the breach. To ensure an accurate forensic analysis, do not turn the systems off or attempt to address the issue without expert guidance.

4. Work with forensic experts from day one.

Data breaches can harm your brand, and responding to a leak can be expensive. Forensic experts can help you control the price of the project by accurately identifying weaknesses in your security controls and protocols.

Datarecovery.com offers essential resources for finding leaks, improving storage redundancy, and creating long-term strategies for security maintenance and disaster recovery. We work closely with your team to ensure that the threat is accurately identified, contained, and addressed — improving business outcomes and reducing your future risks.

From data leak monitoring to threat identification and penetration testing, Datarecovery.com can help your organization form a response plan. Learn more by contacting our team at 1-800-237-4200.

The post Data Leak Response: 4 Tactics for Reducing Risks appeared first on Datarecovery.com.

With the rise of ransomware attacks, enterprises — and personal computer users — are struggling to find foolproof prevention tactics. Cybercriminals often target backup systems, and some ransomware variants stay dormant for months before activation. The criminals’ goal is to eliminate any chance of data recovery; if a company doesn’t have access to its backups, they’ve succeeded.

An air-gapped backup strategy keeps backup media isolated from other computers on the network. The air gap is, quite literally, a lack of cables or connections — since the backup is totally offline, it can’t be compromised easily.

For decades, air gapping has been a cornerstone of disaster recovery. It’s also a useful tactic for personal computer users: If you keep a backup of essential data on a mobile hard drive or optical media, you probably won’t be calling Datarecovery.com anytime soon.

However, while air gapping plays an essential role in preventing data loss, it has its own drawbacks. Here are a few considerations to keep in mind:

• Since the media isn’t connected to the network, it can become outdated quickly. This is an especially significant problem for servers, but it can also apply to home computers: If you need an up-to-date copy of a certain spreadsheet, a month-old or year-old version probably won’t suffice.
• The backup media should be redundant. We frequently receive calls from clients who had excellent backup practices, with one crucial exception: They only kept a single copy of the important data. Clients may try to read the data on a compromised system, which in turn compromises the backup. More often, the same event that affects the original system also affects the backup (for instance, when fires or flooding cause data loss).

  We recommend keeping three physical copies of important backups at the absolute minimum. Always assume that your backup will fail — if you have three high-quality backups, that won’t be a significant problem.

• Peripheral devices can compromise the air gap. USB drives and optical media can carry viruses and ransomware, and again, cybercriminals are intelligent; they design malicious software to target backup systems. If the backup system is frequently used with peripherals, it should be considered compromised. Enterprises can limit this risk by using USB locks and other tools.
• The data needs to be encrypted. Many cybercriminals aren’t interested in stopping a system from running; their goal is to collect information that could be used in a wide-range systemic attack. Some users assume that since the data is air-gapped, encryption is unnecessary — but again, air-gapped media can be compromised when connected to the backup system.
• The backup media needs to be checked regularly. All media can degrade over time. Many air-gapped backups develop issues, and they’re not readable when disaster strikes. Backup media needs to be regularly tested and checked to be considered useful.

An air-gapped backup can provide important protection from ransomware attacks and other types of logical data loss. With that said, simply creating a single backup won’t do much — you’ll need to take the right approach to limit your risks.

If you’ve lost data, we’re ready to help. Contact our offices by using our online form or calling 1-800-237-4200.

The post What is an Air-Gapped Data Backup? appeared first on Datarecovery.com.

How Does Eliminating Passwords Equal More Security?

At first glance, the idea of eradicating passwords sounds ludicrous. How would we unlock our phones? How would we get into our social media accounts? How would our computers protect our personal info? The thought of getting rid of password protection goes so far beyond this, too: What about big companies responsible for safely and securely and privately storing our data? Or the world’s banks tasked with protecting the world’s financial info? How could a future without passwords somehow be safer? It all comes down to some tricky wording.

You see, getting rid of passwords doesn’t mean getting rid of protection — It actually means increasing that protection and making it more impenetrable than ever before. That’s because the movement is less about getting rid of protection and more about improving it to make it safer. This includes everything from a shift to passphrases instead of passwords, implementing two-factor or multi-factor authentication that requires additional info in order to allow users to log in, and moving toward physical security keys instead of passwords.

Why WebAuthn Has Been Pushing For a Passwordless Future for Years Now

While Bill Gates alluded to a passwordless future all the way back in 2004, Microsoft isn’t the one that started leading the charge as of late: WebAuthn is actually to thank for this. Formally known as Web Authentication API, WebAuthn relies on asymmetric cryptography instead of passwords to grant users access to their device or profile. Your device transmits a digital “signature” unique to you, and then WebAuthn verifies your identity — all without ever having to enter a password of any kind. Many tech companies currently use WebAuthn as a second factor, used in conjunction with a password for an added layer of super security, but it seems that the hope is for it to become much more than just an added measure sooner rather than later.

Thanks in part to WebAuthn’s innovation on this front, experts predict over 60% of the world’s largest and most elite companies and 90% of the world’s midsize businesses will have gone passwordless by 2022. That’s less than a year from now, which means that there’s about to be a lot of change happening in the very near future. It explains why Apple is now joining Google and Microsoft in pushing for passwordless devices across the board.

Apple’s Latest Update Brings Them Up to Speed With Google and Microsoft

While Google and Microsoft have already taken steps to become less reliant on passwords with their devices, Apple’s iOS 15 and macOS Monterey are expected to bring the company’s ever-popular phones and computers up to the competition’s level by embracing WebAuthn standards. It’s called Passkeys, and it’s going to remove the need to ever create a password to log into an app or a website.

Explaining the feature further in their latest presentation back in June, Apple engineers said that the new feature only requires a username, then can save your Face ID or Touch ID as a Passkey instead of typing in a password. This is similar to the Keychain feature that allowed users to manage their passwords with a passcode, Face ID, or Touch ID, but it takes it a step further by eliminating the password altogether and relying solely on that Face ID or Touch ID. This is comparable to Microsoft’s Authenticator app and Google’s FIDO2 (or Fast Identity Online).

What’s Next for Passwords?

Even with all this movement toward a passwordless future, it’s hard for some to imagine a future completely devoid of all passwords. The problems with passwords are almost universally known at this point: They’re easy to crack, they’re easy to lose, they’re easy to reuse, and they’re easy to steal. However, they’ve been the standard for decades now — comprehending a future without them is hard, and it’s no doubt going to create some resistance from users who just aren’t willing to embrace.

Still, when has user reluctance ever stopped a company from innovating? With such a united front at this point, it’s improbable that companies would suddenly turn away from the direction of a password-free future just because some are unwilling to go with the flow. Passwords are being phased out by tech companies whether us users are ready for it or not. It’s not going to happen overnight, but in just a few years’ time, it wouldn’t be outlandish to look back on this time in technology’s history and remember being on the brink of a passwordless existence. Think of it this way: If it results in fewer attacks, less stolen information, and increased security across the board, then it’s a change that is no doubt for the best.

The post Are We Moving Toward a Future without Passwords? appeared first on Datarecovery.com.

However, the recent wave of headline-capturing ransomware variants are exceptionally robust. In many instances, victims have no alternative but to pay the ransom. Cracking the encryption can take months — or hundreds of years, in some instances — and by definition, mission-critical systems cannot stay offline for extended lengths of time.

Newspapers often cite the Russian origins of major ransomware attacks, which has led to a misconception that all ransomware comes from Russia-based cybercriminal groups. This isn’t the case; ransomware can (and does) come from everywhere, but the most successful attackers often come from Russian-speaking countries.

Evidence for Russian-Speaking Origins in Recent Cyberattacks

In February 2017, security firm Kaspersky estimated that 75 percent of ransomware comes from Russian-speaking sources. That doesn’t necessarily mean that all of the attackers are Russian-speaking, however: The bad actors who create the ransomware are often separate from the people who carry out the attack. This second group acts as “affiliates,” distributing ransomware and collecting the ransom. There’s not enough hard data to conclude that the actual programmers are more likely to be Russian-speaking than, say, Chinese-speaking.

With that said, many of the most significant ransomware attacks have been traced to Russian speakers (we’ll note here that we’re using the phrase “Russian speaker” rather than “Russia” because determining language is much easier than confirming nationality — and there’s no current evidence to suggest that any nation’s government is actively involved in ransomware distribution, with the notable exception of North Korea’s military hacker groups).

Some newsworthy examples of ransomware attacks with Russian-speaking origins:

• On July 7, 2021, a report from Trustwave SpiderLabs identified a ransomware attack from Russian-speaking hackers REvil that was written to actively avoid systems that have default language settings from the former USSR region.
• DarkSide, the Russian-speaking group that attacked the Colonial Pipeline in May, used ransomware written to avoid computers in Russia and former Soviet satellite countries.
• On May 14, 2021, Ireland’s health service suffered a significant ransomware attack attributed to Wizard Spider, a cybercriminal group believed to be based in St. Petersburg, Russia.

Most cyberattacks don’t make the news — each of the ransomware attacks listed above falls into the “big game hunter” category. These attacks can be remarkably sophisticated. In some cases, the malware sits on a server for months in order to prevent the target from recovering from usable backups. Smaller ransomware attacks use more of a brute force method, targeting hundreds of potential victims. These types of attacks are more likely to be recoverable.

Preventing Ransomware Infection (And Recovering from Ransomware)

We can’t speculate as to why many major attacks come from Russian-speaking countries, but some news outlets believe that Russia’s lax enforcement of cybercrime laws has made the practice quasi-legal. It’s also possible that some malware groups mimic well-known Russian groups to hide their identities more effectively.

Regardless of origin, a ransomware attack can be crippling for a business. While every enterprise should enact a robust program to prevent infection, here are some quick tips for limiting vulnerabilities:

• Limit peripheral access to all backup systems. This includes optical media (CDs/DVDs), external hard drives, and flash drives. Consider installing USB locks to prevent unauthorized peripheral access.
• Keep an air-gapped backup of important data. All mission-critical data should be duplicated and stored off-network. Wherever possible, keep mission-critical backups offsite.
• Educate employees. Many ransomware attacks occur through email. Establish strong protocols to prevent personnel from opening compromised emails (and attachments).
• Isolate systems wherever possible. Limiting access to important IT infrastructure is one of the most effective ways to prevent a successful attack.
• Check backups regularly. Have a disaster recovery plan — run simulation scenarios and determine whether your current practices are robust enough for a real infection.

Finally, if a cyberattack occurs, don’t panic. Shut off all affected systems immediately. Do not attempt to restore from backups if there is any possibility that the backups could be infected in the process.

The safest course of action is to contact an experienced ransomware recovery firm. For a free consultation, call Datarecovery.com at 1-800-237-4200 and ask to speak with a malware expert.

The post Does All Ransomware Come From Russian Cybercriminal Groups? appeared first on Datarecovery.com.

As more and more components of our daily life move from the real world to the internet, the value of security cannot be overstated. Each new innovation we embrace — from Zoom to TikTok to the latest video game system — comes with a username and password that joins the ranks of our dozens of other usernames and passwords, and odds are, each individual login in a person’s deck of passwords probably resembles the others in at least some shape or form. It’s not necessarily a bad thing (if your password is secure, that is) — after all, common variations on the same password is how people remember their login info.

But, if just one of those passwords were to leak, it’s possible that every single one of a person’s passwords could be compromised as a result. Imagine the threat a leak of 8.5 billion passwords would pose. It’s our current reality, and you might not have even heard of it. Hackers called it RockYou2021, and the few who reported on it treated it like a game-changing security threat the likes of which we’ve never seen before. Is this an overreaction? Was RockYou2021 really that bad if none of us even heard about it? Let’s separate the truth from the fiction.

RockYou2021: What Happened?

When news of RockYou2021 first broke at the start of June, 2021, it was immediately dubbed “the largest password leak in the history of the internet,” far surpassing the earlier RockYou leak of 2009 that included over 32 million passwords. Originally, RockYou2021 was said to include 82 billion passwords — in reality, the number is about 1/10th of that: 8.459 billion passwords. To be clear, at over 250 times the size of RockYou2009, this is still a remarkable number of passwords to be leaked.

RockYou2021 was posted as a 100 GB text file on a very popular (unnamed) online forum for hackers. Each of the nearly 8.5 billion passwords is between 6 and 20 characters long, with all white spaces and non-ASCII characters removed from the text. Large collections like these allow for hackers and cybercriminals to do what’s known as “password spraying,” which involves trying a great many number of usernames and passwords in a very short amount of time in order to gain access to an account.

How RockYou2021 Compares to Password Leaks of the Past

Some of the biggest password leaks of the past include the aforementioned RockYou data breach of 2009, the Compilation of Many Breaches (COMB) of February 2021, and Breach Compilation of 2017. Passwords in the billions were leaked in each of these breaches combined, but they all share one thing in common (RockYou2021 included): They’re actually a collection of countless smaller leaks put into one large document.

With this, RockYou2021 is simply an enormous compilation of other leaks, COMB included — this February breach alone accounts for over 3 billion of RockYou2021’s 8.5 billion passwords. This doesn’t make it any less of a potential threat, but it definitely helps bring some context to the sheer size of these leaks: As it turns out, many of these enormous password breaches are simply reusing past information and including it in newly-named leaks in an attempt to fluff them up and make them seem more menacing. It’s all about optics, and a claim like “8.5 billion passwords” is destined to generate buzz, even if nearly half or more of those 8.5 billion have already been leaked in the past.

What the Leak Actually Consists Of

We know that this leak is comprised of many leaks of the past, but what about the other billions of passwords? Where did they come from? As it turns out, after some thorough investigating, the bulk of RockYou2021 is actually just a collection of many different cracking dictionaries. These cracking dictionaries consist of commonly used and easy-to-guess passwords that are used in password spraying attacks. To be clear, these aren’t necessarily passwords tied to anyone specific, but rather passwords that are commonly used by many different accounts.

This means that, ultimately, RockYou2021 is actually nothing new: It’s repackaged leaks of the past and cracking dictionaries under a new name in an attempt to look more threatening than it actually is. These aren’t 8.5 billion passwords taken from individuals by skilled hackers like thieves in the night, but rather a compilation of the work of other hackers and cybercriminals of the past. If it were a movie, it’d be an extended edition re-release chock full of deleted scenes.

How to Keep Your Passwords From Leaking

This isn’t to say that RockYou2021 shouldn’t be taken seriously, especially if one of your simple passwords is included in the text file. Thankfully, your best line of defense is also the simplest one: Change your password so that it’s impenetrable. Cracking dictionaries and the like depend on basic, easy-to-guess passwords like “Summer2021!” or “Password123!” in order for cybercriminals to gain access to any and all accounts they can get their hands on.

If your password is a complex and impossible-to-guess combination of letters, numbers, and symbols — like the passwords provided and stored securely by a password manager — then you probably won’t have to worry about being compromised anytime soon. Your first line of defense against hackers and cybercriminals is also the best line of defense: Change your password often, keep it complex, and store it securely in your preferred password manager.

The post Nearly 8.5 Billion Passwords Were Leaked Online. Here’s Why It Might Not Be as Bad As It Seems appeared first on Datarecovery.com.

A History of Cold Warfare

Cyberwarfare by Russia is nothing new — neither is the concept of a so-called Cold War with the country. From 1947 to 1991, the United States and the Soviet Union (now Russia) engaged in a long-winded series of verbal and geopolitical acts that continually amped up tensions between the two countries for decades. While no large-scale physical violence ever broke out, there was plenty of what’s known as “proxy war”: indirect, long-term action that stokes but never initiates a direct physical war.

The potential looming cyberwar between Russia and the United States bears a striking resemblance to this proxy war that defined the bulk of the 20th century between the two countries. But the breadth is much larger — after all, the U.S. isn’t the only target anymore. Russia has unleashed similar cyber attacks on countries such as France, Germany, Poland, South Korea,  Ukraine, and more.

Why Cyber Attacks?

Given their dependence on this sort of online warfare, it’s worth asking: Why cyber attacks? What is it about them that Russia seems to like so much? Well, the answer seems to be as simple as this: From defending to attacking to exploiting, online warfare allows the Russians to influence behavior and beliefs across the globe. Not to mention, with how much we depend on the internet in our daily lives, these cyber attacks have the potential to impact a wider area more significantly than a physical attack ever could.

Cyber attacks allow for the Russians to hack into all sorts of infrastructures — anything from government agencies to social media sites — and wreak havoc, all without ever having to leave home. Better yet, these attacks can bring in very real money to the Russian government through the implementation of ransomware, which demands a payment in exchange for control of the data returned to the user. Long story short, it’s all about doing the most amount of damage as far away from the location of the attack as possible.

A Timeline of the Most Recent Events

While one could surely trace these most recent Russian cyber attacks on America back to the 1940s (maybe even earlier), we will list a basic timeline of the most recent events below.

2015: Russian hackers virtually infiltrated sensitive and confidential parts of the White House, making for what was called some of “the most sophisticated attacks ever launched against U.S. government systems” at the time. This occurred during the tail end of the Obama administration and resulted in the latter half of his second and final term as president exerting a lot of energy toward fighting back against the Russian cyber attackers.

2016: The United States gained intelligence that suggested Russia was planning to create a nuclear bomb that equalled the kind of fire power the United States had within its own arsenal. This was done in an attempt for Russia to be seen as a sort of equal to the U.S. At the same time, Russia successfully hacked into the email accounts of key figures within the Democratic National Convention, setting the stage for years of questioning about Russian election interference during the Trump administration.

2018: U.S. officials warned that Russia was in the process of releasing malware, phishing attempts, and gaining remote access to various entities within the energy sector. This included dozens of power plants, water processing plants, and aviation facilities in addition to several government facilities.

2019: The United States hit back at Russia, unleashing their own cyber attack on the country’s electrical grid and subsequently escalating talks of an all-out cyberwar.

2020: Russia breached United States Treasury, Commerce, and Energy departments as well as key nuclear research administrations. Russia presumably hoped to gain intel on internal policymaking decisions in an attempt to counter them or pre-empt them altogether.

2021: Russia continues to breach key American institutions, including U.S. electric utilities, oil, gas, and other industrial firms. A U.S. report indicates that these breaches had been occurring since at least 2017, possibly earlier.

How a Potential Cyber War Would Impact Both Countries

It almost goes without saying that a full-scale cyber war would unleash wide-scale destruction and disruption on the most essential industries in both countries. Hits on infrastructure, transportation, revenue, and even things like social media and other internet staples would practically be a guarantee, and the chaos that would ensue as a result of these cyber attacks would far exceed what both countries have seen thus far. In other words, it would not be good, to say the least.

These are government-sponsored attacks by the Russians, which means that those carrying out the attacks are doing so at the request of their government officials and are often rewarded for doing so. If they’re caught, they’re given protection. If they succeed, they (and their country) benefit greatly, financially or otherwise. It’s a group effort, and this is why it’s so dangerous. Only time will tell what the next move is, but if cyber war breaks out, then both countries can expect serious damage to be inflicted on power grids, water and fuel lines, finances, communication, and even emergency services. Let’s hope it never comes to this.

The post Russia Launches Cyber Attacks Against US Infrastructure appeared first on Datarecovery.com.

Phishing

Probably the most common cyber attack in the average person’s life, phishing is the act of sending a deceptive message — whether by phone, by text, by email, or through social media —  disguised as a message from a trusted source. The goal is to get you to click a link or download a file that then wreaks havoc on your device in search of any sort of personal or financial information left out in the open.

Distributed Denial-of-Service (DDoS) Attacks

Just as there are many different kinds of phishing, DDoS attacks come in all sorts of shapes and sizes. The ping of death, botnets, smurf attacks, teardrop attacks… The list goes on and on, but the end goal of these DDoS attacks is always the same: to overwhelm a business’s web servers with requests in an attempt to keep users from connecting to the business’s website, leading to unexpected downtime and potentially even loss of user data and financial info.

Malware

Similar to phishing and DDoS attacks, malware is one word that encompasses many different types of attacks. As a portmanteau for malicious software, any kind of attack that sets out to leave behind a dastardly program with the intent to steal or damage your data can be called malware. Variations include spyware, which spies on your devices, ransomware, which demands a payment from you in order to go away, and adware, which clutters the device’s interface with unwanted advertisements.

Cryptojacking

As cryptocurrency continues to boom, it’s no surprise that cybercriminals and hackers would want to create a way to take advantage of this popularity — especially since crypto is a currency that exists solely on the internet. Thus enters cryptojacking, the phrase used to describe a cyber attack that uses someone else’s computer to mine cryptocurrency, either through a malicious link or an infected website of some sort.

Man-in-the-Middle (MitM) Attacks

Who doesn’t love a good, free, public Wi-Fi network? While this is a major convenience in today’s day and age and a great way for a business to provide for their customers, it also comes at a potential cost: cybercriminals love to take advantage of these weaker networks to steal your data. They do this through what’s known as Man-in-the-Middle (MitM) attacks, where the cybercriminal inserts themselves between the user and the network to spy on and steal info.

Session Hijacking

A stolen cookie is never a good thing, especially when dealing with computers and not baked goods. Session hijacking is a cyber attack that involves a hacker taking advantage of an otherwise safe computer session to steal info. While it might sound similar to Man-in-the-Middle attacks, session hijacking differs from MitM in its execution: session hijacking occurs when an HTTP cookie — a.k.a. the small piece of data a web browser stores on a device to remember the user’s info and activity — is stolen and then exploited.

Password Attacks

Easily as prevalent as phishing attacks, password attacks are simply when a cybercriminal attempts to steal passwords. This can happen en masse, like when a social media site or email server has a slew of login credentials stolen, or it can happen on a micro level, when a cybercriminal homes in on one individual in particular. The prevalence of these really emphasizes the importance of choosing unique, complex passwords — the more random the better.

Spoofing

While phishing aims to convince you to click a link or download a file under the guise of a trusted source, spoofing attacks takes this a step further by actually co-opting a trusted IP address, phone number, or other contact info to further convince you of its faux legitimacy. This can come in the form of a phone number already in your contacts, an email address you communicate with frequently, or even a website you visit often.

Drive-By Attacks

A big obstacle cybercriminals face when plotting their cyber attacks is conspicuousness. Often, if you’re educated on the most common types of cyber attacks, you can’t be fooled by their most obvious attempts. That’s where drive-by attacks come in: These attacks attach themselves to other programs or websites and leave malicious software on your device without you even having to intentionally click or download anything.

Zero-Day Exploits

There are few things more exciting than a new operating system update for your computer, phone, or tablet. Many of us download these new updates as soon as they become available so that we can enjoy the new and updated features they provide. However, there are cybercriminals who make it their mission to exploit any security flaws in the new operating systems and unleash a widespread attack on anyone who downloaded the update. The goal is to attack as many people as possible before the developer can close the dangerous security loophole.

The post 10 Most Common Types of Cyber Attacks appeared first on Datarecovery.com.

What is the Internet of Things?

Before we delve into the ways in which the IoT has affected network security, let’s first look at the meaning of the Internet of Things, and how it has changed the workplace in general. First of all, the Internet of Things is an umbrella term used to describe the massive network of “things” that are connected to the internet. In particular, the IoT refers to items that are connected and communicate with one another with the help of the internet. These devices range from everything from sensors to wearables, computers, tablets, smartphones, and much more. Ultimately, the IoT has created a much more connected world that allows various products and devices to communicate and collaborate, spanning an array of networking types.

How has it Changed the Workplace?

Now that we have a better understanding of the IoT, let’s look at some of the ways it has transformed the workplace, in general.

• Manufacturing Tracking: The Internet of Things uses things such as smart sensors, that allow companies to track and uncover any issues that unfold during the manufacturing process. Particularly, if a certain part of a machine begins to malfunction, these censors notify you so that you can quickly repair it before it causes a major issue.
• Supply Chain Improvement: Additionally, the Internet of Things has helped improve the supply chain. Using things such as smart tags and sensors, businesses are able to track and maintain full control of their inventory.
• Cybersecurity: Although the widespread use of the IoT has created computer security concerns, it has also made it possible for companies to create a more stable network.
• Remote Working: Additionally, given that essentially all remote work involves the use and connection of various devices via the internet, the IoT is one of the main things that is enabling the business sector to continue to thrive during these uncertain times.

How the IoT is Affecting Network Security in the Workplace

As mentioned, although the Internet of Things can help improve cybersecurity, paradoxically, its mere existence causes an increase in computer security threats in general. Either way, the IoT is affecting network security in the following ways:

• Greater Cybersecurity Efforts: Additionally, the IoT has caused companies to upgrade their cybersecurity efforts. Its widespread use requires all connected companies to boost and upgrade their cybersecurity so it is sufficient enough to secure the use of this complex, massive network.
• Data Democratization: One of the top ways that cybersecurity is affecting the workplace is with data democratization. In other words, the use of the IoT has made it possible for data to be more widely shared in a much shorter period of time. This leaves networks of all kinds open to vulnerabilities such as hacks, ransomware, and much more. Therefore, companies must create new risk management strategies, integrate new tools for network security evaluation, and more.
• Data Power Struggles: Additionally, given that the IoT has enabled companies to track various devices in real-time, this has created some concerns and even a power struggle between companies and consumers. Although the data can obviously be useful for businesses, consumers have expressed privacy concerns, as well as a general argument over who should be able to access this information and why.
• New Standards on the Horizon: Lastly, given that the Internet of Things creates a massive network of interconnected devices in which any company can be breached at any time. In the absence of global cybersecurity standards, businesses must cooperate in order to keep their networks as safe as possible. However, the only way to secure the IoT for the long-term is to create global cybersecurity standards that are mandatory for all parties involved.

Overall, the Internet of Things has created both issues and opportunities in terms of network security in the workplace. Although the future of the workplace is very much dependent on the IoT, its mere existence will require the world to reimagine how cybersecurity is handled.

Sources:

https://readwrite.com/2019/03/05/iot-and-the-transformation-of-the-modern-workplace/

https://wire19.com/7-ways-iot-technology-can-improve-your-workplace/

https://www.wired.co.uk/article/internet-of-things-what-is-explained-iot

https://hbr.org/2013/06/cyber-security-in-the-internet

https://www2.deloitte.com/us/en/pages/technology-media-and-telecommunications/articles/cyber-risk-in-an-internet-of-things-world-emerging-trends.html

The post What is the Internet of Things and Why You Should be Concerned. appeared first on Datarecovery.com.