Security Applications

 Global Risks Ranked Not listed are water security, Food security, and Energy Security. World Economic Forum - Global Risks Report 2023 These are just the top 10 risks. Surprisingly: "use of weapons of mass destruction" is number 28. Here's the full list: World Economic Forum - Global Risk Report 2023 But with increased cybercrime, we are likely to see increased disruption in critical technology systems, which may affect food and water supplies, transport, financial systems, space, military, and communication systems.

  Cybercrime Is Becoming an Increasingly Larger Threat Every Day The FBI’s Internet Crime Complaint Center (IC3) releases annual reports on cybercrime. The latest report shows that from 2017–2021, the number of Americans who filed a cybercrime complaint rose by 181%, and total losses increased by 393% during the same period. IC3 Complaint Statistics Source:  https://www.hsdl.org/c/2021-internet-crime-report/ It is not just Americans that are seeing a rise in cybercrime—it’s businesses with global operations too.

 IS your network secure? Did you know 1 in 10 business leaders don't know if they've got the right security people and skills in place? Now that's shocking. World Economic Forum - 2023 Global Security Outlook Report The gap between business and security is starting to close thanks to better communication. It's just in time, especially with the cyber landscape getting increasingly more complex. But recruitment and retention is still a major issue. In fact — 64% of cyber leaders ranked talent recruitment and retention as a key challenge for managing cyber resilience.

 CISSP https://app.cybrary.it/login Cyber Videos

 Zero-Day Exploit  It’s hardly surprising that the number of zero-day flaws continues on an upward trajectory. But 2021 blew all other years out of the water as malicious actors exploited a total of 58 new zero-day threats, compared to 25 flaws in 2020 and 21 vulnerabilities in 2019. And no doubt the stakes are getting higher as critical systems become more connected. In recent years, hackers have used zero-day attack threats to compromise Microsoft servers and install advanced spyware on smartphones for espionage activities targeting journalists, politicians, and human rights activists. In August 2021, for example, a zero-day vulnerability known as “PwnedPiper” was found in the pneumatic tube systems used by hospitals to transport bloodwork, test samples, and medications, which allowed attackers to exploit flaws in the control panel software while opening the door for unauthorized and unencrypted firmware updates. What you need to know: A zero-day vulnerability, at its core, is a flaw

 Wire Attack  While the SWIFT network has experienced fewer attacks since its infamous 2016 bank heist, cybercriminals are readily using wire transfers in new and creative ways to launch malicious, if not lucrative and creative cyber assaults. In one high-profile example in 2018, Frank Krasovec, an owner of Domino’s Pizza franchises in China, lost $450,000 when a fraudster intercepted his email and convinced his assistant to wire money to Hong Kong on two occasions. More recently in 2020, attackers targeted a bank manager in Hong Kong with a call that impersonated the voice of a director he knew via AI voice cloning technology. The cybercriminal impersonating the executive claimed his company was making an acquisition and requested that $35 million in funds be wired electronically to another account. Usually initiated with a phishing attack or malware, wire transfer attacks provide the vehicle for transferring copious sums of money quickly. What you need to know: Wire attacks are sophi

 Web Session Cookie Theft  Almost every web application we use, from social media and streaming platforms to cloud services and financial applications, runs on authentication cookies. Though cookies make our experience on the web much more convenient, they also create a vulnerability that can be abused to great effect. In late 2019, a group of loosely connected hackers made a name for themselves by executing cookie theft malware to hijack various YouTube channels, then luring unsuspecting owners with bogus offers to broadcast cryptocurrency scams or sell the accounts to the highest bidder. What you need to know: When an attacker successfully steals a session cookie, they can perform any actions the original user is authorized to take. A danger for organizations is that cookies can be used to identify authenticated users in single sign-on systems, potentially giving the attacker access to all of the web applications the victim can use, like financial systems, customer records or line-of

 Watering Hole Attack  In what became a classic watering hole attack, a Florida water, and wastewater treatment facility contractor inadvertently hosted malicious code on its website, leading to the reported Oldsmar water plant hack in 2021. The cybercriminals behind the attack seemed to have a distinct audience in mind — the malicious code found on the contractor’s site also appeared to target other Florida water utilities, and perhaps not surprisingly, was visited by a browser sourced to the city of Oldsmar on the same day of the hack. While the website didn’t launch exploit code, it instead injected malware that functioned as a browser enumeration and fingerprinting script designed to glean information from site visitors, including operating system, browser type, time zone, and presence of camera and microphone, which it then sent to a remote database hosted on a Heroku app site that also stored the script. What you need to know: Like a literal watering hole, a watering hole attack

 Typosquatting  Noblox.js is a wrapper for the Roblox API, a function widely used by many gamers to automate interactions with the popular Roblox gaming platform. The software also appears to be attracting a new crowd. In 2021, hackers launched typosquatting attacks via the noblox.js package by uploading confusingly similar packages laden with ransomware to a registry for open-source JavaScript libraries and then distributing the infected files via a chat service. However, since September of 2021, gamer Josh Muir along with several others has actively been cracking down on the attackers, attempting to prevent the proliferation of ransomware through the noblox.js package and other code libraries, and thwart further attacks on the gaming community. What you need to know: Typosquatting is a phishing attack where attackers take advantage of commonly misspelled domain names. Often times, the guilty party isn’t actually looking to carry out an attack, but instead is holding out hope that a c

 System Misconfiguration  A little mistake can have drastic consequences. Nissan North America found that out after the source code of mobile apps and internal tools was leaked online due to a system misconfiguration. The mishap was sourced to a Git server that was left exposed on the internet with a default username and password combo of an admin, who thus learned of the leak from an anonymous source. Among other things, the leak contained source code data from Nissan NA Mobile apps, client acquisition and retention tools, market research tools and data, the vehicle logistics portal, and vehicle-connected services. What you need to know: Security misconfiguration is a widespread problem that can put organizations at risk thanks to incorrectly configured security controls (or lack thereof). This can happen at almost any level of the IT and security stack, ranging from the company’s wireless network to web and server applications, to custom code. 

 Suspicious Zoom Child Processes  Video-conferencing giant Zoom has emerged as the top enterprise video communications platform over the last several years. Its usage has increased dramatically with an upsurge of remote workers, attributed largely to shelter-in-place mandates following the COVID-19 pandemic. However, as Zoom’s popularity soared, flaws in both Windows and macOS systems have correspondingly received increased scrutiny by bad actors, who have increasingly relied on this attack vector to gain unauthorized access and escalate privileges onto targeted systems — including exploiting a local library validation function in Zoom to completely hijack an unsuspecting user’s webcam and microphone. Plausible attack scenarios could mean that attackers use their ill-gotten privileges to spy on targeted users, either in their personal lives or during important meetings where sensitive information is being shared. What you need to know: Essentially, these local privilege escalation flaw

 Suspicious Okta Activity  Okta is often the gateway to enterprise applications and accounts — a fact not lost on hackers. If exploited, the SSO flaw allows hackers to abuse credentials of existing accounts for unauthorized access, persistence, privilege escalation and defense evasion. Once credentials are compromised, attackers can then bypass access controls to gain entrance to VPNs, Outlook Web Access and remote desktop. Adversaries can also use compromised credentials to elevate their privileges to certain systems or gain entry to restricted areas of the network, while also using malware to steal information and/or obfuscate their presence. In one attack scenario, hackers can take over inactive accounts of employees who have left the organization and use their credentials to gain access to critical systems for data and identify theft activities. What you need to know: Okta is the leading single sign on provider, allowing users to authenticate once to Okta, and from there access a v

 Suspicious Cloud Storage Activities  According to the 2022 Verizon Data Breach Investigations Report (DBIR), a staggering 82% of breaches involve a “human element,” with “miscellaneous errors” on the rise due to misconfigured cloud storage. The Sensitive Data in the Cloud report also found that the majority of security and IT professionals (67%) are storing sensitive data in public cloud environments, with a third of respondents saying that they weren’t confident — or only slightly confident — about their ability to protect sensitive data in the cloud. This type of technical and professional oversight — whether it involves a misconfigured database or security teams lacking the necessary know-how — is exactly why cloud accounts have become a prime target in this era of remote work. What you need to know: Now that data is widely (and all too often, haphazardly) dispersed across the cloud, attackers have ample opportunity to find and exploit both known and unknown vulnerabilities. This i

 Suspicious Cloud Authentication Activities  Now more than ever, identity access management (IAM) has become a critical part of cloud security. In 2022 alone, 84% of organizations fell victim to identity-related breaches, with 96% reporting that the breach could have been avoided or minimized by implementing identity-centric security. Without the correct technologies and policies in place (e.g. zero trust and vendor management), identifying anomalous behavior via authentication and authorization can be incredibly tricky. As a result, these attacks often go undetected, as the authentication performed by a bad actor can look the same as a legitimate user, depending on how expansive the IAM framework in place is (let alone if it even exists). What you need to know: Organizations need to move away from network security in order to better protect and authenticate user identities. Up until recently, however, this was much easier said than done. Certain technologies simply lacked the necessar

 Supply Chain Attack  The SolarWinds attacks, which some experts have called the worst series of cybersecurity attacks in history, are a prime example of the damage a supply chain attack can inflict. In 2020, sophisticated attackers believed to have been directed by the Russian intelligence service, compromised SolarWinds software. They embedded it with malware that was then deployed through a product update, giving them backdoor access to all of SolarWinds Orion Platform customers’ networks. Up to 18,000 customers installed updates that left them vulnerable to hackers, including Fortune 500 companies and multiple agencies in the U.S. government. As Tim Brown, vice president of security at SolarWinds, said recently, “it’s really your worst nightmare.” What you need to know: A supply chain attack is a powerful cyberattack that can breach even the most sophisticated security defenses through legitimate thirdparty vendors. Because vendors need access to sensitive data in order to integrat

 SQL Injection  Structured Query Language, or SQL (sometimes pronounced “sequel”), is the standard programming language used to communicate with relational databases — systems that support every data-driven website and application on the internet. An attacker can take advantage of this (very common) system by entering a specific SQL query into the form (injecting it into the database), at which point the hacker can access the database, network and servers. And SQL injection attacks continue to be a popular attack method. As recently as August of 2020, the Freepik Company disclosed a data breach impacting the logins of more than eight million users resulting from an SQL injection in a global database of customizable icons, which allowed the hackers to access and ultimately steal user login and personal information. What you need to know: SQL injection is a type of injection attack used to manipulate or destroy databases using malicious SQL statements. SQL statements control the database

 Spyware  It’s no secret that spyware attacks continue to occur with alarming frequency. But if you’re a high-profile figure, you’re likely a bigger target. In May of 2021, officials announced that bad actors had targeted the cellphones of Spanish Prime Minister Pedro Sánchez and Defense Minister Margarita Robles in several attacks using the Pegasus spyware, resulting in significant data theft from both devices while wreaking havoc on Spain’s administrators and government systems. What you need to know: Spyware is a type of malware that aims to gather personal or organizational data, track or sell a victim’s web activity (e.g., searches, history and downloads), capture bank account information and even steal a target’s identity. Multiple types of spyware exist, and each one employs a unique tactic to track the victim. Ultimately, spyware can take over a device, exfiltrating data or sending personal information to another unknown entity without prior knowledge or consent.

 Social Engineering Attack  The 2002 film “Catch Me If You Can” tells the true story of (perhaps) one of the most accomplished practitioners of social engineering of all time. In the film, Leonardo DiCaprio portrayed a man named Frank W. Abagnale, Jr., who executed various high-profile cons, committed bank fraud and masqueraded in a variety of personas, including as a physician and pilot. Abagnale’s success depended on his ability to convince his victims that his forgeries, whether they were checks, diplomas or identities, were genuine. Abagnale was an active con man in the ‘60s and ‘70s, but the practice of social engineering has continued to develop and remains a powerful tool for hackers and fraudsters to gain access to closed systems around the world. What you need to know: Social engineering is the term used for a broad range of malicious activities accomplished through psychological manipulation to trick users into making security mistakes or giving away sensitive information. Wh

 Simjacking  On August 30, 2019, Twitter CEO Jack Dorsey’s 4.2 million followers were subjected to a stream of deeply offensive messages, courtesy of a group of hackers called the “Chuckling Squad.” The group used simjacking to gain control of Dorsey’s phone number, then used a text-to-tweet service acquired by Twitter to post the messages. Despite the messages being visible online for fewer than ten minutes, millions of people were exposed to the offensive tweets. What you need to know: SIMjacking (also known as a SIM swap scam, port-out scam, SIM splitting and SIM swapping) is a type of account takeover that generally targets a weakness in two-factor authentication and two-step verification in which the second factor is a text message (SMS) or call placed to a mobile telephone. Simply put, simjacking is when an attacker impersonates a target to a cellular provider in order to steal their cell phone number by having it transferred to a different SIM card (which is already in the hacke

 Shadow IT  As software-as-a-service applications have become increasingly quick and easy to use, employees can now download solutions onto their workstations to help them get the job done. However, many are using these applications with little regard for security. It’s not surprising then that a 2019 Forbes Insights survey titled “Perception Gaps in Cyber Resilience: Where Are Your Blind Spots?” found that more than one in five organizations experienced a cyber incident originating from an unauthorized — or “shadow” — IT resource. What you need to know: Shadow IT refers to IT applications and infrastructure that employees use without the knowledge and/or consent of their organization’s IT department. These can include hardware, software, web services, cloud applications and other programs. In general, well-intentioned employees innocently download and use these applications to make their work easier or more efficient. It’s a phenomenon so pervasive that Gartner had estimated that a th

 Router and Infrastructure Security  Cisco was the victim of a router and infrastructure attack in which a router “implant,” dubbed SYNful Knock, was reportedly found in 14 routers in four different countries. SYNful Knock is a type of persistent malware that allows an attacker to gain control of an affected device and compromise its integrity with a modified Cisco IOS software image. Mandiant describes it as having different modules enabled via the HTTP protocol and triggered by crafted TCP packets sent to the device What you need to know: Router implants have been rare, and are largely believed to be theoretical in nature and use. However, recent vendor advisories indicate that these have been seen in the wild. The initial infection vector does not appear to leverage a zero-day vulnerability. It is believed that the credentials are either default or discovered by the attacker in order to install the backdoor. However, the router’s position in the network makes it an ideal target for

 Ransomwareas-a-Service  Ransomware-as-a-Service (RaaS) is created for extortion over stolen or encrypted data, known as ransomware. The author of the ransomware makes the software available to customers called affiliates, who use the software to hold people’s data hostage with little technical skill. WannaCry had one of the largest RaaS attack vectors to date, with upwards of 400,000 computers infected across 150 countries. WannaCry infiltrated networks using the EternalBlue vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol. A cyberattack exploits originally developed by the U.S. National Security Agency (NSA), they did not alert Microsoft about the vulnerabilities and held on to it for more than five years before the breach forced the agency to come clean about the issue. What you need to know: RaaS is a business model between ransomware operators and affiliates in which affiliates pay to launch ransomware attacks developed by operators. RaaS kits

 Ransomware  According to cybersecurity company Emsisoft, ransomware attacks affected at least 948 government agencies, educational establishments and healthcare providers in the United States in 2019, at a potential cost exceeding $7.5 billion. In the medical sector, the potential effects of these kinds of attacks include patients being redirected to other hospitals, medical records being made inaccessible (or permanently lost) and emergency dispatch centers relying on printed maps and paper logs to keep track of emergency responders in the field. In government, local 911 services can be disrupted. And according to Manhattan D.A. Cyrus Vance Jr., the effect of ransomware could be as devastating and costly as a natural disaster like Hurricane Sandy. What you need to know: Ransomware is an attack where an infected host encrypts a victim’s data, holding it hostage until they pay the attacker a fee. Recent ransomware attacks have demonstrated that hackers have begun threatening to leak or

 Privileged User Compromise  In early 2022, the criminal hacking group Lapsus$, allegedly run by a teenager from Oxford, England, boasted publically that it had successfully hacked Okta, a single sign-on provider used by thousands of organizations and governments worldwide. Lapsus$ gained access to a “super user” administrative account for Okta via a third-party support engineer and had access to the employee’s laptop for five days, including privileged access to some Okta systems. The cybercrime group posted about the attack on its Telegram channel, even going so far as to post screenshots showing it was inside Okta’s systems. But it wasn’t after Okta, exactly — the real targets were Okta’s thousands of customers. A week later, the hacking group added 15,000 followers to their Telegram channel, raising fears that more attacks are imminent. What you need to know: It’s widely accepted that many serious data breaches can be traced back to the abuse of privileged credentials. These are ac

 Whale Phishing (Whaling)  Why go after little phish when you can phish a whale? In 2020, Australian hedge fund Levitas Capital found that out the hard way when attackers launched a stealthy whaling attack aimed directly at one of the founders. The bad actors gained entry to the hedge fund’s network after sending the executive a fake Zoom link that installed malware once it was clicked. The malicious code allowed the attackers to infiltrate the targeted email account and subsequently create bogus invoices to the fund’s trustee and third-party administrator, which initiated and approved cash transfer requests resulting in $8.7 million in theft. The bogus invoices also included a request for a $1.2 million payment to suspicious private equity firm Unique Star Trading. The losses were so damaging and extensive that the firm was eventually forced to permanently close. What you need to know: Whaling is when hackers go after one single, high-value target, such as a CEO. The target is always

 Spear Phishing  These days spear phishers are not only targeting bigger fish, they’re taking a page from the book of romance scams, luring victims with attractive fake profiles to get them to download malware onto their computers. In 2021, researchers identified a years-long social engineering and targeted malware attack sourced to the renowned Iranian-state-aligned threat actor TA456. Using a fake social media profile “Marcella Flores,” TA456 built a romantic relationship with an employee of a small aerospace defense contractor subsidiary. The attacker cashed in a few months later by sending out a large malware file via an ongoing corporate email communication chain with the aim of conducting reconnaissance. Once the malware, dubbed LEMPO, infiltrated the machine, it exfiltrated data and sent highly sensitive information back to the attacker, while obfuscating its whereabouts to evade detection. What you need to know: A subset of phishing, spear phishing occurs when cybercriminals s

 Phishing Payloads  One of the biggest cybercrimes ever — with the highest number of defendants charged for the same crime — was what the FBI called Operation Phish Phry. The attack sparked a multinational phishing investigation after targeting hundreds of bank and credit card customers, all of whom received emails with links to fake, but authentic-looking, financial websites. On the site, targets were asked to enter their account numbers and passwords into fraudulent forms. What you need to know: Despite its simplicity, phishing remains the most pervasive and dangerous cyberthreat. In fact, research shows that as many as 91% of all successful attacks are initiated via a phishing email. These emails use fraudulent domains, email scraping techniques, familiar contact names inserted as senders, and other tactics to lure targets into clicking a malicious link, opening an attachment with a nefarious payload, or entering sensitive personal information that perpetrators may intercept. The “p

 Phishing  When it comes to phishing attacks, there are a few that stand out above the rest — like the now-infamous attack on Sony’s network. Hackers executed the attack by sending phishing emails requesting verification for Apple IDs to system engineers, network administrators and other unsuspecting employees with system credentials. The attackers absconded with gigabytes worth of files, which included emails, financial reports, and digital copies of recently released films. On top of that, the malicious actors then infused Sony’s workstation computers with malware that erased the machines’ hard drives. A few weeks later, the FBI formally pointed to the North Korean government as the mastermind behind the attack What you need to know: A phishing attack tricks everyday consumers, users, or employees into clicking on a malicious link, often driving them to a bogus site to provide personally identifiable information such as banking account numbers, credit card information or passwords, d

 Pass the Hash  The infamous breach of over 40 million Target customer accounts was successful partly due to the well-known attack technique called pass the hash (PtH). The hackers used PtH to gain access to an NT hash token that would allow them to log-in to the Active Directory administrator’s account without the plaintext password — thereby giving them the necessary privileges to create a new domain admin account, later adding it to the Domain Admins group. This root in the system gave them the opportunity to steal personal information and payment card details from Target’s customers. What you need to know: Pass the hash allows an attacker to authenticate a user’s password with the underlying NTLM or LanMan hash instead of the associated plaintext password. Once the hacker has a valid username along with their password’s hash values, they can get into the user’s account without issue, and perform actions on local or remote systems. Essentially, hashes replace the original passwords

 Open Redirection  In 2022, yet another phishing campaign targeting Facebook users was discovered to have netted hundreds of millions of credentials. The technique used was a common one: A link is sent via DM from a compromised Facebook account, then that link performs a series of redirects, often through malvertising pages to rack up views and clicks (and revenue for the attacker), ultimately landing on a fake page. Though the technique of host redirection, also known as open redirect, isn’t new, the sheer scale of this campaign is remarkable. Researchers found that just one phishing landing page out of around 400 had 2.7 million visitors in 2021, and 8.5 by June of 2022. In an interview with researchers, the attacker boasted of making $150 for every thousand visits from U.S. Facebook users, which would put the bad actor’s total earnings at $59 million. What you need to know: Host redirection attacks are very common and increasingly subversive, as hackers become more creative about ho

 Network Sniffing  Smart locks are a new type of device intended to protect your home and make it easier to enter with the click (or, more appropriately, tap) of a button. But taking a more futuristic approach to fortifying your house can have serious consequences, security researchers have found. One smart lock, not-soaptly marketed as the “smartest lock ever,” could be intercepted via network traffic between the mobile app and the lock itself. Scarier yet, this can be done through inexpensive, readily available network-sniffing devices. What you need to know: Network sniffing, also known as packet sniffing, is the real-time capturing, monitoring and analysis of data flowing within a network. Whether it’s via hardware, software or a combination of both, bad actors use sniffing tools to eavesdrop on unencrypted data from network packets, such as credentials, emails, passwords, messages and other sensitive information.

 Meltdown and Spectre Attack  Most cybersecurity attacks exploit a vulnerability, such as a coding mistake or bad design. But not all attacks are created equal. In 2018, two Google researchers discovered a new type of attack that affected all computer chip makers and potentially exposed billions to the meltdown and spectre attack. What you need to know: The meltdown and spectre attack exploits vulnerabilities in computer processors. These vulnerabilities allow attackers to steal almost any data that is being processed on the computer. This is an attack that strikes at the core of computer security, which relies on the isolation of memory to protect a user’s information. A “meltdown” refers to the breakdown of any protective barrier between an operating system and a program, while “spectre” indicates the breakdown between two applications that keep information from each other.

 Masquerade Attack   Many of us still remember when Target experienced a massive credit card breach affecting over forty million customer accounts. The states’ investigation into the breach revealed that attackers stole the credentials of Target’s HVAC contractor, Fazio Mechanical Services. After using the third-party vendor’s details to get into Target’s internal web application, they installed malware on the system and captured names, phone numbers, payment card numbers, credit card verification codes and other highly sensitive information. What you need to know: A masquerade attack happens when a bad actor uses a forged or legitimate (but stolen) identity to gain unauthorized access to someone’s machine or an organization’s network via legitimate access identification. Depending on the level of access the permissions provide, masquerade attacks could give attackers access to an entire network.

 Man-inthe-Middle Attack  In early 2022, Microsoft discovered a phishing campaign targeting Office365 users. The attackers spoofed a phony 365 login page, gathering credentials for later abuse and misuse. To do this, the attackers used a Evilginx2 phishing kit — a man-in-themiddle (MITM) attack framework used for phishing login credentials along with session cookies, allowing bad actors to bypass two-factor authentication — in order to hijack the authentication process. Microsoft added in its blog post, “Note that this is not a vulnerability in MFA; since AiTM phishing steals the session cookie, the attacker gets authenticated to a session on the user’s behalf, regardless of the sign-in method the latter uses.” What you need to know: The MITM attack, also known as adversary-inthe-middle (AiTM), sets up a proxy server that intercepts the victim’s log-in session, so that the malicious actor can act as a relay between the two parties or systems — thereby gaining access to and/or pilfering

 Malicious PowerShell  Attack sequences that exploit the ever-popular PowerShell are broadly attractive to top cybercriminals and cyberespionage groups because they make it easy to propagate viruses across a network. Notorious bad actors such as APT29 (aka Cozy Bear) use PowerShell scripts to gather critical intelligence to inform even more sophisticated cyberattacks. In 2020, the notorious threat group APT35 (aka “Charming Kitten”) abused Powershell in a ransomware attack on a charity organization and to harvest and exfiltrate data from a U.S. local government. What you need to know: PowerShell is a command-line and scripting tool developed by Microsoft and built on .NET (pronounced “dot net”), that allows administrators and users to change system settings as well as to automate tasks. The command-line interface (CLI) offers a range of tools and flexibility, making it a popular shell and scripting language. Bad actors have also recognized the perks of PowerShell — namely, how to opera

 Macro Viruses  One of the most infamous virus incidents of all time, the Melissa virus of the late ‘90s, was none other than a macro virus. A Melissa-infected PC would hijack the user’s Microsoft Outlook email system and send virus-laden messages to the first 50 addresses in their mailing lists. The virus propagated at an incredible speed, and caused astounding damage worldwide: an estimated $80 million for cleaning and repairing affected systems and networks. Though the heyday of the macro virus may have passed, these attacks continue, and they’re not just targeting Microsoft Windows anymore: recent attacks have targeted Mac users as well What you need to know: A macro virus is a computer virus written in the same macro language that is used for software applications. Some applications, like Microsoft Office, Excel and PowerPoint allow macro programs to be embedded in documents such that the macros are run automatically when the document is opened, and this provides a distinct mechan

IoMT Threats  The prevalence and complexity of attacks on healthcare organizations — as well as the risk to patient confidentiality and safety — means providers are coming under fire when it comes to medical device security. Due to attacks such as the WannaCry ransomware attack, lawmakers have outlined the severity of cybersecurity issues plaguing legacy software and equipment. The FDA has also issued updated guidance for device manufacturers, but companies aren’t required to follow these guidelines since they’re not legal mandates  What you need to know: The Internet of Medical Things (IoMT) has transformed healthcare as we know it, especially in the era of COVID-19. Leveraging IoMT has the power to unleash countless opportunities in diagnosing, treating and managing a patient’s health and wellness, and holds the key to lowering cost while improving quality of care. But as the number of connected devices invariably grows, so does the cybersecurity risk. As of 2020, more than 25% of cy

 IoT Threats  After a data leak exposed the personal information of over 3,000 users of Ring, a home security provider owned by Amazon, hackers took advantage of the leak and hijacked video doorbells and smart cameras in people’s homes. In a 2020 class action lawsuit, dozens of people say they were subjected to harassment, threats and blackmail through their Ring devices. Researchers say these documented attacks are just the tip of the iceberg, since Ring sold more than 1.4 million video doorbells in 2020 alone. Ring has since introduced end-to-end video encryption to help protect against future hacks, but with the increasing ubiquity of IoT devices, this won’t be the last of these kinds of attacks. What you need to know: There are an estimated 13.1 billion connected IoT devices globally — a number that is projected to increase to 30 billion by 2030. These devices often lack security infrastructure, creating glaring vulnerabilities in the network that exponentially grow the attack surf

 Insider Threat Revenge.  It’s a tale as old as time. In 2022, an IT specialist was charged for allegedly hacking the server of a Chicago healthcare organization. He’d had access to the server because he’d been a contractor, and he had a motive. He’d been denied a job at the organization, and a few months later, he was fired by the contracting IT firm. This act of individual retaliation resulted in a cyberattack that dramatically disrupted medical examinations, treatments, and diagnoses for many patients. What you need to know: An insider threat attack is a malicious assault carried out by insiders with authorized access to an organization’s computer system, network, and resources. In this assault, attackers often aim to steal classified, proprietary or otherwise sensitive information and assets, either for personal gain or to provide information to competitors. They might also try to sabotage your organization with system disruptions that mean loss of productivity, profitability, and

 Drive-by Download Attack  In January 2020, visitors to the legendary zine and blog site Boing Boing saw a fake Google Play Protect overlay prompting them to download what was actually a malicious APK that installed a banking Trojan on Android devices. For Windows users, it appeared as a (fake) Adobe Flash installation page that distributed other malicious programs. Boing Boing’s content management system had been hacked. Even if the visitor didn’t take the bait, the drive-by downloads were automatically initiated by JavaScript embedded into the page. While Boing Boing was able to detect the attack and remove the script relatively quickly, given the site’s five million unique users — former President Barack Obama among them — the impact could have been disastrous. What you need to know: A drive-by download refers to the unintentional download of malicious code onto a computer or mobile device that exposes users to different types of threats. Cybercriminals use drive-by downloads to ste

 DoS Attack  Almost two decades ago, a 16-year-old hacker known as Mafiaboy launched one of the most famous denial-of-service (DoS) attacks that took several major sites offline, including CNN, eBay, Amazon and Yahoo. According to reports, Mafiaboy broke into dozens of networks to install malware designed to flood targets with attack traffic. Because many sites were underprepared for such an assault, the attack lasted about a week as the targeted organizations struggled to figure out what happened and how to get back online. Mafiaboy was eventually arrested and sentenced to juvenile detention. Twenty years later, DoS attacks (many of which are DDoS) continue to be on the rise and are some of the most common attacks faced by organizations, targeting around a third of all businesses. What you need to know: A DoS attack is where cyberattackers make a machine or network inaccessible for its intended users. DoS attacks can be executed by either flooding networks with traffic or by sending i

 DNS Tunneling  A hacker group known as OilRig has made regular attacks on various governments and businesses in the Middle East using a variety of tools and methods over the past several years. An essential element of its efforts to disrupt daily operations and exfiltrate data is maintaining a connection between its command-and-control server and the system it’s attacking using DNS tunneling. What you need to know: The traffic passing through DNS often goes unmonitored, since it’s not designed for data transfer, leaving it vulnerable to several kinds of attacks, including DNS tunneling, which happens when an attacker encodes malicious data into a DNS query: a complex string of characters at the front of a URL. There are valid uses for DNS tunneling — anti-virus software providers use it to send updated malware profiles to customers in the background, for example. Because of the possibility of legitimate use, it’s important for organizations to monitor their DNS traffic thoroughly, all

  DNS Hijacking  On a Thursday morning in 2017, WikiLeaks readers woke up expecting to find the latest state secret released on the whistleblowing website, only to discover a message from a hacker collective called OurMine announcing that they were in control of the domain. Wikileaks founder Julian Assange quickly took to Twitter to clarify that the takedown was not a traditional hack, but instead a domain name system (DNS) attack. What you need to know: DNS is often called the Achilles heel of the internet, or the internet’s phonebook, because it plays a critical role in routing web traffic. The DNS is the protocol used to map domain names to IP addresses. It has been proven to work well for its intended function. But DNS is notoriously vulnerable to attack, attributed in part to its distributed nature. DNS relies on unstructured connections between millions of clients and servers over inherently insecure protocols. The gravity and extent of the importance of securing DNS from attacks

DNS Amplification  In February 2022, hackers launched massive, amplified distributed denial-of-service (DDoS) attacks through Mitel, a global business communications company. The attack pummeled financial institutions, broadband ISPs, logistics and gaming companies, and other organizations. Able to sustain DDoS attacks for up to 14 hours, with a record-breaking amplification factor of almost 4.3 billion to one, attacks like this are capable of shutting down voice communications and other services for entire organizations with a single malicious network packet. What you need to know: Though DNS amplification, a type of DDoS attack, has been around for a long time, the exploitation techniques keep evolving. The attack is similar to DNS hijacking in the sense that it takes advantage of the internet’s directory by misconfiguring it. But the way the attacks occur are slightly different. A DNS amplification attack typically involves sending a small amount of information to a vulnerable netwo

 Disabling Security Tools  Sometimes hackers use the very tools meant to protect organizations to gain access to their systems. Microsoft Windows became the world’s desktop operating system of choice when it was first released in 1985. And while its market share has gotten smaller in recent years, it still remains a dominant force compared to its distant runner up, Apple OSX. The mass adoption of Windows, and the fact that it’s easier to fall victim to attacks, such as malware and bots, has made it a favorite playground for hackers. That’s partly why Microsoft began installing a native anti-spyware and antivirus program, called Windows Defender, with the release of Windows Vista. Unfortunately Microsoft didn’t consider that hackers would attack the very thing supposed to protect Windows users. Novter, also known as Nodersok or Divergent, was a Trojan attack that took down Windows Defender’s real-time protection features. Once disabled, the Trojan would download additional malware to th

DDoS Attack  To date one of the biggest — if not the most significant — distributed denial-of-service (DDoS) attacks happened in 2018 against the popular online code management system GitHub. GitHub was hit by an onslaught of traffic, which at its peak came in at a rate of 1.3 terabytes per second, sending packets at a rate of 126.9 million per second. The attack wasn’t just massive, it was record-breaking. In this attack, the botmasters flooded Memcached servers with spoofed requests, which gave them the ability to amplify their attack by 50,000x. The good news? GitHub wasn’t caught entirely unprepared. Administrators were alerted to the attack and it was shut down within 20 minutes. What you need to know: A DDoS attack is an attempt by hackers, hacktivists or cyber spies to take down websites, slow down and crash the target servers and make online service unavailable by flooding them with traffic from multiple sources. As their name suggests, DDoS attacks are widely distributed brute

Data From Information Repositories  The threat group APT28 reportedly compromised Hillary Clinton’s campaign, the Democratic National Committee (DNC) and the Democratic Congressional Campaign Committee (DCCC) during Clinton’s presidential run against Donald Trump. The group has also targeted Eastern European governments, military and security-related organizations, including the North Atlantic Treaty Organization (NATO). The group uses a complex set of tools and strategies, surreptitiously accessing information repositories to control and steal data. APT28 has collected information from Microsoft SharePoint services within target networks. What you need to know: Information repositories are tools that allow for the storage of information — tools like Microsoft SharePoint and Atlassian Confluence. Information repositories typically facilitate collaboration or information sharing between users and they store a wide variety of data that may tempt attackers. Hackers may leverage informatio

  Cryptojacking Attack  Cyber hackers compromised numerous Australian government websites with malware that forced visitors’ computers to secretly mine cryptocurrency without their permission. The cryptojacking attack was initiated when hackers exploited a vulnerability in a popular browser plugin as part of a larger global security breach. The attack affected the official website of the Victorian parliament, the Queensland Civil and Administrative Tribunal, and the Queensland Community Legal Centre homepage, among others, as well as the UK’s National Health Service and the UK’s own data protection watchdog site. What you need to know: Cryptojacking is an attack where a hacker targets and hijacks computer systems with malware that hides on a device and then exploits its processing power to mine for cryptocurrency — such as Bitcoin or Ethereum — all at the victim’s expense. The hacker’s mission is to create valuable cryptocurrency with someone else’s computing resources.  

 Cross-Site Scripting  In January of 2019, an XSS vulnerability was discovered in the Steam Chat client operated by Valve, a computer gaming company with more than 90 million active users, any number of whom could have been attacked until the bug was disclosed. Cross-site scripting (XSS) attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. It’s conceptually like an SQL injection — where malicious code is entered into a form to gain access to the site’s database — except that in the case of XSS, the malicious code is designed to execute within the browser of another visitor to the site, allowing the attacker to steal user cookies, read session IDs, alter the contents of a website or redirect a user to a malicious site. What you need to know: XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks

Credential Stuffing  Fort Lauderdale-based Citrix Systems found itself neck deep in investigating a major network breach in 2019 that had occurred the previous year, resulting in stolen business documents by hackers. The FBI believed the breach was sourced for “password spraying,” otherwise known as credential stuffing — an attempt by hackers to remotely access a large number of accounts at once. According to a form 10-K filing to the U.S. Securities and Exchange Commission, Citrix believed the hackers tried to infiltrate company systems to access content collaboration customer accounts. What you need to know: With credential stuffing, cybercriminals will use stolen account credentials — often usernames and passwords procured from a data breach — to access additional accounts by automating thousands or millions of login requests directed against a web application. They want to access sensitive accounts the easy way — by simply logging in. It works because they rely on people reusing th

Credential Reuse Attack  One of the more notable credential reuse attacks is the 2019 Dunkin’ Donuts breach — which, unluckily for the East Coast chain, happened to be their second hack in two months. This time around, the threat actors went so far as to sell thousands of accounts on the dark web. This included users’ credentials — including their usernames and passwords — to the highest bidder, who could then try them across other consumer websites until they got a hit. What you need to know: Credential reuse is a pervasive issue across any company or userbase. Nowadays, most users have tens (if not hundreds) of accounts, and are tasked with remembering countless passwords that meet all sorts of stringent requirements. As a result, they’ll resort to reusing the same password over and over again, in the hopes of better managing and remembering their credentials across accounts. Unsurprisingly, this can cause major security issues when said credentials are compromised.

 Credential Dumping  Disney+ signed up 10 million users and its stock hit a record high shortly after the launch of the streaming service. But that shine quickly faded when many of those eager subscribers began complaining about being locked out of their accounts. Within days of the launch, Disney+ credentials were up for grabs for as little as three dollars. Disney said the site wasn’t actually breached — allegedly, users who found their credentials online likely fell victim to a common (but notoriously bad) practice: using the same password across multiple sites that were later hit by a credential dumping attack. What you need to know:  Credential dumping simply refers to an attack that relies on gathering credentials from a targeted system. Even though the credentials may not be in plain text — they’re often hashed or encrypted — an attacker can still extract the data and crack it offline on their own systems. This is why the attack is referred to as “dumping.” Often, hackers will t

 Compromised Credentials  In 2020, Marriott International suffered a massive data breach as a result of a compromised credentials attack. This breach compromised the accounts of 5.2 million Marriott customers, exposing their contact information, gender, date of birth and loyalty account information. The attacker used the login credentials of two Marriott employees, presumably obtained through a mix of phishing and credential stuffing, to collect Marriott customers’ information for an entire month before raising suspicion. What you need to know: Most people still use single-factor authentication to identify themselves (a pretty big no-no in the cybersecurity space). And while stricter password requirements are starting to be enforced (like character length, a combination of symbols and numbers, and renewal intervals), end users still repeat credentials across accounts, platforms and applications, failing to update them periodically. This type of approach makes it easier for adversaries

 Command and Control  The first known take down of a country’s power grid from a cyberattack happened on December 23, 2015. The details of the hack are summarized in detail by Wired. At about 3:30 pm local time, a worker inside the Prykarpattyaoblenergo control center saw his mouse’s cursor move across the screen. The ghostly cursor floated toward the digital controls of the circuit breakers at a substation, and began taking them offline. Almost 30 substations subsequently went down, and 230,000 residents were forced to spend a cold evening in the dark in Western Ukraine, with a blistering low of 30 degrees Fahrenheit. What you need to know: A command and control attack is when a hacker takes over a computer in order to send commands or malware to other systems on the network. In some cases, the attacker performs reconnaissance activities, moving laterally across the network to gather sensitive data. In other attacks, hackers may use this infrastructure to launch actual attacks. One of

 Cloud Cryptomining  Cloud cryptomining doesn’t need gas to go. Look no further than Tesla for evidence. The electric carmaker fell victim to a cloud cryptomining attack when hackers took advantage of an insecure Kubernetes console, stealing computer processing power from Tesla’s cloud environment to mine for cryptocurrencies. What you need to know: Cryptomining is an intentionally difficult, resource-intensive business. Its complexity was designed to ensure that the number of blocks mined each day would remain steady. So it’s par for the course that ambitious, yet unscrupulous, miners make amassing the computing power of large enterprises — a practice known as cryptojacking — a top priority. 

Cloud Access Management  Moving to the cloud has countless advantages, from fostering collaboration to allowing employees to work from almost anywhere in the world. The importance of this flexibility was on display when the global COVID-19 pandemic hit. But switching to a cloud-based service can carry a fair amount of risk — oftentimes due to human error. Wyze Labs, a company that specializes in low-cost smart home products, experienced this first hand. An almost-prolific breach occurred at the startup when an employee built a database for user analytics, only to accidentally remove the necessary security protocols. As a result, a database-worth of customers’ personal information was exposed. What you need to know: Managing permissions for your organization has become increasingly important in order to avoid a cloud-based breach. Lax or nonexistent security — and in this case, incorrectly configured security controls — can easily jeopardize the security of your data, exposing your orga

Business Invoice Fraud  Even the largest technology firms aren’t immune to invoice fraud. According to an investigation by Fortune Magazine, both Facebook and Google unwittingly fell victim to a massive business invoice fraud scheme. The fraudster, a Lithuanian man known as Evaldas Rimasauskas, created invoices impersonating a large Asian-based manufacturer that frequently did business with the two companies to trick them into paying for bogus computer supplies. Over two years, the fraudster duped the two tech giants into spending tens of millions of dollars. By the time the firms figured out what was going on, Rimasauskas had allegedly stolen more than $100 million. What you need to know: Business invoice fraud attempts to trick victims into paying out on a fraudulent (but convincing) bill addressed to your organization. In reality, the funds go to imposters mimicking suppliers. These hackers will often bill a reasonable amount so they don’t draw suspicion. But executing these scams h

Brute Force Attack  In a now-infamous brute force attack, over 90,000 PlayStation and Sony Online Entertainment accounts were compromised in 2011. Hackers attempted countless username and password combinations from an unidentified third party, eventually ransacking members’ accounts for personal information. The now-discontinued Club Nintendo also fell victim to the same type of attack in 2013, when hackers executed a coordinated attack on over 15 million members, eventually breaking into over 25,000 forum members’ accounts. All compromised accounts were suspended until access had been restored to the rightful owners — but the damage to brand reputation had already been done. What you need to know: A brute force attack aims to take personal information, specifically usernames and passwords, by using a trial-and-error approach. This is one of the simplest ways to gain access to an application, server or passwordprotected account, since the attacker is simply trying combinations of usern

 Bill Fraud  Zelle is a financial service that allows customers to easily send money to friends and family. Yet the very same features that make Zelle so quick and efficient for transferring funds are also being exploited by cyberthieves for monetary gain. Hackers and scammers use the system to pilfer funds away from consumers in payment fraud schemes, sometimes wiping out entire bank accounts. What you need to know:  Bill fraud — or payment fraud — is any type of bogus or illegal transaction where the cybercriminal will divert funds away from consumers. And these schemes work — according to recent data from the FTC, consumers reported they have lost over $1 billion in fraud complaints from January 2021 through March 2022. 

 Application Access Token  Pawn Storm, an active and aggressive espionage group, uses different strategies to gain information from their targets. One method in particular was to abuse Open Authentication (OAuth) in advanced social engineering schemes, targeting high profile users of free webmail. The group also set up aggressive credential phishing attacks against the Democratic National Convention (DNC), the Christian Democratic Union of Germany (CDU), the parliament and government of Turkey, the parliament of Montenegro, the World Anti-Doping Agency (WADA), Al Jazeera and many other organizations. They continue to use several malicious applications that abuse OAuth access tokens to gain access to target email accounts, including Gmail and Yahoo Mail. What you need to know:  With an OAuth access token, a hacker can use the user-granted REST API to perform functions such as email searching and contact enumeration. With a cloud-based email service, once an OAuth access token is granted

Amazon Web Services (AWS) Attacks  The number of creative attacks on virtual environments has exploded with the rise of cloud computing. And as one of the largest cloud-service providers, Amazon Web Services has certainly had its share of threats. There are several vulnerabilities that threaten the security of cloud providers. What you need to know:  Amazon’s “shared responsibility” model says AWS is responsible for the environment outside of the virtual machine but the customer is responsible for the security inside of the S3 container. This means threats that take advantage of vulnerabilities created by misconfigurations and deployment errors have become a bigger problem as companies have adopted cloud technologies rapidly and the organization using AWS is responsible for securing their environment. The problem is there are more threats that AWS customers have to worry about.

Advanced Persistent  Threat In one of the most notable data breaches in U.S. history, the attack on the U.S. Office of Personnel Management (OPM). security experts found that state-sponsored attackers used an advanced persistent threat sponsored by the Chinese government. The attack on OPM compromised over 4 million records, including information on current, former and prospective federal government employees, as well as their family members, foreign contacts and even psychological information. What you need to know:  An advanced persistent threat (APT) is a highly advanced, covert threat on a computer system or network where an unauthorized user manages to break in, avoid detection and obtain information for business or political motives. Typically carried out by criminals or nation-states, the main objective is financial gain or political espionage. While APTs continue to be associated with nationstate actors who want to steal government or industry secrets, cyber criminals with no p

Account Takeover  Account takeover is considered one of the more harmful ways to access a user’s account. The attacker typically poses as a genuine customer, user or employee, eventually gaining entry to the accounts of the individual they’re impersonating. Scarier yet, user credentials can be sourced from the deep web and matched against e-commerce sites with the help of bots and other automated tools for quick and easy entry. What you need to know:  Rather than stealing the card or credentials outright, account takeover is more surreptitious, allowing the attacker to get as much use out of the stolen card as possible before being flagged for suspicious activity. Banks, major marketplaces and financial services like PayPal are common targets, and any website that requires a login is susceptible to this attack.