Security Applications

 Global Risks Ranked Not listed are water security, Food security, and Energy Security. World Economic Forum - Global Risks Report 2023 These are just the top 10 risks. Surprisingly: "use of weapons of mass destruction" is number 28. Here's the full list: World Economic Forum - Global Risk Report 2023 But with increased cybercrime, we are likely to see increased disruption in critical technology systems, which may affect food and water supplies, transport, financial systems, space, military, and communication systems.

  Cybercrime Is Becoming an Increasingly Larger Threat Every Day The FBI’s Internet Crime Complaint Center (IC3) releases annual reports on cybercrime. The latest report shows that from 2017–2021, the number of Americans who filed a cybercrime complaint rose by 181%, and total losses increased by 393% during the same period. IC3 Complaint Statistics Source:  https://www.hsdl.org/c/2021-internet-crime-report/ It is not just Americans that are seeing a rise in cybercrime—it’s businesses with global operations too.

 IS your network secure? Did you know 1 in 10 business leaders don't know if they've got the right security people and skills in place? Now that's shocking. World Economic Forum - 2023 Global Security Outlook Report The gap between business and security is starting to close thanks to better communication. It's just in time, especially with the cyber landscape getting increasingly more complex. But recruitment and retention is still a major issue. In fact — 64% of cyber leaders ranked talent recruitment and retention as a key challenge for managing cyber resilience.

 CISSP https://app.cybrary.it/login Cyber Videos

 Zero-Day Exploit  It’s hardly surprising that the number of zero-day flaws continues on an upward trajectory. But 2021 blew all other years out of the water as malicious actors exploited a total of 58 new zero-day threats, compared to 25 flaws in 2020 and 21 vulnerabilities in 2019. And no doubt the stakes are getting higher as critical systems become more connected. In recent years, hackers have used zero-day attack threats to compromise Microsoft servers and install advanced spyware on smartphones for espionage activities targeting journalists, politicians, and human rights activists. In August 2021, for example, a zero-day vulnerability known as “PwnedPiper” was found in the pneumatic tube systems used by hospitals to transport bloodwork, test samples, and medications, which allowed attackers to exploit flaws in the control panel software while opening the door for unauthorized and unencrypted firmware updates. What you need to know: A zero-day vulnerability, at its core, ...

 Wire Attack  While the SWIFT network has experienced fewer attacks since its infamous 2016 bank heist, cybercriminals are readily using wire transfers in new and creative ways to launch malicious, if not lucrative and creative cyber assaults. In one high-profile example in 2018, Frank Krasovec, an owner of Domino’s Pizza franchises in China, lost $450,000 when a fraudster intercepted his email and convinced his assistant to wire money to Hong Kong on two occasions. More recently in 2020, attackers targeted a bank manager in Hong Kong with a call that impersonated the voice of a director he knew via AI voice cloning technology. The cybercriminal impersonating the executive claimed his company was making an acquisition and requested that $35 million in funds be wired electronically to another account. Usually initiated with a phishing attack or malware, wire transfer attacks provide the vehicle for transferring copious sums of money quickly. What you need to know: Wire attacks ...

 Web Session Cookie Theft  Almost every web application we use, from social media and streaming platforms to cloud services and financial applications, runs on authentication cookies. Though cookies make our experience on the web much more convenient, they also create a vulnerability that can be abused to great effect. In late 2019, a group of loosely connected hackers made a name for themselves by executing cookie theft malware to hijack various YouTube channels, then luring unsuspecting owners with bogus offers to broadcast cryptocurrency scams or sell the accounts to the highest bidder. What you need to know: When an attacker successfully steals a session cookie, they can perform any actions the original user is authorized to take. A danger for organizations is that cookies can be used to identify authenticated users in single sign-on systems, potentially giving the attacker access to all of the web applications the victim can use, like financial systems, customer records o...

 Watering Hole Attack  In what became a classic watering hole attack, a Florida water, and wastewater treatment facility contractor inadvertently hosted malicious code on its website, leading to the reported Oldsmar water plant hack in 2021. The cybercriminals behind the attack seemed to have a distinct audience in mind — the malicious code found on the contractor’s site also appeared to target other Florida water utilities, and perhaps not surprisingly, was visited by a browser sourced to the city of Oldsmar on the same day of the hack. While the website didn’t launch exploit code, it instead injected malware that functioned as a browser enumeration and fingerprinting script designed to glean information from site visitors, including operating system, browser type, time zone, and presence of camera and microphone, which it then sent to a remote database hosted on a Heroku app site that also stored the script. What you need to know: Like a literal watering hole, a watering hol...

 Typosquatting  Noblox.js is a wrapper for the Roblox API, a function widely used by many gamers to automate interactions with the popular Roblox gaming platform. The software also appears to be attracting a new crowd. In 2021, hackers launched typosquatting attacks via the noblox.js package by uploading confusingly similar packages laden with ransomware to a registry for open-source JavaScript libraries and then distributing the infected files via a chat service. However, since September of 2021, gamer Josh Muir along with several others has actively been cracking down on the attackers, attempting to prevent the proliferation of ransomware through the noblox.js package and other code libraries, and thwart further attacks on the gaming community. What you need to know: Typosquatting is a phishing attack where attackers take advantage of commonly misspelled domain names. Often times, the guilty party isn’t actually looking to carry out an attack, but instead is holding out hope...

 System Misconfiguration  A little mistake can have drastic consequences. Nissan North America found that out after the source code of mobile apps and internal tools was leaked online due to a system misconfiguration. The mishap was sourced to a Git server that was left exposed on the internet with a default username and password combo of an admin, who thus learned of the leak from an anonymous source. Among other things, the leak contained source code data from Nissan NA Mobile apps, client acquisition and retention tools, market research tools and data, the vehicle logistics portal, and vehicle-connected services. What you need to know: Security misconfiguration is a widespread problem that can put organizations at risk thanks to incorrectly configured security controls (or lack thereof). This can happen at almost any level of the IT and security stack, ranging from the company’s wireless network to web and server applications, to custom code. 

 Suspicious Zoom Child Processes  Video-conferencing giant Zoom has emerged as the top enterprise video communications platform over the last several years. Its usage has increased dramatically with an upsurge of remote workers, attributed largely to shelter-in-place mandates following the COVID-19 pandemic. However, as Zoom’s popularity soared, flaws in both Windows and macOS systems have correspondingly received increased scrutiny by bad actors, who have increasingly relied on this attack vector to gain unauthorized access and escalate privileges onto targeted systems — including exploiting a local library validation function in Zoom to completely hijack an unsuspecting user’s webcam and microphone. Plausible attack scenarios could mean that attackers use their ill-gotten privileges to spy on targeted users, either in their personal lives or during important meetings where sensitive information is being shared. What you need to know: Essentially, these local privilege escala...

 Suspicious Okta Activity  Okta is often the gateway to enterprise applications and accounts — a fact not lost on hackers. If exploited, the SSO flaw allows hackers to abuse credentials of existing accounts for unauthorized access, persistence, privilege escalation and defense evasion. Once credentials are compromised, attackers can then bypass access controls to gain entrance to VPNs, Outlook Web Access and remote desktop. Adversaries can also use compromised credentials to elevate their privileges to certain systems or gain entry to restricted areas of the network, while also using malware to steal information and/or obfuscate their presence. In one attack scenario, hackers can take over inactive accounts of employees who have left the organization and use their credentials to gain access to critical systems for data and identify theft activities. What you need to know: Okta is the leading single sign on provider, allowing users to authenticate once to Okta, and from there a...

 Suspicious Cloud Storage Activities  According to the 2022 Verizon Data Breach Investigations Report (DBIR), a staggering 82% of breaches involve a “human element,” with “miscellaneous errors” on the rise due to misconfigured cloud storage. The Sensitive Data in the Cloud report also found that the majority of security and IT professionals (67%) are storing sensitive data in public cloud environments, with a third of respondents saying that they weren’t confident — or only slightly confident — about their ability to protect sensitive data in the cloud. This type of technical and professional oversight — whether it involves a misconfigured database or security teams lacking the necessary know-how — is exactly why cloud accounts have become a prime target in this era of remote work. What you need to know: Now that data is widely (and all too often, haphazardly) dispersed across the cloud, attackers have ample opportunity to find and exploit both known and unknown vulnerabilitie...

 Suspicious Cloud Authentication Activities  Now more than ever, identity access management (IAM) has become a critical part of cloud security. In 2022 alone, 84% of organizations fell victim to identity-related breaches, with 96% reporting that the breach could have been avoided or minimized by implementing identity-centric security. Without the correct technologies and policies in place (e.g. zero trust and vendor management), identifying anomalous behavior via authentication and authorization can be incredibly tricky. As a result, these attacks often go undetected, as the authentication performed by a bad actor can look the same as a legitimate user, depending on how expansive the IAM framework in place is (let alone if it even exists). What you need to know: Organizations need to move away from network security in order to better protect and authenticate user identities. Up until recently, however, this was much easier said than done. Certain technologies simply lacked the...

 Supply Chain Attack  The SolarWinds attacks, which some experts have called the worst series of cybersecurity attacks in history, are a prime example of the damage a supply chain attack can inflict. In 2020, sophisticated attackers believed to have been directed by the Russian intelligence service, compromised SolarWinds software. They embedded it with malware that was then deployed through a product update, giving them backdoor access to all of SolarWinds Orion Platform customers’ networks. Up to 18,000 customers installed updates that left them vulnerable to hackers, including Fortune 500 companies and multiple agencies in the U.S. government. As Tim Brown, vice president of security at SolarWinds, said recently, “it’s really your worst nightmare.” What you need to know: A supply chain attack is a powerful cyberattack that can breach even the most sophisticated security defenses through legitimate thirdparty vendors. Because vendors need access to sensitive data in order to...

 SQL Injection  Structured Query Language, or SQL (sometimes pronounced “sequel”), is the standard programming language used to communicate with relational databases — systems that support every data-driven website and application on the internet. An attacker can take advantage of this (very common) system by entering a specific SQL query into the form (injecting it into the database), at which point the hacker can access the database, network and servers. And SQL injection attacks continue to be a popular attack method. As recently as August of 2020, the Freepik Company disclosed a data breach impacting the logins of more than eight million users resulting from an SQL injection in a global database of customizable icons, which allowed the hackers to access and ultimately steal user login and personal information. What you need to know: SQL injection is a type of injection attack used to manipulate or destroy databases using malicious SQL statements. SQL statements control the...

 Spyware  It’s no secret that spyware attacks continue to occur with alarming frequency. But if you’re a high-profile figure, you’re likely a bigger target. In May of 2021, officials announced that bad actors had targeted the cellphones of Spanish Prime Minister Pedro Sánchez and Defense Minister Margarita Robles in several attacks using the Pegasus spyware, resulting in significant data theft from both devices while wreaking havoc on Spain’s administrators and government systems. What you need to know: Spyware is a type of malware that aims to gather personal or organizational data, track or sell a victim’s web activity (e.g., searches, history and downloads), capture bank account information and even steal a target’s identity. Multiple types of spyware exist, and each one employs a unique tactic to track the victim. Ultimately, spyware can take over a device, exfiltrating data or sending personal information to another unknown entity without prior knowledge or consent.

 Social Engineering Attack  The 2002 film “Catch Me If You Can” tells the true story of (perhaps) one of the most accomplished practitioners of social engineering of all time. In the film, Leonardo DiCaprio portrayed a man named Frank W. Abagnale, Jr., who executed various high-profile cons, committed bank fraud and masqueraded in a variety of personas, including as a physician and pilot. Abagnale’s success depended on his ability to convince his victims that his forgeries, whether they were checks, diplomas or identities, were genuine. Abagnale was an active con man in the ‘60s and ‘70s, but the practice of social engineering has continued to develop and remains a powerful tool for hackers and fraudsters to gain access to closed systems around the world. What you need to know: Social engineering is the term used for a broad range of malicious activities accomplished through psychological manipulation to trick users into making security mistakes or giving away sensitive inform...

 Simjacking  On August 30, 2019, Twitter CEO Jack Dorsey’s 4.2 million followers were subjected to a stream of deeply offensive messages, courtesy of a group of hackers called the “Chuckling Squad.” The group used simjacking to gain control of Dorsey’s phone number, then used a text-to-tweet service acquired by Twitter to post the messages. Despite the messages being visible online for fewer than ten minutes, millions of people were exposed to the offensive tweets. What you need to know: SIMjacking (also known as a SIM swap scam, port-out scam, SIM splitting and SIM swapping) is a type of account takeover that generally targets a weakness in two-factor authentication and two-step verification in which the second factor is a text message (SMS) or call placed to a mobile telephone. Simply put, simjacking is when an attacker impersonates a target to a cellular provider in order to steal their cell phone number by having it transferred to a different SIM card (which is already in ...

 Shadow IT  As software-as-a-service applications have become increasingly quick and easy to use, employees can now download solutions onto their workstations to help them get the job done. However, many are using these applications with little regard for security. It’s not surprising then that a 2019 Forbes Insights survey titled “Perception Gaps in Cyber Resilience: Where Are Your Blind Spots?” found that more than one in five organizations experienced a cyber incident originating from an unauthorized — or “shadow” — IT resource. What you need to know: Shadow IT refers to IT applications and infrastructure that employees use without the knowledge and/or consent of their organization’s IT department. These can include hardware, software, web services, cloud applications and other programs. In general, well-intentioned employees innocently download and use these applications to make their work easier or more efficient. It’s a phenomenon so pervasive that Gartner had estimated ...