Agrello blog

Three ways companies are under threat from cybercrime

People are becoming more and more electronically fit if not even bionic. We take digital for granted so much that we do not even notice the threats around the virtual world. Being a victim of cybercrime can be very damaging, both financially and emotionally.
Hando Rand, Head of Innovation/Founder of Agrello
Hando Rand, Head of Innovation/Founder of Agrello
July 22, 2020

The CoViD-19 emergency showed our dependency on virtual. It also raised several concerns about digital safety. According to McAfee, cybercrime cost the global economy 600 billion dollars during 2017. Now is an excellent time to address the types of cyber attacks and the damage they inflict.

File-based attacks

Currently, the noise of information over the internet is so intense that getting baited by something malicious is a high risk. The most popular way of initiating breaches is through malicious files planted into the victims’ devices. Commonly it happens by malicious URLs or spoofed emails, which bait the victim into downloading a file.

In the professional world, the most likely successful breach is through a spoofed email. Email spoofing means that a 3rd party can send emails under someone else’s email address. Contrary to intuition, this is still one of the simplest ways of attack, as email protocols do not involve any authentication. Many people receive loads of emails regularly, opening a malicious file in a well crafted spoofed email can happen to anyone.

Besides email spoofing, there is a wide array of types of attacks which are becoming more popular and are severely harmful:

  • ransomware;
  • phishing;
  • data breaches;
  • identity theft;
  • information leakage.

The list above shows the top cyber attacks.

According to a 2020 Webroot report, 93% of such file-based cyber-attacks detected involve polymorphic malware. The same malicious file is spread massively and has a different program code for each victim. This approach significantly increases the possibility that anti-virus software will not detect a malicious file.

One way to avoid being under the risk of such attacks, emails should always include a signature of the sender. Access to critical information should require two-factor authentication with multiple devices.


Fileless attacks

This type of Fileless attack usually starts with another malicious email sent to the victim. However, the attack itself does not involve a corrupt file, but other methods of getting access to a personal device. This approach poses a big concern for anti-virus software developers as such attacks are less detectable than file-based attacks.

Usually, it works through a malicious link in the email from the attacker. This link runs a Flash executable in the browser, which gives access to the device for downloading the victim’s information. It makes it possible to plant keyloggers and other phishing devices. Learn more about this here.

The best way to avoid such attacks is to be diligent with the emails you receive and to disable Flash in the browser.


Insider threat

Insider threat to cybersecurity is as simple as it sounds. Trusted colleagues or employees are deleting, tampering, or leaking sensitive information, accessing it during their daily work. As common understanding is that cyber threats are caused by hackers with the intent of receiving some benefits, then statistics show that most of cybersecurity breaches caused by employees or partners are accidental or caused by bad ICT infrastructure or cyberpolicies.

Most of such cases are emerging from negligence, intense work with lots of cyber noise, lack of cybersecurity knowledge, or other factors that can make trusted people unintentionally harm the company.

Such unintentional insider threats are usually due to a lack of cybersecurity infrastructure combined with bad practices like:

  • software lacking security;
  • devices lacking security;
  • bad email practices.

A significant problem for large companies is to keep everything in sync between a vast number of autonomous departments. Thus, software implementation is a long, painful, and expensive process. It often creates the tendency to get stuck with outdated legacy software, which cannot adopt up-to-date cybersecurity features. 99.9% of all cyberattacks exploit vulnerabilities known for at least a year.

Additionally, we often find that the software lacks interoperability between different departments and keeps system administrators under severe stress that opens the door for human error. Device usage and access management open severe vulnerabilities. Companies that are in most risk have:

  • systems in place that give room for downloading malware;
  • have unsecured WiFi networks or
  • offer their employees devices, which are vulnerable in case of loss or theft.

All such vulnerabilities can be abolished with technology that already exists and is not too complex to adopt, use, and maintain.

Devices and software can also be unsecured due to lacking access systems and practices. Of course, remembering several complicated passwords is too much for many people. One possibility is to write them down, which opens up a physical vulnerability. Many people prefer to use the same password for many places. There is also a significant amount of people who do not feel any threat from establishing an easily hacked password like “123456” or “password” etc.

Making access secure

One possibility is to use password rules that do not allow simple passwords to mitigate that vulnerability, but this still forces people to write down passwords or use one for many. Another possibility is to use password managers. However, password managers also need to be secure, and if the password for the password manager is lacking, it creates even a more significant vulnerability.

The most advanced option is to use two-factor authentication (2FA). There are different ways of applying 2FA. The most common choice is to use a conventional password and a one-time password (OTP), either sent to an SMS or generated in a mobile application. That, of course, makes access much more cumbersome. Now there is also a modern way of 2FA using PKI signatures so that the first factor of the 2FA is a private key stored in a device, which as the second factor, is encrypted with a pin code memorized by the account holder. The latter method is a significant boost to security. It avoids the risk of account credentials massively leaking as a hacker would have to breach each private key holding device separately.

Pin protected private key in a mobile device is an important leap in security. However, it is still vulnerable to brute force attacks on the mobile, where the encrypted private key is extracted and tried with all possible pin codes until there is an answer. This requires something that could restrict extraction of the encrypted private key, while controlling, how many times the pin code can be tried (industry standard is three times). This is something similar to cards with a chip like banking cards and some ID cards.

Such chips are called secure enclaves. Fido Alliance is an industry association, which with the purpose of abolishing passwords, has gathered together worlds digital leaders to make standards for secure enclaves to create interoperability that extends to everyday apps. Thanks to this association a remarkable amount of smartphones now have integrated hardware security module (HSM), which makes it possible to store the private key in the most bulletproof way. This not only has increased security, but also has enabled the ease of use of biometrics as authentication, which replaces pin codes.

The truth is that still a minor part of all global smartphones have an HSM. Not all Apple devices have it and very few Android models come with an HSM for app development. Agrello is working on a mechanism that makes it possible to prevent brute force attacks also for phones that do not have a secure enclave. It is a cryptographic system that requires two or more private keys that correspond to a combined public key only when matched after decryption with a pin code. That makes it possible to store one-half of the necessary credentials in the phone and the other in another remotely stored and secured dedicated device, which could also be an HSM. The result is that there would not be enough information available to brute force the pin-code or produce a digital signature by hacking a single device.

Sources:

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/702074/Cyber_Security_Breaches_Survey_2018_-_Main_Report.pdf

https://www.comparitech.com/vpn/cybersecurity-cyber-crime-statistics-facts-trends/

https://mypage.webroot.com/rs/557-FSI-195/images/2020%20Webroot%20Threat%20Report_US_FINAL.pdf

https://www.virtru.com/blog/insider-threats-in-cyber-security/

Share the post

Let's make something great together!

Get in touch with us