Cyber crime and other digital threats in the corporate industry

Previously there were only a limited number of banner companies who participated in spreading advertisement Trojans. Today, however, many companies have to live with the feeling of being a digital target it is ok to hunt.

You have probably heard about digital threats or cyber crime. If you are the company’s security manager or ICT- executive, you might be used to handling computers infected with cryptovirus, advertising virus and other digital annoyances.

How will these- and other relatively new types of digital threats affect your business?

How prepared are you to handle an incident? Take our Incident Preparedness Test  in just 3 minutes.

Cyber crime and other digital threaths

Maybe your company is participating in a tender with a competitor who has ties to all the “right people”. This happens more often than we care to admit. The results of such “silent hacking”, where the target does not know they have been hacked, are often severe. There may be loss of reputation, loss of competitive ability, loss of contracts, and ultimately for private companies: bankruptcy.


Information hunters

The reality is that your company’s intangible assets could be other people’s commodity. Who could possibly be hunting your business? 

  • Foreign governments
  • Private groups hired by private companies
  • Private “collectors”
  • Politically motivated individuals or groups
  • Employees of competitors
  • Frustrated employees

Let us clarify some terms:

  • An individual or a group involved in illegal digital activities (cyber crime) are often referred to as threat actors.
    The actors can be from different countries, be a foreign government, a private organisation, an individual, or random groups united by a common goal.
  • A composition of activities executed by the threat actors to reach a goal is called a campaign.
    A campaign often has a time limit and is terminated when the purpose of the campaign is reached, or the attack is stopped. Stealing information from the finance sector, any other specific sector, or a company, is an example of such criminal activity.

Cryptovirus as income or distraction

The media often yells, HACKER ATTACK, when one or more big campaigns have infected thousands of computers with cryptoviruses to lock users out of their own data. However, being a victim of a cryptovirus is not the same as being hacked. You are instead fooled, tricked into downloading program code to your own computer, running it and in some cases, tricked into paying to regain access to your own data. It can, for example, be an innocent looking (and well made) bill, a spreadsheet with invoice details for a service you have not ordered.

> Read also: Risk evaluation data security: Do you know what could befall you?

In the business market, cryptoviruses are often used as a distraction. The people that control the decryption key to your data can easily copy these and decrypt the data any time they like, as long as the computer is online. We have examples of attacks where the purpose was to taint the business reputation to such an extent that they lost contracts and value on the stock market.

See Cisco's video about a cryptovirus attack here.

The people behind the attack obviously know it will take place and can buy stock before the campaign and then sell them back to financial institutions when the stock plummets.

Is antivirus software useful?

Apart from cryptoviruses, there are at the moment few types of commercial, criminal activities targeting the mass market. The 8th of July 2016 the US CERT (national CERT of USA) went out and urged antivirus software providers to clean up their code, as the software often made the machines more vulnerable rather than protecting them.

Yet, simple antivirus software does have an effect in stopping malware when used in combination with additional network actions. Malware and cryptoviruses should be stopped before the infection takes place. This can be done by using network defense.

Examples include Next Generation firewalls from different providers. They use a packet inspection and examines all files on the way in from the internet. This type of firewall, in combination with inspection and filtering of name server traffic, is our best countermeasure at the moment.

What can we do?

These are the first steps every organisatsion should take to reduce their vulnerability against digital threats:

  • Evaluate the type of encryption we use on data
    Data, especially the kind we send over the open internet, should be protected with TLS- connections.
  • Asses if the data in question MUST be sent over the internet
    Use a private network connection (VPN) for permanent transactions.
  • Make sure you have first-class data processing agreements with your suppliers
    Clarify where the data is stored. This also applies to backup and recovery (DR/DRS).
  • Monitor your own network
    Use tools that provide a visual overview of the data flow.
  • Set up notifications for abnormal traffic
    Most companies are good at securing incoming traffic, but the outgoing data is just as important.
  • Make evaluations with the business management and create understanding for the security measures

We all have a responsibility to think for ourselves. Now, more than ever, it is important to exercise caution and rather ask one time too many before clicking a link or answering an innocent looking email.

  

Incident Preparedness Test

 

By Anders Kringstad

Anders is a solution architect in ITsjefen AS. He has participated in developing the company from three employees and a table with computers to an organisation with a 1000m2 data center and a fiber network with over 5000 network points. Anders has worked with designing, delivering and operating server farms and he has been involved in projects related to information security since the 90s under the organisation Underworld.

More blog posts from this author

Subscribe to the blog