Previously there were only a limited number of banner companies who participated in spreading advertisement Trojans. Today, however, many companies have to live with the feeling of being a digital target it is ok to hunt.
You have probably heard about digital threats or cyber crime. If you are the company’s security manager or ICT- executive, you might be used to handling computers infected with cryptovirus, advertising virus and other digital annoyances.
How will these- and other relatively new types of digital threats affect your business?
Cyber crime and other digital threaths
Maybe your company is participating in a tender with a competitor who has ties to all the “right people”. This happens more often than we care to admit. The results of such “silent hacking”, where the target does not know they have been hacked, are often severe. There may be loss of reputation, loss of competitive ability, loss of contracts, and ultimately for private companies: bankruptcy.
The reality is that your company’s intangible assets could be other people’s commodity. Who could possibly be hunting your business?
- Foreign governments
- Private groups hired by private companies
- Private “collectors”
- Politically motivated individuals or groups
- Employees of competitors
- Frustrated employees
Let us clarify some terms:
- An individual or a group involved in illegal digital activities (cyber crime) are often referred to as threat actors.
The actors can be from different countries, be a foreign government, a private organisation, an individual, or random groups united by a common goal.
- A composition of activities executed by the threat actors to reach a goal is called a campaign.
A campaign often has a time limit and is terminated when the purpose of the campaign is reached, or the attack is stopped. Stealing information from the finance sector, any other specific sector, or a company, is an example of such criminal activity.
Cryptovirus as income or distraction
The media often yells, HACKER ATTACK, when one or more big campaigns have infected thousands of computers with cryptoviruses to lock users out of their own data. However, being a victim of a cryptovirus is not the same as being hacked. You are instead fooled, tricked into downloading program code to your own computer, running it and in some cases, tricked into paying to regain access to your own data. It can, for example, be an innocent looking (and well made) bill, a spreadsheet with invoice details for a service you have not ordered.
In the business market, cryptoviruses are often used as a distraction. The people that control the decryption key to your data can easily copy these and decrypt the data any time they like, as long as the computer is online. We have examples of attacks where the purpose was to taint the business reputation to such an extent that they lost contracts and value on the stock market.
The people behind the attack obviously know it will take place and can buy stock before the campaign and then sell them back to financial institutions when the stock plummets.
Is antivirus software useful?
Apart from cryptoviruses, there are at the moment few types of commercial, criminal activities targeting the mass market. The 8th of July 2016 the US CERT (national CERT of USA) went out and urged antivirus software providers to clean up their code, as the software often made the machines more vulnerable rather than protecting them.
Yet, simple antivirus software does have an effect in stopping malware when used in combination with additional network actions. Malware and cryptoviruses should be stopped before the infection takes place. This can be done by using network defense.
Examples include Next Generation firewalls from different providers. They use a packet inspection and examines all files on the way in from the internet. This type of firewall, in combination with inspection and filtering of name server traffic, is our best countermeasure at the moment.
What can we do?
These are the first steps every organisatsion should take to reduce their vulnerability against digital threats:
- Evaluate the type of encryption we use on data
Data, especially the kind we send over the open internet, should be protected with TLS- connections.
- Asses if the data in question MUST be sent over the internet
Use a private network connection (VPN) for permanent transactions.
- Make sure you have first-class data processing agreements with your suppliers
Clarify where the data is stored. This also applies to backup and recovery (DR/DRS).
- Monitor your own network
Use tools that provide a visual overview of the data flow.
- Set up notifications for abnormal traffic
Most companies are good at securing incoming traffic, but the outgoing data is just as important.
- Make evaluations with the business management and create understanding for the security measures
We all have a responsibility to think for ourselves. Now, more than ever, it is important to exercise caution and rather ask one time too many before clicking a link or answering an innocent looking email.