IT Security has moved from a nice to have to a critical component of the IT environment. The move to e-commerce, working from home and remote access has moved it significantly up the awareness ladder.
The increases in online activity have been matched by a corresponding increase in malware and other types of attack that IT Security needs to counter. New attack vectors have emerged and some old favourites have reappeared in new guises.
Security breaches can be of three types – physical, skimming, and electronic.
Physical breaches are, as they suggest the theft of documents or devices holding confidential information. Laptops and smart devices like cellphones have been stolen or left in taxis, as have external flash and hard drives. There have been reports of thefts of PoS equipment.
Skimming is the use of devices to record the data on the mag strip on the back of bank and credit cards. There have been cases of restaurant and shop staff skimming customer cards. Bank ATMs have also had skimming devices added to the card entry slots to record information and capture PIN numbers.
Counter-measures are mostly physical security protocols.
Here are some of the more common types of electronic threats that IT Security should be aware of:
DOS and DDoS Attacks
Simply put a DoS or DDoS attack attempts to put a service offline by flooding it with so much data traffic that it cannot cope. By itself, such an attack is not a security breach, but it does disrupt normal business and can hide other attempts to gain unauthorised entry.
Automated traffic monitoring can warn of potential attacks, but it takes manual confirmation, by which time it is often too late.
A relatively new, and potent threat is ransomware. Ransomeware is malware that encrypts a server and demands payment of a ransom, usually in cryptocurrency before the hacker provides a decryption key. They don’t always.
The best and often the quickest way to recover is to go back to bare metal and reload a clean copy of the systems and data held on the affected server or servers.
Phishing and SpearPhishing
This type of attack is email-based. A hacker creates an email purporting to be from a trusted source, a friend, colleague or often a financial institution. The email contains either a download or an email link. It is written in such a way as to entice the reader into clicking on the link.
A download link downloads malware to the user’s device. The malware can be obvious, for example, a ransomware threat, or a hidden threat like a keylogger that records user credentials to websites and sends them to a hacker.
A web link takes the user to a spoof or decoy website that will request sensitive data or download malware. Often the hacker creates a spoof website that looks like a trusted site operated by a bank.
The hacker sends an email to an email list of thousands or more email addresses in the hope that some will fall for the ruse.
Spear phishing is similar, but the recipient list is much more targeted. The hacker researches potential targets and builds an email list with their email details. A target might be senior members of a financial institution.
User education is a vital part of the weaponry needed to counter all types of phishing. Users need to recognise odd emails, those with bad grammar, misspellings or unexpected content. They must know to hover the cursor over the link before clicking it to verify that the target address is one they would expect.
Depositing malware is the objective of many phishing and other attacks. Sometimes it can be a direct attack on the system itself, for example, ransomware or a DDoS bot. Sometimes it can be a deliberate attempt to steal information like user credentials or confidential documents. Sometimes it can create a doorway for a hacker to break into a network to break it or steal information.
Keeping standard anti-malware software up to date can go a long way to stopping malware attacks.
The FBI consider a safe site as one that hasn’t been hacked yet. In addition to implementing IT Security software, hardware, procedures and policies, a prudent organisation will prepare business continuity protocols for when it happens.