Threat Intelligence Blog

Posted October 2, 2018

With reports like Facebook’s leak of 50 million user credentials happening on a weekly basis, it can seem as if data breaches, hacking, and ransomware are becoming the new normal. And with cyber criminals continuing to find success by utilizing the same tactics year after year – phishing, social engineering, malware – to infiltrate an organization, it makes sense.

How did we get three-quarters of the way through 2018 with more than 850 reported data breaches and over 34 million records exposed – just in the U.S.?

What is often overlooked is the importance of implementing basic steps for clean cyber hygiene, whether you are using your internet-connected device at home, in the workplace, or on a public network. This becomes even more significant as the Internet of Things (IoT) continues to grow, and organizations allow bring your own device policies. In fact, Gartner predicts that due to the ever-growing list of IoT devices (by 2020 there will be 20.4 billion connected devices worldwide!), it is hard to figure out what devices people are connecting to your network, and if those devices are compromised. Opening one malicious link or downloading one malicious attachment has the potential to follow you back to the office, causing a domino effect of cybersecurity problems in the workplace.

This list below is a good starting point for securing your devices and protecting yourself at home and work.

 

Think Before You Click

Phishing is still one of the most utilized attack methods for stealing sensitive data and gaining access into an organization’s network. At the end of 2017, the average user was receiving 16 malicious emails per month. The more obvious phishing emails are a thing of the past. Cyber criminals are using more clever and sophisticated tactics to trick you into sharing personal information. Phishing emails now have improved spelling, grammar, and formatting, making this social engineering tactic stronger than ever before.

How to spot a phish:

  • Check the sender’s email address. Especially with any email containing attachments and links. Scammers trying to impersonate legitimate businesses will be slightly off, either missing letters, adding more, or using similar letters (i.e., “m” and “n” can be easily swapped).
  • Subject lines that contain threatening statements or too-good-to-be-true offers. Any subject line that evokes an emotional response – demanding you to click on a link, offering you something for free, etc. – might be a sign that the email is a scam.
  • Be wary of any email attachment. These attachments could be posed as invoices, bills, resumes, or other scanned documents. Always check the sender’s address first to make sure it checks out, and even if it does, it might be a good idea to check directly with the sender.

 

Secure Your Passwords

Creating unique and strong passwords can be difficult, especially when it’s recommended to update your password every 90 days. Taking shortcuts might be easy in the long run but could be costly in the end. If using the same password for multiple accounts, bad actors only need one password and they could gain access to your personal information of their choosing. It only takes one breach to compromise all of your information if you are re-using passwords.

How to protect your passwords:

  • Set up multi-factor authentication (MFA) whenever available. This extra-step makes it more difficult for hackers to access your account, even if they have acquired your password. (Now, if you have the same password for all of your accounts including your MFA email, you’re in a bit of a pickle, aren’t you?)
  • Create long passwords, over 20 characters or more is recommended. Make sure it does not contain any easily obtained personal information. (For example, your name, address, birthdate, mother’s maiden name, etc.)
  • Use a password management program. It can help you create strong unique passwords for all of your accounts, and also remind you to update your passwords periodically.

 

Patch Your Software

Regularly updating and patching your software is critical to keeping your network safe. WannaCry ransomware infected 200,000 unpatched Windows machines in May 2017, encrypting data and then displaying a ransom notice demanding $300 in Bitcoin to decrypt the files. The total estimate of damages from this attack range between hundreds of millions to billions of dollars. The patch needed to prevent WannaCry from infecting machines was available two months before the attack began, in March 2017.

How to keep your software is secure and up-to-date:

  • Receive automatic updates. This applies to your computer operating system, browser, and applications.
  • Pay attention to software installation messages. Always make sure to pay close attention to the message boxes before clicking ‘OK’, ‘Next’, or ‘I Agree’.
  • Use antivirus software and antispyware. Equip all of your personal and organization’s devices with these, and remember to update software regularly.

 

Keep Your Router Secure

When thinking about the safety of our devices there is one IoT device that is often overlooked, your router. According to a 2018 Internet Security Report, routers were cited as the most frequently exploited type of device in IoT attacks. A recent attack, VPNFilter malware, affected half a million routers, disabled SSL encryption in infected routers, giving hackers access to passwords and financial information.

How to protect your router:

  • Change the default admin password. Never use the manufacturer’s password, instead opt for a unique, strong passphrase (see our tip above).
  • Monitor for unauthorized devices. You can use your router manufacturer’s website to stay aware of what devices are connecting or attempting to join your network via your router.
  • Keep firmware updated.

Keeping your home and organization safe from cybercrime is the responsibility of each user. As cyber threats become more sophisticated, your employees, executives, and even vendors need to stay current on the newest and prevailing cybersecurity threats. LookingGlass offers an award-winning Cyber Safety Awareness training, to educate and enable them to proactively identify and shut down these threats before they reach the organization’s network.

To learn more about our training and to get a 14-day free trial, contact us.

 

Additional Posts

Cyber Security ABCs

So far, 2018 has seen 850 reported data breaches and 34 million exposed records. And that's only in ...

How Do You Marry Intelligence Tradecraft with Infosec?

Why LookingGlass is commercializing Goldman Sach’s Sentinel™ Threat Intel Platform. ...