Your First Two Steps to Make Life Harder for Cyber Attackers
If you think like an attacker, you’ll realize that your best approach to securing your critical assets is to assume that you’ll be breached. But what does this mean in practice?
Domestic cyber criminals and nation-state attackers alike are capitalizing on this time of uncertainty – and remote workers are a prime target.
Tonya Ugoretz, deputy Assistant Director of the FBI Cyber Division, recently spoke at a virtual Aspen Institute event. Ugoretz described the situation best as a “collision of highly motivated cyber threat actors and an increase in opportunities.” In fact, the FBI’s Internet Crime Complaint Center (IC3) is currently receiving between 3,000 and 4,000 cybersecurity complaints daily – a massive jump from their normal average of 1,000.
Criminals are taking advantage of “enormously high public interest in information” on COVID-19, the status of government stimulus checks and updates on local community restrictions. Some are setting up fake domains claiming to sell personal protective equipment, masquerading as charities working to raise money for patients or offering fraudulent loans to the financially strained. Times like these present a lucrative opportunity for cyber criminals – and they know it.
A Common Attack Method Shines
Traditional phishing attack methods continue to be a popular first step in the cyber attack chain. With a legitimate-looking email disguising a malicious, virus-spreading link or attachment, the attacker can easily cast their bait. These attacks have come to present an increased threat to businesses – especially now.
In today’s environment, remote workers are increasingly using both personal and corporate devices to access corporate resources. While a company may have made the office computer as secure as it can, if the remote worker logs on with their home laptop, that doesn’t help. Even employer-owned devices may be more vulnerable at home as many workers will be connecting through unsecured Wi-Fi.
Furthermore, with the adjustment to working from home – whether that means setting up a laptop on the kitchen table or working with kids playing in the background – many newly remote workers are not at their most alert, which makes it easy for them to mistakenly click on the wrong link. Clicking on a phishing link gives the cyber attacker a foothold on that person’s workstation – from there they can gain access the company network to accomplish their goals.
Who’s at Risk?
While there are plenty of nefarious individuals working to cash in on chaos for personal profit, many of today’s campaigns are driven by highly organized nation-state attackers with deep pockets. To help shine a light on some of their methods, the FBI and a group of federal agencies issued a public alert this month – noting that financial institutions and digital currency exchanges are particularly at risk as attackers develop and launch “increasingly sophisticated” malware tools in search of large payouts.
The FBI has also observed a spike in nation-state cryptojacking attacks where attackers compromise victim endpoints and steal computing resources to mine digital currency. Additionally, they warned of ransomware campaigns, some of which demand payment “under the guise of long-term paid consulting arrangements in order to ensure that no such future malicious cyber activity takes place.”
But the financial sector isn’t the only one at risk. Hospitals and healthcare organizations are “deeply under attack,” explained Ugoretz and her co-presenters. As evidenced by attacks on the World Health Organization (WHO), nation-states are particularly interested in gaining insights on the coronavirus to help inform their country’s own response. These attackers are also honing in on research institutions and biotechnology companies that have publicly touted their work in progressing treatments and a viable vaccine.
Prioritizing the Protection of Privileged Access
Whether targeting healthcare organizations, financial institutions or any number of other companies, there is one common thread. Attackers are looking for sensitive information they can exploit – and they are doing so by compromising endpoints, stealing credentials and escalating privileges in order to access their targets.
While attackers can ultimately accomplish their goals by targeting any endpoint, they often seek out those of privileged users (like system administrators working from home) who have access to sensitive assets and powerful systems. By stealing privileged credentials from these users, attackers can accelerate their efforts. After gaining legitimate access to company systems, attackers appear to be company employees and can move throughout the environment with ease to conduct reconnaissance and siphon off proprietary data.
Privileged access is the gateway to an organization’s most valuable assets and is at the core of nearly every major security breach today. With privileged access, motivated external attackers and malicious insiders alike can access network infrastructure and steal data. Without that access, attackers are severely limited in what they can accomplish.
That’s why protecting the pathway to critical resources with privileged access management (PAM) is so important. Organizations that have a strategy in place to manage and monitor privileged access, as well as detect and respond quickly to threats, are best positioned to defend against today’s targeted threats.
While there is no silver bullet to protect organizations from this surge in criminal activity, prioritizing privilege can dramatically reduce the business impact of an attack.
Source: CyberArk
Privileged accounts and the access they provide represent the largest security vulnerability an organization faces today. These powerful accounts exist in every piece of hardware and software on a network. When employed properly, privileged accounts are used to maintain systems, facilitate automated processes, safeguard sensitive information, and ensure business continuity. But in the wrong hands these accounts can be used to steal sensitive data and cause irreparable damage to the business.
Privileged accounts are exploited in nearly every cyber-attack. Bad actors can use privileged accounts to disable security systems, to take control of critical IT infrastructure, and to gain access to confidential business data and personal information. Organizations face a number of challenges protecting, controlling, and monitoring privileged access including:
• Managing account credentials. Many IT organizations rely on manually intensive, error-prone administrative processes to rotate and update privileged credentials—an inefficient, risky and costly approach.
• Tracking privileged activity. Many enterprises cannot centrally monitor and control privileged sessions, exposing the business to security threats and compliance violations.
• Monitoring and analyzing threats.
Many organizations lack comprehensive threat analysis tools and are unable to proactively identify suspicious activities and remediate security incidents.
• Controlling Privileged User Access.
Organizations often struggle to effectively control privileged user access to cloud platforms (IaaS a PaaS), SaaS applications, social media and more; creating compliance risks and operational complexity.
• Protecting Windows domain controllers.
Attackers can exploit vulnerabilities in the Kerberos authentication protocol to impersonate authorized users and gain access to critical IT resources and confidential data.
Send download link to:
Founded in 1999, SecurIT has over 18 years of extensive experience of designing, implementing, maintaining large Identity Management/Governance infrastructures. With more than 30 specialists permanently employed in the Netherlands SecurIT offers its customers high quality consultancy, implementation, management and support services (24*7).
Healthcare is working intensively to help everyone in society in these bizarre times of the corona crisis. At the same time, criminals abuse the situation by digitally attacking healthcare institutions and healthcare providers, for example by distributing ransomware or sending spam. We find this unbelievable and take action by uniting in the Dutch coalition “We Help Hospitals” to protect Dutch healthcare institutions free of charge against digital attacks during times of the corona crisis.
The COVID-19 virus attacks our immune system. We try to limit the damage as much as possible by taking the correct preventive measures in time. Matters such as mouth masks, disinfectants, respiratory equipment and the care surrounding it are essential, otherwise, the pandemic is incalculable.
Just as COVID-19, there are continuous security attacks that test the immunity of every organization. The right combination of preventive measures can make the difference between the simple flu for your organization or a total lockdown with all its consequences.
As with the COVID-19 virus, security threats are present. We all know that sooner or later we will be confronted with this.
The question is how are we prepared for this? SecurIT is the healthcare provider with years of experience. We are the doctor that you want to have at your bedside to prevent your organization from ending up in an irreparable emergency.
What we can do for you
| Situation | Why should you bother? | The solution that we could provide |
| Working safely from home (for home workers, but also third parties) | Office network is a trusted environment. But how about home network, home wifi and unmanaged devices? Offer secure access to company network & apps | Secure Remote Access (CyberArk is needed) |
| Prevent Security breaches caused by malware/ransomware and attackers that are abusing the corona virus to hack | Over 80% of ransomware attacks starts from some clicking on phishing mail. Virus scanners do not always detect this. How to prevent ransomware? | Endpoint protection & Privileged Account Security |
| Secure password usage (or no password usage at all) | A large majority of successful cyberattacks are due to stolen or compromised passwords. Make sure your employees are using strong passwords for all of their work accounts, are not reusing passwords, and are using multi-factor authentication (2FA) on all websites, applications, and systems that support it | Password Manager & Multi-factor authentication |
Do not wait until it is too late, contact us now.*
*If you are a Healthcare organization outside The Netherlands or if you are NOT a healthcare organization at all, please let us know as well, and we’ll check the possibilities with you to help you where we can.
English 
Nederlands