What Are the Biggest Cybersecurity Threats Right Now?

Recent Cyber Attacks 

There have been numerous global cyber security issues these past few months, which include the following:

• Australia: The most recent cyber-attack in this roster- medical research group Harry Perkins Institute suffered a major cybersecurity breach impacting the organization’s internal servers (via ABC News)

• Indonesia: A cyberattack has compromised the country’s data center but it won’t pay the USD 8M ransom (via Associated Press) and appropriately so! To those unfamiliar, we’ll share the reason why later.

• Philippines: Fastfood giant Jollibee suffered a data breach that could be linked to a huge global extortion scheme (via Inquirer)

• Singapore: Hiap Seng Industries was also a subject of ransomware, where an unauthorized party gained access to the company’s servers (via The Edge)

• Vietnam: Reportedly hit by ransomware recently, affecting the operation of its delivery and postal services, the Vietnamese government’s postal office was down for several days due to a cyberattack (via The Record)

It’s not just limited to this recent quarter - the escalation in cybercrimes and their sophistication is a perennial, all-year-round concern. The prediction of global cyber security issues comes with costs reaching USD10.5 trillion by 2025, up 15% from USD3 trillion in 2015, underscores the severity of this issue. So, what are the biggest cybersecurity threats right now, and how can we stop them? How can we achieve the true meaning of cyber safety?

What is Ransomware in Cybersecurity?

A type of malware that encrypts a victim’s files and demands a ransom to restore access (and thus appropriately named ransomware), perpetrators of this attack require payment within a specified timeframe, else your data is forever lost.

Several government agencies, including the FBI, advise against paying the ransom. This is because paying does not guarantee that the victim will regain access to their data. Furthermore, it encourages the perpetrators to continue their illegal activities. It’s also worth noting that even if a victim pays the ransom, there’s a significant chance they could be targeted again, especially if the ransomware isn’t completely removed from the system. This underscores the importance of not just responding to ransomware attacks, but also proactively protecting against them. GlobalSign offers tools such as S/MIME. A customer of ours, Finance in Motion, uses our Managed PKI for Email Security. Here’s their success story for your reading pleasure. GlobalSign’s Multi-Factor Authentication could also help your organization to protect against ransomware.

What is DDoS Attack in Cybersecurity?

For those unfamiliar, distributed denial-of-service (DDos) attacks involve the use of multiple connected online devices (botnets) to flood a website with fake traffic. The DDoS attack doesn't penetrate your security perimeter like other kinds of cyberattacks. Rather, it aims to make your website and servers inaccessible to legitimate users. DDoS attacks can also be used to take down security appliances, breaching the target's security perimeter, as a smokescreen for other malicious activities.

Its success affects a large number of online users. Its popularity makes it a popular weapon among hacktivists, cyber vandals, extortionists, and anyone looking to raise awareness. Before achieving the meaning of cyber safety, the effects of a DDoS attack can last for days, weeks or even months, depending on the length of the attack or the frequency of it. The consequences of DDoS attacks include loss of revenues, eroded consumer trust, and businesses having to spend fortunes on compensation.

EEI Corporation, one of the leading construction companies in the Philippines, protects against potential DDoS attacks through GlobalSign’s SSL/TLS certificates. Read their success story here.

What are Network Security Problems? 

Your website could be an asset in your business, but it can, similarly, be a liability. All the effort you invested to generate traffic and promote your brand could end up in digital flames if you’re not protecting against the following:

Unknown Assets on the Network 

Not having a complete and updated inventory of your IT assets means not being able to confirm whether your network is secure. The easiest fix is to conduct a review of all the devices on your network and identify all of the various platforms they run. This gives you a rundown of all of the different access points on your network, where you discover which ones are most in need of security updates.

Abuse of User Account Privileges

Most attacks are actually carried out by insiders. Whether it’s about honest mistakes, intentional leaks, misuse of account privileges, or identity theft, the people inside your business represent the biggest security problems you’ll ever face. Because these threats come from trusted systems and users, they’re among the hardest to identify and stop. However, there are ways to minimize your risk in case of an insider attack. For example, if your company uses a policy of least privilege (POLP) when it comes to user access, you can limit the damage that a misused user account can do. In a POLP, every user’s access to the various systems and databases on your network is restricted to just those things that they need to do their jobs.

Unpatched Security Vulnerabilities

Many businesses are concerned with “zero-day” exploits. These exploits are those unknown issues with security in programs and systems that have yet to be used against anyone. However, zero-day vulnerabilities aren’t the problem—unpatched known vulnerabilities are. The more often a “zero-day” exploit is used, the more likely it is to get discovered and patched. It takes a lot of effort to independently discover a completely unknown vulnerability in a system. So, attackers generally prefer to stick to known exploits.

The easiest fix for this problem is to maintain a strict schedule for keeping up with security patches. Also, gradually changing the programs and operating systems on your network to make them the same can simplify this process. For example, if every system in your organization is Windows-based, then you only have to keep track of Windows OS security patch schedules and alerts.

What are Social Engineering Attack Types? 

Social engineering or people hacking is at the crux of the majority of successful physical breaches. It depends on human contact and often includes persuading individuals to violate standard security to obtain unauthorized access to systems, networks, or physical places. You’d be surprised how easy it is to abuse individuals than it is to uncover a network or software weakness. Significant forms of social engineering attacks to be wary of are listed below:

What is Physical Breach? 

Attackers may use a thumb drive to access workplace computers in order to install key loggers or similar malware, or they may try to leave with documents containing confidential information. In any scenario, they must get through persons rather than firewalls. Because they don't have a key card, social engineering attacks may be as simple as timing their arrival into a facility with staff and getting their foot in the door.  

What is Pretexting? 

A pretexter collects information by telling a succession of well-crafted lies. They may begin by claiming that he or she requires sensitive information in order to fulfill a critical task. To acquire trust from their target, the attacker typically impersonates coworkers, police, bank and tax officials, or other persons with right-to-know authority. The pretexter then poses inquiries that are apparently used to validate the victim's identification but are really used to obtain sensitive personal information.

What is Baiting? 

A scammer uses a false promise to draw a victim into a trap in which information is taken or malware is planted on the system. It's possible that the trap will be disguised as an otherwise benign attachment with a seductive name. In the most common kind of baiting, physical material is used to spread malware. Attackers may, for example, distribute bait in the form of malware-infected flash drives in high-traffic areas where potential victims are likely to see them. The virus is immediately loaded on the machine when the victim puts the flash drive into a computer. Baiting schemes may also be found online, in the form of enticing adverts that direct viewers to harmful websites or entice them to download a malicious program. 

What is Phishing? 

For those who are unfamiliar, phishing is when an attacker sends bogus emails that appear to come from a reputable and trustworthy source. A social engineer, for example, may send an email that looks to originate from your bank's employee. They may claim to have crucial account information, but you must first respond with your full name, birth date, social security number, and account number so they can pretend to verify your identification, but actually really attempting to steal it. 

What is Insider Threat in Cybersecurity?

An insider threat is, quite literally, a security risk that originates from within the targeted organization. It typically involves a current or former employee or business associate who has access to privileged accounts within the network of an organization, and who misuses this access. Traditional security measures tend to focus on external threats and are not always capable of identifying an internal one emanating from within.

What is Third-Party Exposure? 

An organization’s attack surface is only as strong as the security of its third-party service providers. A firm with excellent security can still be vulnerable to a cyber-attack through a poorly secured third party. Historically, supply chain attacks involve trusted software or service vendors.

Cybercriminals often target third-party vendors because they handle so much data and use that data to access their larger business partners. Third-party vendors can be particularly vulnerable when they use off-the-shelf components, such as third-party APIs and open-source software.

Executives must ensure that their organizations perform necessary checks with their third parties to verify that they have sufficient information security policies and procedures. However, any organization may work with dozens or hundreds of third parties, increasing their entire attack surface.

What are Configuration Mistakes?

Poorly configured applications and servers can lead to massive data breaches if left unaddressed. These misconfigurations are any glitches that can lead to the exposure of records unprotected by access credentials. Such can happen when an organization updates its technology, modifying a network, or migrating to the cloud.

Executives must invest in cloud security heavily because cloud storage providers can have significant, exploitable vulnerabilities. It must be ensured that servers are correctly configured; be prepared to react if a misconfiguration occurs as part of the configuration management processes.

What is Poor Cyber Hygiene? 

Poor cyber hygiene includes a variety of risky practices, such as the use of easy passwords, negligence in installing security patches, clicking on suspicious email links, and the lack of proper security solutions. A recent study showed that a significant proportion of security breaches were due to deficient cyber hygiene practices.

What is Poor Data Management?

Bad data management can slow down your operations and make it difficult to make informed decisions due to inaccurate, incomplete, or irretrievable data. It also increases the risk of identity theft and fraud because it makes it easier for hackers to access sensitive information about your customers.

Poor data management can lead to losses due to faulty information about your market, causing you to fail in spotting trends, or to fall behind in competitors’ intelligence. It can leave your company vulnerable when it comes to security breaches and other cyber threats. When the data you use for business decisions is inaccurate, it can lead to serious problems. For instance, if your numbers are wrong and you make budgeting decisions based on those, your business could suffer as a result.

What are Inadequate Post-Attack Procedures?

No one can be 100% protected from cyber incidents. In the event of a cyberattack, cyber resiliency and incident response measure how an organization contains, diagnoses, and mitigates it.

Failure to recognize cyber risks often leads to organizations neglecting to patch known vulnerabilities or address alerted risks. More often than not, the typical organization tends to exhibit poor attack response awareness, resulting in more severe data loss or system damage due to their slow reaction. Repercussions also include loss of business due to downtime, loss of customers due to reputational damage, loss of funds that went to remediate the issue and pay penalties.

Executives must be realistic about the likelihood of successful cyberattacks in the current cyber threat landscape. As such, they must allocate time, funds, and effort in planning the organization’s response to a significant cyber incident.

What is Cloud Security in Cybersecurity?

Cloud security, a.k.a. cloud computing security, is designed to protect cloud-based infrastructure, applications, and data. These measures ensure proper authentication, access control, and data privacy protection. It’s a matter of trust, really: smart organizations rely on GlobalSign’s Managed PKI to bolster their cloud security. Click the link to download our ebook.

What are Cloud Vulnerabilities?

Cloud vulnerabilities are gaps in a cloud computing environment that can be exploited to gain unauthorized access intended to disrupt services or steal data. As if technology is mirroring nature, most cloud breaches are caused by the same types of vulnerabilities, meaning organizations still do not learn to take the right steps to protect themselves. These vulnerabilities include:

• Misconfigurations: Errors in the security settings of cloud systems and applications. Very often, these are the byproduct of administrative lapses, fast-paced dev environments, and a simple lack of awareness. GlobalSign can help with this issue through automated identity management.

• Lack of visibility: Enterprises typically use a whole roster of cloud technologies from various providers, creating interconnected and constantly moving IT environments. Vulnerabilities of different proportions are all over such dynamic infrastructure. A lack of visibility can be detrimental to identifying and mitigating these, and, fortunately, GlobalSign is here to help through centralized visibility via automated solutions.

• Poor access management: Digital identities vastly outnumber human identities in cloud environments, which makes them alluring targets for threat actors. Identity access management (IAM) and other identity-related cloud vulnerabilities can be powerful initial attack vectors for cybercriminals to infiltrate an IT environment. GlobalSign is here, on standby to offer MFA, along with automated identity lifecycles and centralized access management capabilities.

• Insider threats: Insider threats are vulnerabilities attached to individuals or entities that already have some degree of access to and knowledge of an enterprise’s IT environment. Insiders could include current and former employees, third-party vendors, and partners.

• Unsecured APIs: Cloud APIs facilitate communication and data exchange between cloud software and applications, and API vulnerabilities are a prominent attack vector for threat actors.

• Lack of encryption: This allows unauthorized individuals to access sensitive data if they manage to infiltrate the cloud environment. GlobalSign’s digital certificates use encryption protocols that can help you with this.

Conclusion

The fight against today’s ever-evolving threats requires the winning combo of tech, user alertness and awareness, and effective incident response to mitigate impact. The key is to stay informed and prepared. The nitty gritty includes enforcing strong password policies, conducting regular cybersecurity training, keeping systems up to date, and implementing trusted and leading information security solutions such as the ones that we offer here at GlobalSign.