Tag: Cyber Security Threats

Understanding Insider Threats To Cybersecurity

On June 25, 2021

An insider threat is a type of malicious activity against an organization that comes from users having authorized access to the network, databases, or applications of the organization. These users can be current employees, former employees, or third parties like partners, contractors, temporary workers, etc. This type of threats also includes users who unintentionally cause harm to the business.

Understanding insider threats is highly important because the frequency of insider threats has increased. As per “2020 Cost of Insider Threats: Global Report”, 60% of organizations had more than 30 insider-related threats per year and number of insider threats has increased by 47% in two years.

Types Of Insider Threats:

Malicious Insider: This type of threat includes an employee or partner who purposely tries to steal information or disrupt operations.

Negligent Insider: This is an employee who puts the organization security at risk by not following proper IT procedures. For example –

An employee who left his computer logged in and unattended.
An administrator who did not change a default password.
An IT professional who did not install a security patch.

Compromised Insider: An example of a compromised insider is an employee whose computer has been infected with malware via a phishing scam or compromised downloads. The compromised machine is used by cyber criminals for stealing data, infecting other systems, etc.

How Are Employees Compromised?

Different means that can be used to compromise an insider are:

Phishing – The target employee is contacted via email or text to bait the individual into providing sensitive information.
Malware Infection – The machine is infected with malicious software to infiltrate the system and steal sensitive information or user credentials.
Credential Theft – Cyber criminals adopt techniques such as phishing, malware, bogus calls, and social engineering to trick users into providing username and password.
Pass-the-Hash – This is similar to password theft attack but relies on stealing and reusing password hash values rather than actual plain text password.

Ways To Prepare Against Insider Threats

Following steps can be used to be prepared against insider threats:

Employee Training
Coordinate IT Security & HR
Build A Threat Hunting Team
Employ User Behavioral Analytics

Centex Technologies offers assistance to businesses in ensuring security from insider threats. For more information on cybersecurity solutions for businesses, contact Centex Technologies at (254) 213 – 4740.

Emerging Cyber Security Threats

By centexitguy

On March 30, 2021

In Security

2020 has witnessed a great change in the work environment of organizations with an increase in number of remote and work from home employees. This change in dynamics has paved way for new cyber security threats along with re-emergence of some old threats.

Here is a list of emerging cyber security threats that organizations should be aware of in order to stay protected:

Work-From-Home Attacks: Cyber security attacks on work-from-home or remote employees are not new but the frequency and extent of such attacks has increased many folds with the new work culture. Cyber criminals are targeting multiple and insecure home networks at same time to launch wide spread breach of critical systems and services. AN effective way to solve this problem is to effectively use Identity & Access Management Tools that are capable of analyzing user activity, resource requests, and corporate connectivity behavior.
Brute Force Attacks: Brute force attacks have resurfaced as cyber criminals are recognizing the potential of DDOS attacks. Hackers are making use of simple services delivery protocol (SSDP) and simple network management protocol (SNMP) to launch large number of Distributed Denial Of Service attacks. Use of botnet swarms has enable hackers to amplify IP requests to overwhelm organizational networks leading to slower response time. SNMP attacks can cause more damage as the protocol connects and manages common corporate devices, such as modems, printers, routers and servers. Compromised SNMP help attackers in bypassing firewalls which exposes all corporate services to risk.
Fileless Frameworks: Fileless malware and ransomware attacks are designed to bypass common detection controls and infiltrating key systems by using legitimate platforms or software tools that already exist within corporate networks. This allows hackers to get past common detection methods that scan for malicious files. Use of existing system tools does away with the need for cyber criminals to design an attack framework which decreases the time required for malware development.
Front Line Phishing: One of the biggest news of 2021 is COVID-19 vaccine. People are extensively searching online to know more information about the vaccine such as current state of the disease, when will the vaccine be given out, who has been approved to get the vaccine, etc. Thus, organizations and individuals should be prepared for phishing attacks fabricated around this topic. Cyber criminals are using COVID-19 vaccine information links as phishing baits in their emails or messages to lure users.

For more information on cyber security threats, contact Centex Technologies at (254) 213 – 4740.

Rising Security Threats

By centexitguy

On May 25, 2019

In Security

Cybersecurity threats are not new; however, they have gained momentum as the intensity and volume of attacks has increased in recent years. A mix of sophisticated old threats and new zero-day attacks have given rise to the need for new cyber security techniques.

In order to formulate effective cyber security strategies, it is important to understand different types of rising security threats:

Insecure API: API refers to Application Programing & User Interface. When an organization sources a cloud service from a service provider, the interface is not used by a single client. It is shared by numerous other users; thus, the organization cannot control the security of interface. As a client, organizations should make sure that the service provider incorporates stringent security measures starting from authentication to encryption.
Direct Data Center & Cloud Attacks: The cyber attackers launch these attacks by locating vulnerabilities in applications and exploiting them to enter a cloud network. Generally exploited vulnerabilities are insecure passwords and lack of proper authentication. Once the cyber attackers gain access, they can move across the applications & data centers freely. Such attacks are not easily spotted by the compromised organizations.
Crypto-jacking: As cryptocurrency is gaining popularity, cryptocurrency attacks are also rising. Crypto-jacking is the term used for unauthentic use of someone’s computer for mining cryptocurrency. The crypto mining code is either encrypted in a link which is sent to the victim via a phishing e-mail or it is loaded in an infectious online ad or website. Once the user clicks on the link, the code is installed on his computer. However, in case of infected ad or website, the code is not loaded on victim’s computer. As the website or ad pops up in victim’s browser, the code is auto-executed. Unlike ransomware, crypto mining code does not harm user’s personal data but uses CPU resources which results in slow processing.
Advanced Persistent Threat (APT): In APT, the hacker breaches a network but stays undetected for a long time; thus, increasing his dwelling period instead of asking for instant ransom. The main motive is to steal information or security data unobtrusively. The breach could be caused by using malware, exploit kits or by piggybacking on legitimate traffic. Once breached, the attackers could steal login credentials to move across the network easily.
IoT Attacks: IoT now includes laptops, tablets, routers, webcams, smart watches, wearable devices, automobiles, home electronics, etc. As IoT is becoming more ubiquitous and number of connected devices is increasing, cyber criminals are targeting the IoT networks for cyber invasions & infections. Once they gain access to a network, cyber criminals can program the devices to create chaos, lock down essential devices for financial ransom, overload the network, etc.

With rising cyber security threats, organizations need to follow strict data management and security practices to protect their data.

For more information about IT and security risks, call Centex Technologies at (254) 213-4740.