Cybersecurity expert explains how virtual wars are fought
With the Russia-Ukraine war in full swing, cybersecurity experts point to a cyber front that had been forming online long before Russian troops crossed the border. Even in the months leading up to the outbreak of war, Ukrainian websites were attacked and altered to display threatening messages about the coming invasion.
“In response to Russian warfare actions, the hacking collective Anonymous launched a series of attacks against Russia, with the country’s state media being the main target. So we can see cyber warfare in action with new types of malware flooding both countries, thousands of sites crashing under DDoS (distributed denial-of-service) attacks, and hacktivism thriving on both sides of barricades,” Daniel Markuson, a cybersecurity expert at NordVPN, says.
The methods of cyberwarfare
In the past decade, the amount of time people spend online has risen drastically. Research by NordVPN has shown that Americans spend around 21 years of their lives online. With our life so dependent on the internet, cyber wars can cause very real damage. Some of the goals online “soldiers” are trying to pursue include:
Sabotage and terrorism
The intent of many cyber warfare actions is to sabotage and cause indiscriminate damage. From taking a site offline with a DDoS attack to defacing webpages with political messages, cyber terrorists launch multiple operations every year. One event that had the most impact happened in Turkey when Iranian hackers managed to knock out the power grid for around twelve hours, affecting more than 40 million people.
Espionage
While cyber espionage also occurs between corporations, with competitors vying for patents and sensitive information, it’s an essential strategy for governments engaging in covert warfare. Chinese intelligence services are regularly named as the culprits in such operations, although they consistently deny the accusations.
Civilian activism (hacktivism)
The growing trend of hacktivism has seen civilian cyber activists take on governments and authorities around the world. One example of hacktivism is Anonymous, a group that has claimed responsibility for assaults on government agencies in the US. In 2022, Anonymous began a targeted cyber campaign against Russia after it invaded Ukraine in an attempt to disrupt government systems and combat Russian propaganda.
Propaganda and disinformation
In 2020, 81 countries were found to have used some form of social media manipulation. This type of manipulation was usually ordered by government agencies, political parties, or politicians. Such campaigns, which largely involve the spread of fake news, tended to focus on three key goals – distract or divert conversations away from important issues, increase polarization between religious, political, or social groups, and suppress fundamental human rights, such as the right to freedom of expression or freedom of information.
The future of cyber warfare
“Governments, corporations, and the public need to understand this emerging landscape and protect themselves by taking care of their physical security as well as cybersecurity. From the mass cyberattacks of 2008’s Russo-Georgian War to the cyber onslaught faced by Ukraine today, this is the new battleground for both civil and international conflicts,” Daniel Markuson says.
Markuson predicts that in the future, cyber war will become the primary theater of war for global superpowers. He also thinks that terrorist cells may focus their efforts on targeting civilian infrastructure and other high-risk networks: terrorists would be even harder to detect and could launch attacks anywhere in the world. Lastly, Markuson thinks that activism will become more virtual and allow citizens to hold large governmental authorities to account.
A regular person can’t do much to fight in a cyber war or to protect themselves from the consequences.
However, educating yourself, paying attention to the reliability of sources of information, and maintaining a critical attitude to everything you read online could help increase your awareness and feel less affected by propaganda. For the Silo, Darija Grobova.
How to avoid being hacked during this Fall’s travel season.
According to a recent study by cybersecurity firm NordVPN, one in four travelers has been hacked when using public Wi-Fi while traveling abroad. However, unsecured Wi-Fi is not the only factor travelers should be worried about.
Last year, the FBI published a tweet (see below) warning users against smartphone charging stations in public places (airports, hotels, and shopping malls). Hackers may have modified the charging cables with the aim of installing malware on phones to perform an attack called juice jacking.
“Digital information, although it exists virtually, can also be stolen using physical devices. So it is important to take a 360-degree approach and secure your device from both online and offline threats,” says Adrianus Warmenhoven, a cybersecurity advisor.
What is juice jacking?
Juice jacking is a cyberattack where a public USB charging port is used to steal data or install malware on a device. Juice jacking attacks allow hackers to steal users’ passwords, credit card information, addresses, names, and other data. Attackers can also install malware to track keystrokes, show ads, or add devices to a botnet.
Is juice jacking detectable?
Juice jacking attacks can be difficult to detect. If your device has already been compromised, you may notice some suspicious activity – but that won’t always be the case.
For example, you may notice something you don’t recognize on your phone — like purchases you didn’t make or calls that look suspicious.
Your phone may also start working unusually slowly or feel hotter than usual. Chances are you may have picked up malware. For a full list of signs to watch out for read on and find out how to know if your phone is hacked.
How to protect yourself
Since no sign of juice jacking is 100% reliable, it is best to avoid falling victim to this attack by using the following the advice:
Get a power bank. Power banks are a safe and convenient way to charge your device on the go. Getting a portable power bank means that you’ll never have to use public charging stations where juice jacking attacks occur. Always ensure your power bank is fully charged so you can use it on the go.
Use a USB data blocker. A USB data blocker is a device that protects your phone from juice jacking when you’re using a public charging station. It plugs into the charging port on your phone and acts as a shield between the public charging station’s cord and your device.
Use a power socket instead. Juice jacking attacks only happen when you’re connected to a USB charger. If you absolutely need to charge your phone in public, avoid the risk of infected cables and USB ports and use a power outlet. This is typically a safe way to charge your mobile device and other devices in public.
According to research by our friends at NordVPN, one of the leading cybersecurity companies, adult content, streaming, and video hosting sites have the most security and privacy threats, such as malware, intrusive ads, and trackers. Research shows that NordVPN’s Threat Protection feature, whose sole purpose is to protect people from such threats, blocked 344M trackers, 341M intrusive ads, and 506K malware infections in the month of December 2022 alone.
“The online world is challenging people in every single move they make. Want to read an article? Dozens of ads and pop-ups are ready to immediately cover your screen. Another privacy threat – malware – is lurking for you on websites and in files you are about to download. Websites you browse are also full of third-party trackers that analyze your browsing history to find out what you do online. It depends on you to stop it,” says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN.
Adult content sites contain the biggest amount of malware
Malware is malicious software that seeks to damage or compromise a device or data. Malware’s scope varies from relatively harmless to extremely dangerous. Malicious software can track people’s data, steal sensitive information, or even delete it without your consent.
NordVPN research shows that adult content sites (21%), as well as cloud storage providers (14%) and entertainment sites (11%), contain the biggest amount of malware. In December, Threat Protection blocked 60.4K, 40.1K, and 30.9K domains of these categories respectively.
Among the most common types of malware are viruses, spyware, worms, trojans, adware, scareware, ransomware, and fireless malware.
Streaming media sites have the most intrusive ads
Intrusive advertising refers to pushing invasive and irrelevant ads in front of consumers. They irritate users by popping up unexpectedly, blocking the host page, opening new pages and windows, or playing video and audio at inopportune times.
As for intrusive ads, the majority of them were found on streaming (23%), adult content (16%), and online shopping (9%) sites. Threat Protection detected and blocked millions of them: 552M, 389M, and 226M respectively.
“Today, ad blockers are essential for both security because they block ads that can infect people’s devices and privacy because annoying ads rely on collecting data from web activity and violating people’s privacy. Also, if a website is loading slower than usual, you can blame intrusive ads. Free apps filled with unwanted ads could also drain your device’s battery faster,” explains Adrianus Warmenhoven.
image: variety.com
Video hosting sites have the biggest number of trackers
While many trackers are a tool for advertising and improving user experience, they may also become handy for online spies. Internet service providers (ISPs), marketing agencies, social media companies, and governments can access your online actions and breach your privacy.
NordVPN’s Threat Protection showed that video hosting sites (22%), cloud storage providers (16.31%), web email (16.25%), and information technology sites (12%) have the most trackers. Video hosting sites alone had 239 billion trackers blocked by Threat Protection in December 2022.
It’s worth adding that earlier NordVPN research showed that the average number of trackers per website is highest in Hong Kong (45.4 trackers), Singapore (33.5), the United States (23.1), and Australia (18.6).
“You can become less trackable online by declining third party cookies, because the website can sell your browsing data to third parties; using a VPN, which will hide your real IP address and location; installing a tracker blocker, which will stop your browsers from collecting information about you; and using privacy browsers, which can obfuscate your browser fingerprint, or ditching Google, which tracks a lot of data about you,” says Adrianus Warmenhoven.
Threat Protection scans your files before you download them, identifies threats, and blocks them before they can harm your device. The feature is free with every NordVPN subscription – and it allows you to go online without leaving a trace, protecting your privacy and improving your digital security.
Methodology: The statistics mentioned above were acquired by analyzing aggregated data gathered by the NordVPN’s Threat Protection service in January 2023. No identifiable user information was collected, reviewed, or otherwise involved when the research and compiled results were conducted.
Within the global sector of cyber security, the two major areas that are constantly under attack are financial and governmental. Financial organizations that hold consumer data, in particular those that provide financial services to retail and commercial customers, including banks, investment companies, real estate firms, retail banking and insurance companies, are an obvious target for the simple fact that this is where the money is. At the end of the day, unless an attack is of a personal nature, in which the reputation of an individual or business is targeted, monetary assets are the endgame.
Now imagine a cyber threat the same as you would a burglar walking down the street. When a thief leaves their home, they do not necessarily know what they are going to target, unless they have done some reconnaissance and are after something specific. In most cases, however, the target itself is not premeditated. And a house which is more vulnerable and has less defences, will always be the first point of call. Given the choice between a house with an open window and lights out, and a house with attack dogs, security cameras and search lights, nine times out of ten a burglar will take the opportunity to infiltrate the house with the open window. Why? Because it is easier and quicker to break into this house successfully.
The same applies within the finance industry. If there is a vulnerability, it will be the first target. In response, banks and financial institutions require tailored and sophisticated security to support their systems and people, and to defend against an onslaught of complex and aggressive cyber-attacks. Not only must security compliance within the financial sector be tenfold, but it is essential that security precautions evolve, to mirror the growing threat landscape.
But as new cyber threats develop daily, this is easier said than done.
Anti-Fraud Systems
To uphold compliance, and elements such as GDPR, antifraud systems within the finance industry have developed significantly over the last few years to safeguard credentials. To do this a combination of key codes, two factor authentication, voice ID, behavioral analysis, one-time passcodes, protective messaging, and digital fingerprinting have been widely integrated.
In fact, if you look at the document, ‘Comparison of banking providers’ fraud controls’, from the Financial Conduct Authority (FCA), the majority of banks use a combination of these systems. With organisations including the Bank of Scotland, First Direct, Halifax and HSBC, using touch identification. An element that would seem almost impossible to recreate virtually.
But cyber criminals have a concerningly accurate knowledge of the internal workings of banking and banking systems. And, in 2019, an arena known on the dark web as Genesis Market was uncovered. Within Genesis Market, digital fingerprints, stolen from PC’s, were/are sold. And, with each fingerprint, a user’s digital identity provides the means to bypass security measures and gain access to accounts.
According to darknetstats, Genesis Market is accessible by invitation alone. Once in, not only are fingerprints available, but so are passwords, credit card information, cookies and more.
Admiral Kirk retina scan in progress. Star Trek 2: The Wrath of Khan
It is no wonder that retina scanners are developing in the biometrics/banking sphere.
Internal Threats
It can be argued that the reason why many cyber criminals know so much about the inner workings of financial organisations is because, at one point or another, many worked legitimately within the industry. Internal teams pose as much of a threat as external attacks. In every Bond film there is always an insider guy.
The Insider guy in 1995’s James Bond film GoldenEye. Alec Trevelyan (006), aka Janus.
But whether an attack is malicious or accidental, internal security breaches are regular occurrences. Which us why User Behavior Analytics is crucial to understand the actions within a team, and to highlight and stop unusual activity before the damage is done.
Another element that is important to recognize with regards to internal threats, is that many employees/insiders are completely unaware that they are a threat in the first place. Take, for instance, an employee working remotely. This employee may be sat at a local café where they decide to work on a company device. If this device was unknowingly hacked while using a different Wi-Fi, the user may be completely unaware that they are spreading malicious malware via their device throughout the company.
Ransomware
Say a crime group has gained access to personal accounts. The next logical step is to blackmail the victim/organization via ransomware. Unfortunately, as a public security breach would cause mass panic and many potential lawsuits, banks will often pay off cyber criminals into an anonymous cryptocurrency account, rather than lose client data. Crime groups know this.
Sometimes victims speak out, but this does not always end well.
Take Travelex, the currency exchange company, for instance. Following an attack by a Sodinokibi ransomware in January, $6 million usd was demanded in exchange for 5GB of personal data. Since the attack, Travelex has fallen into administration, with PwC saying that the ‘foreign exchange firm was acutely impacted by COVID and the recent cyber-attack.’
For financial organisations, ransomware can and will destroy a whole business. And, if they lock you out of an account, you are finished.
App Developments
Apps surrounding investment and finance have grown substantially in 2020. This, in part, is a good thing, as the ability to invest online is quick and easy, and accessible to all. But due to the demand, many of these apps were developed quickly and are underprepared for cyber-attacks.
For instance, many do not provide two-factor authentication, are not supported by the appropriate regulations, are not patched or maintained properly, and do not have contingency plans in place to mitigate the effects of a cyber-attack. As a result, personal information of app users is relatively easy to steal and sell. This can be done by creating duplicate fraudulent apps to trick the user. On these duplicate apps, the imagery and language of the genuine app is mirrored. And, once the personal information is supplied, both real and virtual money is then accessible. Thus, the circle of ransomware ensues.
COVID-19
Another element to take into consideration over the past two years and counting is, of course, COVID-19. According to an article by ComputerWeekly, ‘what has been referred to as an “unprecedented anomaly”, cyber criminals were and to some degree still are increasingly targeting the financial services sector during the Covid-19 coronavirus pandemic, with attacks on banks and other financial institutions spiking by 38% between February and March of 2020 to account for 52% of all attacks observed by VMware’s Carbon Black Cloud.’
COVID-19 has altered cyber security on a global scale and in every vertical.
Third-Party Risk
These days, few organisations work on their own. The majority use third parties, including vendors, partners, e-mail providers, service providers, web hosting, law firms, data management companies, subcontractors and so on. With regards to many of these, from IT systems to sensitive information shared with legal teams, these third parties could easily be a backdoor into your financial systems for attackers to infiltrate.
According to Ponemon Institute, ‘53% of organisations have experience one or more data breaches caused by a third party, costing an average of $7.5 million to remediate.’ For a large organisation, this can be crippling. And can wipe out a small organisation in a matter of minutes.
To manage third parties, financial organisations must have the ability to detect threats, and the capability to respond to them. Which requires the right combination of people, processes, and technologies.
But half the battle is locating vulnerabilities in the first place. Which is why cyber resiliency needs to be sharp, and why investing in the best managed security services is essential. From Firewall Management, to Decoy Deception and Honeypots, it is important to know what services will support an organisation best. This will depend on factors including location, company size, current security measures and more.
Considerations
Cyber threats will continue to grow into 2023. That much is clear.
Financial organizations have either already tackled a cyber-attack, will tackle one in the very near future, or may be a target of one currently, but are simply unaware of the fact.
Effective security comes down to three key elements. Processes, people and technology. Processes must run seamlessly alongside the organisation. Security experts must have the capability to detect, react and understand the context of a risk. And the technology must be superior, to keep up with cyber threats. All elements are equally as important, and you must have all three to ensure security.
In times like these security measures are more crucial than ever. Especially for those within finance. So that our life savings are secure, the security of our loved ones is maintained, and the livelihoods of those employed within the financial world continues. Contact SecurityHQ for a free consultation to learn more. For the Silo, Eleanor Barlow.
As the 2022 school year comes to an end, the surge of summer travel plans begins. With an estimated60%of Canadians and Americans planning at least one trip over the next 3 months, hackers have roughly 200,000,000 projected tourists to prey on.
Lookout’s Cyber Security Expert, Hank Schless, shares how these cyber-attacks usually capitalize on travelers who are often overwhelmed or distracted when in unfamiliar environments, like airports and cafes.
>> Public Wifi Connections
“Although many airports offer free Wi-Fi connectivity, you should make sure that you join the official airport network and not a similar network that is configured to trick travelers into giving up their usernames and passwords”
Attackers have been known to set up fake networks – with obvious but convincing names like ‘Starbucks_Guest_WiFi’.
Once you connect, they’ll gain access to sensitive information, including your login credentials, emails, and messages.
In order to protect yourself from wifi threats, alter your device’s settings so that it does not automatically connect to nearby networks, which the Lookout app does automatically.
>> Social Awareness & Juice Jacking
While on the go, travelers rely on power outlets and USB cords to keep their mobile device’s battery charged. Attackers can exploit USB chargers by loading malware onto them that infects your device the second you plug it in – Always be aware of your surroundings.
The “USB condom” works by physically disconnecting the data pins of a USB device and only allowing the power pins to make contact.
If someone approaches you and offers their USB charging cord, it is best to decline.
Always travel with your personal USB cords, and plug your charger directly into an electrical socket (vs USB port) if possible.
The easiest place for a scammer to steal or hack your phone is in crowded areas – so never leave your phone or device unattended and only let people you know “borrow” your devices.
>> SMS and Email Travel Updates
“It’s important to be on guard for travel-related email, text, and social media scams as well. Attackers may try to steal a traveler’s credentials through phishing campaigns that pretend to be an airline, credit card company, or TSA”
The Lookout App by Google is now available in Canada.
Here’s how it works: A scammer will send a message telling the recipient that their TSA PreCheck needs to be renewed, but the link in the renewal email leads to a fake site where hackers can accept payment and steal a victim’s personal information.
Although the TSA sends renewal reminder texts and emails, travelers should always go directly to the TSA website for information on their existing accounts.
For added protection, consumers can also download security – Security protection, like the Lookout app, will automatically monitor and identify scam URLs in email, text messages, and on the web and block you from threats that can do harm.
Criminals continue to impersonate well-known brands to trick people into giving up their personal information.
According to the data presented by the Atlas VPN team, Crédit Agricole, a French financial group, was by far the most used brand in phishing attacks in H1 2021. The brand was linked with 17,755 unique phishing URLs, followed by social media giant Facebook with 17,338 and Microsoft with 12,777.
The figures are based on Phisher’s Favorite Top 25 H1 2021 report by Vade, which looks at the 25 most impersonated brands in phishing attacks from January 1, 2021, to June 30, 2021.
Multi-platform messaging service provider WhatsApp is the second social media brand to make the top ten list. It was taken advantage of in 8,727 phishing attacks. Meanwhile, French bank La Banque Postale occupies the fifth spot with 7,180 attacks.
Other brands in the top ten list include multinational telecoms company Orange (4,047), the world’s largest online retailer Amazon (3,501), multibillion-dollar media, entertainment, and communications company Comcast (3,116), digital payment service provider PayPal (2,601), and American national bank Chase (2,537).
Most phishing assaults were perpetrated in Brazil, followed by Russia and Indonesia.
Financial brands were criminals’ favorite
Generally, cybercriminals choose highly-trusted brands in their phishing campaigns. However, brands in certain industries were more favored than others.
Financial service brands were particularly popular in phishing attempts due to the rise in digital payments and growing reliance on online banking during the pandemic. They accounted for 36% of URL phishing attacks in H1 2021.
Cybercriminals spoofed well-known financial brands such as Crédit Agricole, La Banque Postale, PayPal, Chase, Wells Fargo, Square, HSBC, and Banque Populaire to lure out sensitive information from unsuspecting victims.
Social media companies were also heavily impacted. Social media brand impersonation accounted for over a quarter (26%) of all brand phishing attacks in the first half of this year. Apart from Facebook and WhatsApp, Instagram and LinkedIn were common choices for criminals.
Next up is the cloud sector. Cloud companies like Microsoft, Netflix, Adobe, and DocuSign were involved in 17% of URL phishing attacks. Meanwhile, 11% of phishing assaults targeted e-commerce and logistics companies, such as Amazon, DHL, Rakuten, Apple, and eBay.
The remaining 10% of brands spoofed in URL phishing attacks were internet and telecommunication companies, such as Orange, Comcast, Yahoo, SFR (9%), as well as government organizations (1%).
Tips to avoid phishing scams
Keep your browser up to date. Look out for browser updates. They are released regularly and may contain security patches for vulnerabilities that were discovered on the browser. Cybercriminals often launch attacks to exploit known security vulnerabilities. Therefore it is essential to install any browser updates as soon as they become available.
Inspect the website’s URL. Carefully inspect the website’s URL before taking any action. Criminals use visually similar characters such as lower case “L” and capital “I” to deceive people into thinking they are on a legitimate website.
Look for an SSL certificate. Make sure the portal address starts with HTTPS (not with HTTP) and has a green padlock symbol before the web address. This means that the website has an SSL certificate, and the connection is encrypted.
Beware of grammar mistakes. Scammers rarely hire professional writers to check their copy-cat website’s content for errors. If a website is riddled with spelling mistakes, there is a high chance it is not legitimate.
Check if the website has been flagged. You can use URL checkers to see if the website has already been flagged. You can find many tools for this purpose by searching “Check URL safety” in Google.
Use Tracker Blocker. Take advantage of the Atlas VPN Tracker Blocker tool, which stops third-party trackers and blocks malicious websites for a safer browsing experience.
“You pay your money, as the saying goes, and you take your chances.” says Falkowitz, CEO of Area 1 Security. “More and more these days, it seems like this ‘policy’ is the rule rather than the exception, in everything from health care insurance to the commuter parking lot. Even though you’ve paid for the product or service, no one’s really responsible for some reason when you suffer damages while consuming whatever it is you bought. Or worse yet, you somehow find that whatever you bought doesn’t really do what you bought it for. And there’s an asterisk somewhere in the fine print to explain why. Unfortunately, nowhere is this more prevalent than in today’s cybersecurity industry.”
Despite the billions spent on cybersecurity we continue to suffer the most debilitating and expensive breaches imaginable, and some that cannot be imagined under any circumstances. Yet experts predict the worst is still to come. Cybercrime has moved from data theft and website defacement to a trajectory that includes data manipulation, data loss and eventually, if something is not done to change the economics of being a bad guy on the internet, threats to the stability of society itself.
“Cybersecurity companies seem to be content to collect their millions with the caveat that they can’t really offer protection in exchange,” continues Falkowitz. “Their customers likewise collect mountains of data on their customers and are appropriately contrite when that data is stolen or misused but the apology is not accompanied by compensation. Even the government can’t protect itself, or its citizens even if they’re attacked by another nation-state.”
The excuses and the explanations are familiar: Cybersecurity is too complicated. Hackers are too clever. Attacks are unprecedented.
“Nonsense. Every bit of it.” says Falkowitz. “Cybersecurity is no more complicated than hundreds of other things we do routinely, from sending astronauts into space or open heart surgery. Hackers are human, just more persistent about how to fool the rest of us. And attacks are based on the same tried and true methods—phishing—they’ve been using for decades.”
Oren J. Falkowitz is the co-founder and CEO of Silicon Valley’s Area 1 Security. Oren held senior positions at the NSA and United States Cyber Command (USCYBERCOM) where he focused on Computer Network Operations & Big Data and is a predominant cybersecurity industry thought-leader committed to keeping high-level national security conversations relevant. For the Silo, by Jennifer Vickery.
