The new year in Portugal brought to the table a new old topic: cybersecurity. Although it’s not something new, the recent attacks on Impresa group and Vodafone showed that we are all at the mercy of hackers and that we have to take precautions not to be the next victims.
Deeper research was done by our Fullstack Developer, Mauro Alberto, where after all the information collected and the analysis done, he shared all the material in a meeting with everyone at PIPECODES which was very enriching and enlightening.
An introduction to the topic of cybersecurity was then covered, followed by how hackers carry out their attacks on companies. Remote work security is also a topic that will be mentioned here, along with what whale threats are and how not to fall into their traps.
A short introduction to cybersecurity
In the world we live in today, having zero knowledge of computer security and surfing the Internet at the same time is making the day for hackers all over the world, and if they can target the company that employs you, all the better, because not only can you put yourself at risk, but you can cause irreparable damage to the company.
Computer security or cybersecurity is the protection of computer systems. It can be against theft or damage to hardware, software, or electronic data, as well as interruption or disorientation of the services they provide. The number of cyberattacks is increasing and investing in computer security is a must since it helps keep data safe from being stolen or altered and protects against viruses.
So let’s start by looking at the most common types of cyberattacks.
Types of Cyberattacks
What is a cyberattack? We can define a cyberattack as an abusive action that targets personal computing devices, computer information systems, or infrastructure computer networks with the objective of altering, stealing, or destroying information systems or data. There are several types of cyberattacks, but we will focus on malware, man-in-the-middle, phishing, and password attack.
Malware is any software that is intentionally made to cause damage to a computer, server, or computer network. It usually appears when you download items you are not aware of. The four most common types of malware are Trojan, Adware, Spyware, and Ransomware.
- Trojan is a type of malicious code or software that appears to be legitimate, and is intended to take control of your computer. A Trojan is designed to damage, disrupt, steal, or generally inflict some other harmful action on your data or network.
- Adware is any computer program that automatically runs and displays many advertisements without the user’s permission. The functions of adware are to analyze the Internet sites that the user visits and present him with advertising pertinent to the types of goods or services presented there.
- Spyware is any software that installs itself on your computer and begins to secretly monitor your online behavior without your knowledge or authorization. Spyware is a type of malware that secretly collects information about a person or organization and passes this data on to other parties.
- Ransomware is malware that employs encryption to retain a victim’s information. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications.
Man in Middle:
It’s where the hacker manages to get between the servers and the end-user. The hacker can find out the end-users IP and intercept the communication. Accessing insecure Wi-Fi networks is a danger, and hackers also have access to existing hardware (specific antennas) that can pick up information “literally” out of the air.
This is a type of attack in which a hacker sends fraudulent e-mails that look like they come from a trusted source. They may either want to obtain personal information (credit cards, login credentials) or install malware on your PC.
This attack happens when the hackers try to find out someone else’s pass, try to get the most used passwords (123456, qwerty), guess questions from emails. To avoid this, recent apps always ask for 8 digits with Capitals, mixed cases, and Symbols.
Image source: https://www.slanecartoon.com/
Cyberattacks on companies
As the world becomes more computerized, more of these attacks will happen. When they are made to organizations they create colossal losses, because with little effort they can create brutal losses to companies. Now let’s take a look at the most common attacks against companies:
- Advanced Persistent Threat (APT): An advanced persistent threat is an attack in which an unauthorized user gains access to a system or network and remains there for an extended period of time undetected.
- Distributed Denial of Service (DDOS): (DDoS) attacks are a subclass of Denial of Service Attacks (DoS). A DDoS attack involves multiple connected online devices that are used to overwhelm a target website with fake traffic, failing to serve customers.
- SQL Injection Attacks: SQL Injection attacks are direct database attacks that use malicious SQL code to manipulate data by accessing, modifying or deleting the information.
Within attacks on companies, there is a very specific one that refers to attacks on the company’s top ranks, known as Whalling Threats.
Whalling threats is a method used by cybercriminals to disguise themselves as people in high positions in the organization and directly target people in high positions, with the aim of stealing money, sensitive information, or gaining access to their computer systems.
They usually choose the person because of his or her title, visibility, or high-level access privileges. Hackers know that people in high positions in a company are well-informed, so they are harder to fool.
That is why Whalling Attacks are known for their sophistication and their features are:
- They are well-designed and well written, passing the scrutiny of the common eye.
- The language that resonates with the chosen target.
- Credible scenarios that drive urgency.
Knowing what hackers’ social engineering methods are can help prevent future attacks.
Social Engineering: Using trickery and manipulation in order to disclose personal and confidential information
In order to achieve their goals, they even create fake accounts, start linking to the target’s connections to make themselves seem more trustworthy (for example, on LinkedIn). Hackers also google the person (to see habits, interests, agenda), travel itineraries, public appearances, and even search for the target’s family.
Next, let’s look at how we can improve the shift from working in the office to working at home.
Safety in Remote Working
Due to the pandemic raging around the world, CISO (Chief information security officer) everywhere were faced with a huge challenge: How to get people out of the safety of the office and get them safely into the insecure environment of your home.
It is a challenge to get out of office security as we have many tools/controls there in the office and on the network. We don’t have the same controls in our home. So in doing this, there are factors to consider:
- Confidentiality: Won’t the software sell your calls/messages? Will the records be well-kept, or will information be lost?
- Availability: Will it lose quality in the middle? Will it always be online? How are we doing with the scaling? Because it’s not just us using the tool/software.
- Specificity: The same tool may be good to use to record a podcast, but may not be good to have a client meeting. We have to know how to evaluate the sensitivity of the information.
Having seen the types of attacks that we can be targets of, let’s now look at some tips to avoid future attacks.
No one wants to see their compromised system or protected company information (which may be the company’s or their customers’) in the hands of random hackers. To avoid this, we have to keep a few points in mind:
- Install firewalls and antivirus: A firewall is a virtual wall between your pc and the internet. Filters what comes in and out of your pc in order to keep your network secure. It can be either software or hardware.
The difference between the 2 (firewalls and antivirus) is that the firewall can be physical, and it protects both the software and the hardware of the network because it inhibits viruses from entering the system. Antivirus, on the other hand, protects software by removing infected files or software.
- Complex passwords: Forget the keywords 12345 or the name of your favorite club. At least 8 characters, with numbers, capital and small letters, and symbols.
- Do not open emails from unknown people/entities.
- Honeypot: A honeypot is a computer or a system of computers that is intended to pretend that it is a real computer, and thus it is the target of attacks, protecting the real computer.
- 2-Factor authentication (2FA): Is a security process in which users provide two different authentication factors to verify themselves.
- Use computer from work to WORK.
- Shifting to zero thrust: It is an idea you have to eliminate transitive trust, which is the principle I trust John and John trusts Jane, therefore I trust Jane. It can’t happen.
- Data sanitization in test environments: It’s not because you are in testing that that environment can’t be targeted. Always use fake data (e.g. credit cards, emails).
- Avoid public networks. Always be suspicious
Image source: https://cybersecurityventures.com/
It is said that there are those companies that have already been targets of attack and those that have not yet been. Companies usually only worry about security when something happens. It is something that is left to the background in startups. Security cannot be treated as something that happens every 2 months. It has to be something continuous.
I hope you have gotten some basics of computer security.
#PIPECODES #DigitalTransformation #Tech #Cybersecurity #CybersecurityAwareness #Hackers #Digitalsecurity