NEW YORK (PRWEB) February 23, 2021
Cynet (http://www.cynet.com) today turned back the pages of 2020 to review the most noteworthy cyberattacks making up the cyber-pandemic, which came with COVID-19 and the flight of employees to remote work environments. These cyber events were part of an ongoing series of attacks, keeping IT security professionals on high alert.
2020 was the year that COVID-19 brought a major cyber-pandemic to the world. An assessment by INTERPOL revealed that organizations and businesses rapidly deploying remote systems and networks to support staff working from home were being taken advantage of by cybercriminals. The report noted that in a four-month period, “some 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs – all related to COVID-19 – were detected by INTERPOL and its private sector partners.” Many of these never made the headlines, but six major attacks did – ranked below by their overall impact.
1. The SolarWinds Attack – This attack involved hackers compromising the infrastructure of SolarWinds, a company that produces a network and application monitoring platform called Orion, and then using that access to produce and distribute trojanized updates to the software’s users.
2. FireEye: The Stolen Red Team Tools – On August 12, 2020 FireEye announced that a sophisticated group of hackers, likely state-sponsored, broke into its network and stole tools that the company’s experts developed to simulate real attackers and test the security of its customers. The attack was later found to be tied to SUNBURST malware which was also responsible for the SolarWinds attack.
3. Software AG: Clop Ransomware Attack – The second-largest software vendor in Germany was reportedly hit by a ransomware attack in October 2020. News outlets reported that the German tech firm had been attacked by the Clop ransomware and that the cyber-criminal gang had demanded a $23 million ransom.
4. Sopra Steria: Ryuk Ransomware Attack – The 46,000 employee European information technology firm announced on October 21, 2020 that it had detected a cyber attack the previous evening. The virus was identified as a new version of the Ryuk ransomware, previously unknown to antivirus software providers and security agencies. The attack followed a previous infection with either TrickBot or BazarLoader.
5. Telegram Hijack – Hackers with access to the Signaling System 7 (SS7) used for connecting mobile networks across the world were able to gain access to Telegram messenger and email data of high-profile individuals in the cryptocurrency business. In what is believed to be a targeted attack, the hackers were after two-factor authentication (2FA) login codes delivered over the short messaging system of the victim’s mobile phone provider.
6. BlackBaud: Ransomware Attack – Blackbaud, a cloud technology company, was hit by a data-stealing ransomware attack earlier this year. The attack was one of the biggest of the year in terms of the number of organizations affected, with nearly 200 organizations and millions of individuals potentially impacted.
The most common causes of data breaches are weak or stolen credentials, back doors/vulnerabilities, malware, social engineering, excessive permissions, insider threats and improper configuration/user error, so businesses need to be diligent. Cybersecurity needs to be top of mind and systems and setups need to be routinely assessed. Any organization can become the victim of phishing schemes, ransomware, DDoS, malware, and other attacks leading to data breaches. Stress to customers that taking all necessary precautions is the best chance they have at staying secure. Along with detection and response tools, authentication protocols and ongoing employee security awareness training can make the biggest difference.
“Because the reality is challenging and the future is not promising to be better in terms of cybersecurity threats and malicious attacks, cybersecurity pros must be prepared in the defense of their organization,” said Eyal Gruner, CEO and founder of Cynet. “Going deeper into 2021, Cynet stands ready to support organizations and address these challenges to improve overall security readiness with next-generation XDR (EPP, NGAV, EDR, NDR, UBA), SOAR and advanced MDR services in a single platform.”
Tweet this: @Cynet Reviews the Top 6 Most Notable Cyber Attacks of 2020 – https://bit.ly/2UgxHCE
To learn more about Cynet:
Cynet 360 is the world’s first Autonomous Breach Protection platform that natively integrates XDR endpoint, user and network attack prevention and detection capabilities with an incident engine that fully automates investigation and remediation actions, backed by a 24/7 world-class MDR service. End to end, fully automated breach protection is now within reach of any organization, regardless of security team size and skill level. For additional information, please visit: https://www.cynet.com.
Share article on social media or email:
Fintechs are ransomware targets. Here are 9 ways to prevent it.
Cybercriminals are clever, and they often target fintechs for two reasons. They know fintechs handle a lot of sensitive and financial information on a daily basis, and that they probably have the means to meet hackers’ demands and get back to business as usual.
Ransomware attacks are one of the most common fintech cybersecurity risks, and falling victim to one can be devastating — or disruptive at the very least. So, we asked the experts at ESET to explain how to prevent ransomware, and secure your business from the inside out.
Firstly, what is ransomware and how does it work?
With a ransomware attack, a cybercriminal hacks into their victim’s systems and essentially holds their data “hostage” until they pay a ransom. Since hackers know how valuable data is to a business, they tend to set ransoms in the thousands or even millions of dollars.
There are two types of attacks: crypto ransomware encrypts all the files, folders and hard drives on the infected computer, while locker ransomware locks users out of their devices. For cybercriminals, the goal is to get you to pay up so you can retrieve your files and mitigate any damage to your business.
What to do after a ransomware attack
Unfortunately, you don’t have too many options if you fall victim to a ransomware attack. You’ll need to decide to pay the ransom or not, and that involves weighing up how much your data is worth. Just keep in mind that giving in to a cybercriminal’s demands may encourage them to attack you again — and there’s no guarantee that your data will be restored.
Either way, it’s important to go into disaster recovery mode right away. Follow these steps for what to do if you get ransomware:
1. Alert your IT department. If your company has IT professionals or a Chief Information Security Officer, notify them about the attack. Hopefully, they’ll have a plan of actions for situations like these and be able to guide your team through these steps.
2. Trace the source of the attack. Most ransomware attacks have a countdown clock before all your files are deleted forever, so the sooner you find the source, the faster you can act. Typically, ransomware sneaks its way into your system through a malicious link or email attachment. The best-case scenario is the ransomware only attacks that one device, and the worst-case is it infects your entire system. Once you’ve found the culprit, ask the user if they’ve opened other suspicious emails or noticed anything weird about their computer.
3. Remove that device from your network. To stop the ransomware from spreading through your network, you’ll need to unplug the infected device.
4. Let your employees and clients know about the breach. While it’s important not to cause panic, you do need to be transparent. The truth is, most cyber breaches are the result of human error, so your employees need to know what happened and what’s expected of them. As for your clients or customers, contact them if you have proof their data has been compromised. In other words, avoid putting out a statement until you have all the information.
5. Invest in better security systems. When you’ve gotten through the aftermath, look into more sophisticated cybersecurity in fintech practices.
9 ways to prevent ransomware attacks
Ransomware is incredibly common, and as you now know, there are limited ways to deal with an attack. You need to be proactive and prepared, and implement measures to prevent an attack.
As you might have guessed, fintech cybersecurity should be a priority. These are our tips for how to protect against ransomware:
Set up sophisticated email filters. The majority of ransomware is delivered by spam or phishing emails. To stop ransomware before it has a chance to infect your systems, employ email filters that scan all email content for spam, viruses and other forms of malware.
Run regular security audits. It’s worth assessing your security systems to identify any gaps or weaknesses. If you can, consider outsourcing your cybersecurity, reallocating resources or hiring in-house professionals to give your fintech peace of mind.
Use an up-to-date antivirus and anti-ransomware software. To protect your company devices from ransomware, malware, identity theft and more, install a third-party antivirus software designed for businesses. ESET Digital Security for Business offers the best ransomware protection and defence against a range of advanced cyber threats, and can be tailored to the size and scope of your fintech. Along with blocking persistent threats, it secures your devices with endpoint protection, which is especially handy if you have employees who work remotely.
Accept all software updates. Cybersecurity companies often release new patches to fix bugs and address vulnerabilities, which is why it’s essential to stay on top of any updates. In other words, you could have the most sophisticated antivirus ransomware software in the world, but that won’t do you any good if you ignore every notification that pops up! Updates usually take a few minutes to download and require you to restart your computer, but they make your company much less vulnerable to ransomware.
Implement multi-factor authentication. Two-factor authentication is good, but multi-factor authentication is better. This means employees will need to enter their username, password and one more piece of additional information — usually a code sent to their phone or email — before they can log into the system. It also makes it harder for hackers to break in.
Create a whitelisting program. This is effective in preventing ransomware, and it involves restricting the applications that can run within your company’s system. Think of it as the opposite of blacklisting — only applications that have passed the approval process will work.
Encrypt your company files. Ideally, all of your data should be end-to-end encrypted, and access limited to the people who need that information to do their jobs. The good news is, most computers and phones have built-in operating systems that encrypt stored data and prevent unauthorised users.
Tighten your cloud security. Speaking of the cloud, some cloud services don’t offer secure encryption and can’t distinguish between authorised users and other people trying to access the cloud. ESET Cloud Office Security will configure your cloud security so hackers can’t bypass your company’s policies and tap into sensitive information.
Routinely back up your data and systems. By backing up your data regularly, you’ll be able to recover any lost or corrupted data if your server crashes or if you fall victim to a ransomware attack. We recommend always having two encrypted backups: one on the cloud, and one an external hard drive.
Get in touch with ESET today!
What are Insecure Direct Object References (IDOR)?
HackerOne empowers the world to build a safer internet.
Insecure Direct Object References (or IDOR) is a simple bug that packs a punch. When exploited, it can provide attackers with access to sensitive data or passwords or give them the ability to modify information. On HackerOne, over 200 are found and safely reported to customers every month.
What is an IDOR?
There are several types of IDOR attacks, including:
- Body Manipulation, in which attackers modify the value of a checkbox, radio buttons, APIs, and form fields to access information from other users with ease.
- URL Tampering, in which the URL is modified at the client’s end by tweaking the parameters in the HTTP request.
- HTTP Requests in which IDOR vulnerabilities are typically found in GET, POST, PUT, and DELETE verbs.
- Mass Assignment, where a record pattern can be abused to modify data that the user should not be able to access. While not always a result of IDOR vulnerabilities, there are many powerful examples of this being the result of it.
In its simplest and most common form, an IDOR vulnerability arises when the only input required to access or replace content is from the user. This vulnerability submitted to Shopify by California-based hacker Rojan Rijal (a.k.a. @rijalrojan) in 2018 is the perfect example.
By observing how file attachments were labeled when sending a query to Shopify’s Exchange Marketplace application, Rojan was able to replace documents by leveraging the same file name from different accounts.
Figure 1: IDOR vulnerability reported by @rijalrojan to Shopify on the HackerOne platform.
For retail and ecommerce companies, IDOR vulnerabilities represent 15% of what organizations pay bounties for and represent the top vulnerability for programs across government (18%), medical technology (36%), and professional services (31%) industries.
If they’re so simple, why are they so common?
In short, IDORs can not be detected by tools alone.
IDORs require creativity and manual security testing to identify them. They require you to understand the business context of the target application. While some scanners might detect activity, it takes a human eye to analyze, evaluate, and interpret. Understanding the deeper context is an innately human skill that machines cannot replicate. In traditional pentests, unless a pentester tests every possible parameter in every request endpoint, these vulnerabilities can go undetected.
What are the implications of an IDOR vulnerability?
Perhaps the most infamous IDOR vulnerability as of late is that found in alt-tech social media platform Parler. The company ordered their posts by number in the URL, a telltale sign of IDOR. If you add a sequential digit to a Parler post URL, you could access the next post on the platform indefinitely. Without authentication or access limits, an attacker could easily build a program to download every post, photo, video, and data from the entire site. While this was just public posts (not necessarily IDs used to verify accounts), geolocation data from posts was also downloaded, which could reveal GPS coordinates of users’ homes.
How can you prevent IDORs from cropping up?
“Avoiding IDOR is only possible by building a robust access control mechanism, choosing the best fit methodology for your scenario, log all access and if possible do an audit with a post authorization check,” said HackerOne hacker Manoel Abreu Netto, better known online as @manoelt.
“However, if you want to reduce the impact of an IDOR, avoid using a simple pattern to reference objects in the backend, thus not using a sequential integer value but something like uuid or even a MAC (hashed ID) with a salt per user session.
This does not eliminate the IDOR, but reduces the overall impact and the ability to enumerate objects.”
To remediate IDOR vulnerabilities, below are a few best practices.
- Developers should avoid displaying private object references such as keys or file names.
- Validation of parameters should be properly implemented.
- Verification of all the referenced objects should be checked.
- Tokens should be generated in such a way that it can only be mapped to the user and is not public.
- Ensure that queries are scoped to the owner of the resource.
- Avoid things like using UUIDs (Universally unique identifier) over Sequential IDs as UUIDs often let IDOR vulnerabilities go undetected.
For more information about reducing risk and getting started with hacker-powered security, check out our CISOs Guide to Deriving Value from Hacker-Powered Security.
Create your free account to unlock your custom reading experience.
80% of Global Enterprises Report Firmware Cyberattacks
Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack
Australia’s Peppermint Innovation signs agreement with the Philippine’s leading micro-financial services provider
SME finance platform offers advanced commission product
GoldFund.io announce reduction in circulated GFUN tokens
Shadowlands patch 9.1 not out until May, here’s what to expect
Heroic defeat Gambit Esports in ESL Pro League 13 grand final
chessbae removed as moderator from Chess.com amid drama
Ludwig has announced when he’ll end his subathon Twitch stream
MAD Lions wins first LEC title after reverse sweeping Rogue
MAD Lions claim LEC throne, reverse sweep Rogue 3-2
Ana Joins OG Dota 2’s Active Roster Ahead of DreamLeague Season 15
LoL: MAD Lions vs Rogue LEC Spring Split 2021 Grand Final Recap
Armao to start for Team Liquid in MSS Grand Finals as Santorin Recovers
Die 5 wichtigsten Ereignisse im DeFi-Sektor
CS:GO Navi Chooses “b1t” For Their Five-man Lineup At RMR Tournaments
Twitch bans Adin Ross after ZIAS uses Homophobic slurs during his stream
CoD: Players Call For Warzone HUD Update In Season 3
Top World of Warcraft teams clash in the AWC Shadowlands Circuit
DarkZero Esports strikes RESPAWN partnership
LoL: LEC Reveals The Community All-Pro Team For Spring 2021
Asmongold will not stop saying the R-word
Galaxy Racer signs new star-studded PUBG Mobile roster
Dota 2: Ana’s Comeback Completes OG’s Roster
Hearthstone Grandmasters 2021: Week 1 Day 2 regional recap
Cloud9 CEO Dismisses TenZ Buyout Rumors as High as $5 Million
XSET reverse sweep Envy to move onto VCT Grand Final
Team Liquid Topple TSM in 3-1 Series, Will Meet Cloud9 in Finals
Knut Svanholm im Interview: „Bitcoin verwischt die Grenze zwischen Besitz und Wissen“
Dota 2: ChYuan Replaces Masaros On Fnatic’s Offlane
ana reunites with OG ahead of DreamLeague Season 15
Ana is back! Again
Blockchain1 week ago
Bitcoin Cash Price Prediction: BCH/USD Price Turns Bearish; Can the $540 Support Hold?
Blockchain1 week ago
How Chainlink will help secure Polkadot’s environment
Blockchain1 week ago
Blockchain-based renewable energy marketplaces gain traction in 2021
Esports1 week ago
GeneRaL is replaced by RAMZES666 on Na’Vi
Aviation1 week ago
World2Fly gears up for July launch with roll-out of Airbus A350-900
Esports1 week ago
Amouranth becomes Twitch’s top female streamer, beats Pokimane
Blockchain1 week ago
Mark Cuban Thinks Dogecoin ($DOGE) Could Get to $1, but Could It Get to $10?
Coinpedia1 week ago
BitTorrent Token Price Analysis – BTT Poised to Hit $1 In April?
Blockchain1 week ago
Hardware Hacker Modifies Old School Game Boy To Mine Bitcoin
Blockchain1 week ago
‘Silent crash’ as price floors collapse across NFT space
Blockchain1 week ago
IRS gets access to crypto exchange Circle’s user data, targets Kraken next
Blockchain1 week ago
Bitcoin Miners Net Position Turns Positive: Is A Rally to New Highs Overdue?