cybersecurity

What is DDoS attack?

DoS (Denial of Service) is a network attack where attackers seek to overload the site, exhaust its resources and make it unable to respond to user requests.

DDoS (Distributed Denial of Service) is an attack on a site from many devices at once, i.e. the site is blocked by sending a large number of requests that exceed the capabilities of the site. A large number of devices puts a large load on the server that increases the likelihood of making the site unavailable. Also, the danger of an attack depends on its duration: the longer the time attack, the more dangerous it is. A DDoS attack can disrupt any service that has an Internet connection (networks, databases, mobile devices, applications, etc.). The main such an attack goal is to reload online resources to the point of being unable to respond to requests. A possible DDoS attack may be indicated by unusually slow site loading. If this is followed by a «503 Service Unavailable» error message, a DDoS attack will most likely occur.

How a DDoS attack works

Such an attack occurs by compromising a number of IoT devices. The target device becomes infected with remote control malware and connects to other compromised devices, creating a botnet in the process. The size of such a botnet may not be limited. Malicious traffic requests are cumulative and can be directed to a single target. In this case, the RAM and CPU may not be able to handle such traffic.

Types of DDoS attacks

  1. Volume-based attack – directs and suppresses traffic to web resources.
  1. Protocol or network DDoS attacks direct a large volume of packets to management tools and network infrastructure.
  1. Application layer attacks – sending a lot of requests that require computing power (HTTP flood, DNS flood). This type of attack is often difficult to prevent and is carried out against a specific «target».

Prevention:

Typosquatting – what is this?

Another common internet scam is typosquatting or URL hijacking. Typosquatting is a type of cybercrime that involves websites creating that simulate well-known sites. Domain names registered by cybercriminals are very similar in spelling to real websites addresses. A mistake in a fictitious address is deliberately allowed by attackers. Thus, the attack is targeted at users who accidentally incorrectly enter the website address directly into the address bar. Cybersquatters register several domain names with a common (often misspelled) target address.

The main purpose of such fraud is: distribution of malware, scams, phishing campaigns, etc. Most of all, attackers are interested in social media, financial organizations, trading platforms where is a possibility to earn money on users. Users are often unaware that they are browsing or shopping on a bogus site.

Typosquatting is possible due to typos, spelling errors, or misunderstandings of a popular domain name. A user who made a mistake and did not notice it may accidentally end up on the attacker’s site. One of the victims of typosquatting was Google in 2006 by the site Goggle.com, which is considered phishing. Attackers also look for similar URLs such as foogle.com, hoogle.com, boogle.com, etc. Typosquatting poses a serious cybersecurity threat to businesses with high traffic volumes.

The main types of typosquatting:

The popularity of typosquatting is forcing large companies (Apple, Google, Facebook, Microsoft etc.) to register different variations of their domains or block potential misspelled domains through the Internet Corporation for Assigned Names and Numbers (ICANN).

Typosquatting goals:

How to avoid typosquatting?

What is clickjacking?

The active data protection technologies development gives rise to the active development and improvement of cybercriminal methods. Criminals use sophisticated methods to go unnoticed and achieve their goals. For example, hackers can use clickjacking to force a user to activate a webcam or transfer money from their own bank account to an attacker’s account.

Clickjacking is a type of cyberattack in which an attacker places an invisible link over web content. Hackers hide the button in a transparent iframe, that allows them to remain invisible. Typically, users can’t determine that a clickjacking attack is occurring. Users, thinking that they are pressing a button that they see with their own eyes, actually fall into a trap prepared by an attacker.

The most common goals for clickjacking are:

This list is not limited to just these examples as the destructive possibilities are endless.

Examples of clickjacking

Money Transfer Fraud: an attacker tricks a user into clicking a link on a malicious page that authorizes the transfer of funds from the user’s bank account. Usually the site with the link contains an attractive offer (gift, discount, etc.). The victim loads the site, clicks a button to receive a «gift» and thereby authorizes the transfer of their funds. If the victim entered his bank account at that time, his/her money will be instantly transferred to the attacker’s account. The transfer of money takes place in the background while the victim is redirected to a page with additional information about the «gift».

Webcam and/or Microphone Activation: In this attack, Adobe Flash users’ settings are silently downloaded from a different link. By clicking on a malicious link, the user changes their settings. This allows attackers to gain access to the camera and microphone.

Likejacking is an attack using «likes». Users are tricked into liking a Facebook page. By clicking on the «Like» button, the user clicks on the link inserted by the attackers. For a «successful» attack the user must log into their account when clicking on the link. Social media accounts are vulnerable to clickjacking. So, in 2009 Twitter was the victim of a successful attack known as the «tweet bomb».

Malware download: An attacker initiates a malware download when a user clicks on a link. Such software can damage system software or create conditions for persistent threats.

Clickjacking protection tools

  1. Content-Security-Policy (CSP)
  2. X-Frame-Options
  3. Framebusting

What is phishing and how not to fall into a trap?

Phishing is one of the oldest forms of cybercrime. Despite this, phishing still poses a serious threat to many organizations. The reason for this is the widespread usage and sophistication of phishing campaigns.

Phishing is a cyberattack type that is aimed at gaining access to users’ confidential information (login/password, bank card details (CVV, card PIN, etc.), transaction confirmation password, e-mail address, financial phone number, code word and answers to security questions and other banking information).

To carry out such attack criminals use social engineering methods. They fake emails, ads, or websites to look as close as possible to already trusted by users. For example, cybercriminals can send a letter ostensibly from the bank where clients are served and force them to provide information about their bank account. When opening such a letter and clicking on a malicious link, users get to a fake, but as close as possible to the real site. Attackers often spoof financial institutions, emails from colleagues, auction sites, social networks, and online payment systems. Phishing emails can also contain attachments to install malware (ransomware, programs to gain unauthorized access to the system and obtain confidential information, etc.).

There is a phishing kit to facilitate phishing campaigns implementation. It is a set of tools that reflect legitimate sites (Microsoft, Google, Apple, PayPal, etc.). After installing such a set on the server and acquiring a domain name for a phishing site, email attack to achieve attacker’s goals can be started. Phishing kits are available for purchase on the dark web.

Phishing targets:

Phishing attacks types:

The main phishing task is to disguise yourself as a legitimate company, employee or colleague as much as possible that makes it difficult to determine authenticity. However, there are certain indicators that indicate phishing attempts:

The popularity and high success rate of phishing attacks increases the need for methods to prevent them. The best way to prevent phishing is to study examples of phishing attempts and provide employee training.

To prevent phishing attempts, personnel should:

To prevent phishing emails from reaching employees it’s necessary to use:

Social Engineering Attacks

One of the most popular attacks now is social engineering attack. Such attacks help cybercriminals gain effortlessly access to the network. The victim of the attack transfers all the keys into attacker’s hands.

Social engineering in the context of cybersecurity is the process of obtaining people’s personal information by deceiving them. There are many types of social engineering attacks: infected emails with links to malicious sites, a phone call from a cybercriminal who pretends to be a helpdesk and extorts confidential information etc. Social engineering is used not only in the digital realm, but in any other areas where specific information is required from the victim for malicious purposes.

Cybercriminals use social engineering techniques to hide their real identity. To do this, they present themselves as reliable organizations or individuals. The purpose of these actions is to obtain the necessary personal information to access the target network through deception and manipulation. Social engineering is used as the first stage of a major cyberattack to infiltrate a system, install malware, or expose sensitive data. The popularity of the method is due to the implementation ease. It is much easier to undermine cybersecurity using human weaknesses than using network vulnerabilities.

To carry out such an attack, it is necessary to collect targeted information (information about the corporate structure, internal operations, third-party vendors etc.). Public employees’ profiles in social networks can also become a target for malefactors. After data collecting, the cybercriminal chooses his first target to strike. Most often, this target is a low-level employee who is being manipulated into gaining access. It is rarely possible to instantly use confidential resources. Attackers roam the network to discover credentials with a higher level of access. Their activity is usually hidden behind legitimate processes to avoid detection by antivirus.

At the core of all social engineering tactics are aspects of human interaction and decision making known as cognitive biases. Such biases can be called vulnerabilities in human software, which are used to obtain the necessary access.

Basic social engineering principles:

  1. Reciprocity. Distribution of free samples is popular in marketing. This is due to the desire of people to return the favor. Therefore, attackers can provide the victim with a free service and then request access to sensitive information.
  2. Commitment and consistency. For example, an employee fulfills an attacker’s request for credentials, agreeing with this initially, although he understands that this should not be done.
  3. Social proof. People tend to repeat the actions of others, to do what others do. To do this, the perpetrator may provide false evidence of cooperation with victim’s colleague forcing him to comply.
  4. Authority. People often submit to more authoritative personalities and perform even undesirable actions. This explains the success of spear-phishing campaigns that pose as CEOs and target lower-level employees.
  5. Sympathy. People tend to succumb to influence and persuasion if they like the person.
  6. Scarcity. Perceived scarcity increases demand. This tactic makes the attacks relevant.

Ways to prevent social engineering attacks:

  1. Training employees on security issues, responding to hacking attempts, requests for personal information, etc.;
  2. Establishing a security policy that describes employees’ actions in certain incidents;
  3. Studying information. Employees should develop the habit of checking every email they receive and the device they plug into their computer;
  4. Security protocols establishment – an information risk management program with security protocols, policies, and procedures that describe data security;
  5. Testing resistance to attacks – organization testing, conducting controlled social engineering attacks as a test, sending pseudo-phishing emails, training employees who succumb to such provocations;
  6. Regularity of test attacks to increase stability;
  7. Checking protocols for responding to attacks, improving and supplementing them;
  8. Use of secure services for managing unnecessary information to prevent its use by criminals;
  9. Multi-factor authentication usage;
  10. Operational security methods (OPSEC) usage;
  11. Implementation of a third-party risk management system for processing large amounts of information that allows to identify a person;
  12. Detect data leaks by regularly scanning data for exposure and leaks.

Data Breaches for the last year

One of the latest data leaks became known on April 04, 2022. Block has acknowledged that the Cash App mobile payment service was hacked due to an insider threat. In December 2021, a former employee of the company hacked the service and stole customer names, bank account numbers, asset values, exchange trading information. The exact number of customers who were affected by this incident was not reported. It is known that the company turned to 8 million of its customers and reported what had happened. Such attacks happen regularly and concern all modern companies. Below are some more examples of recent cases of hacking and information leakage.

The biggest data breaches

One of the first hacks that affected the public occurred in 1986. On the night of April 27, millions of HBO subscribers were enjoying the movie «The Falcon and the Snowman» see on their TV screens a message from Captain Midnight . The message was about the ridiculous cost of a subscription in the amount of $ 12.95. Some of them were concerned about the hack, others took it as a funny joke. This hack caused no real damage, only a little pause in the broadcast.

Now news about various attacks and hacks appear quite often. The annual global damage from them is estimated at trillions of dollars.

The biggest data breaches:

As a result of this hack, 3 billion records were compromised, including real usernames, email addresses, date of birth, phone number, and security questions. At this time, the company was in the process of being bought by Verizon. Yahoo’s value has fallen by 350 million. According to Yahoo, the attack was state-sponsored.

As a result of the data breach, 885 million records were compromised (bank account numbers, bank statements, credit data, tax records, social security numbers, transaction data). This case is unique because an authentication error occurred (authentication is not available to view documents). This was caused by an IDOR (Insecure Direct Object References) bug that allowed unauthorized access to web pages and files. This error went unnoticed for several years.

500 million records are the result of a cyber attack. Contact information, passport data, travel data, bank card numbers and other users’ personal information were compromised. The attack was carried out by a Chinese intelligence group whose goal was to collect data from US citizens.

The purpose of the cyberattack was the personal data of social network users: phone numbers, usernames, gender, location. The attack affected 540 million records. Several Facebook databases were not secured with passwords or encryption. This led to the fact that everyone could find data on the Internet.

American company that operates a chain of retail stores suffered a cyberattack in 2013. 60 million records (names, phone numbers, email addresses, payment card numbers, credit card verification codes and other sensitive data) were compromised. Damage amounted to $18.5 million, as well as a $10 million class-action lawsuit settlement and $10,000 payments to customers. The organizer of the attack was not identified. Attackers gained access to Target’s networks using stolen credentials from a third-party provider (a company that maintains HVAC systems). After gaining access to the database, malware was downloaded to collect information.

As a result of the attack, 360 million records with users’ personal information were affected. The attack was carried out by a Russian hacker in 2013, but it became known in 2016. The stolen credentials were leaked to LeakedSources and were also available for purchase on the Dark Web Markets the Real Deal for 6 bitcoins (approximately $3,000 in 2013).

The purpose of this hack was users’ logins and passwords. After the data was published on the Russian hacker forum. The company had to pay $1.25 million to users affected by the hack. LinkedIn revealed the full scale of the attack only in 2016.

Data must be protected

Today data represents the greatest business value regardless of its activity field. Successful operation involves ensuring high-quality data interaction and usage (financial statements, medical records, business plan, etc.). At the same time the risk of data leakage increases making it critical to ensure proper data protection.

There are 2 types of data that companies own:

It’s inappropriate to waste resources and try to protect every folder and file without taking into account their contents. An adequate cybersecurity strategy should provide differentiated protection of information assets – photos from company party are not critical business information and don’t require strong protection.

Reasons to focus on data security:

  1. Data breach involving data integrity damaging or theft. Leaks can be caused by hackers cyberattacks; theft or loss of devices with important information; data theft by employees or other internal users (contractors, partners, etc.); human error.
  2. Compliance with regulations. Compliance requirements also contribute to data security (GDPR, CCPA) by regulating personal data collection, storage and usage. Non-compliance is subject to fines that can reach up to 20 million euros or 4% of the company’s annual turnover for the previous financial year.
  3. Cloud security. The pandemic has triggered a massive transition of companies to the cloud to provide employees with the ability to work remotely. Earlier data security strategies focused on protecting systems where sensitive information was stored. With the move to the cloud, such information is stored beyond traditional boundaries. Organizations need to have data security strategies in place to prioritize data based on its privacy level.
  4. Lack of cybersecurity specialists. This situation results in a limited ability to mitigate data breach risks, detect threats, and respond to attacks.

Key features of a data security strategy:

Technologies that help to protect data

The Main Data Security Aspects

Data security is the process of protecting files, databases, accounts through controls, applications, and practices that prioritize data privacy and compliance.

The main elements of data security are confidentiality, integrity, availability. A model based on these three elements allows to ensure data security and protection from unauthorized access and data theft. It means:

The main points that need to pay attention to ensure data security:

Technologies to prevent leakage, reduce risks and provide reliable protection:

Ensuring data security:

Data security rules

There are certain data security rules, such as HIPAA (Health Insurance Portability and Accountability Act), SOX (Sarbanes-Oxley Act), GDPR (General Data Protection Regulation), etc. They provide organizations for such requirements:

  1. Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Mobility and Accountability Act. It was approved by the US Congress and enacted on August 21, 1996 to modernize the flow of medical information and protect personal information held by healthcare facilities and the health insurance industry from fraud and theft. The law requires relevant organizations to adopt security standards that take into account the technical capabilities of record systems for storing health information, providing security measures costs, and the value of computerized record systems.

Primary requirements:

  1. Sarbanes-Oxley (SOX)

US law provides for the introduction of more stringent requirements for financial reporting and the process of its preparation. Under this law, public companies are required to provide an annual assessment of their internal financial audit effectiveness.

Primary requirements:

  1. General Data Protection Regulation (GDPR)

This is an EU regulation that defines how organizations process personal data. It covers the protection of  EU citizens personal data such as insurance number, date of birth, email address, IP address, phone number, account numbers etc.

Primary requirements:

High-profile Data Leaks 2021 – 2022

With every hack and data leak, the question of organization cybersecurity becomes more and more relevant. Any business must first of all take care of information security. Here are examples of high-profile company data leaks in recent months that prove the importance of this issue.

  1. February 2022 – GiveSendGo

A Christian fundraising site was hijacked in response to Ottawa truckers’ protests. The hackers used a DDoS attack and redirected the fundraising site to another page. As a result of this attack, the personal data of people who donated funds were compromised. In total, the personal information of 90,000 donors was published.

This case further highlights the importance of using secure platforms and payment methods to keep customer data safe and not compromised. If the company has already encountered such a nuisance, it is worth taking the right measures to eliminate the leak as well as the causes of its occurrence.

  1. January 2022 – Crypto.com

Blockchain is the latest technology that is used in the financial sector. This model has long been considered one of the most secure transaction processing forms. But technology development gives rise to the development of cybercrime methods. So, on January 17, 2022, an attack was made on an application for exchanging cryptocurrency. The attack targeted the wallets of 483 app users.

The hack resulted in the theft of about $18 million worth of BTC, $15 million worth of ETH, and other cryptocurrencies. Hackers have learned to bypass two-factor authentication and gain access to users’ wallets, which made it possible to organize a hack. To reduce the risks of this attack type, it is important to use a password manager. Businesses should be aware of all the risks associated with the theft of cryptocurrencies. Therefore, all sensitive data must be encrypted.

  1. December 2021 – FlexBooker

FlexBooker is an appointment scheduling tool. Before the New Year holidays, they became a victim of cybercriminals, as a result of which approximately 3 million users suffered. Attackers gained access to confidential data (driver’s license, photos and other personal information) and posted it on various hacker forums. For these purposes, the hackers used the FlexBooker AWS configuration, installed malware on the servers, which allowed them to take full control of the system.

  1. November 4, 2021 – Robinhood

Robinhood is an American financial services company offering commission-free trading in stocks and exchange-traded funds through a mobile app. The attack on the company took place on November 16, 2021. Using social engineering (the method is based on the social psychology usage), internal systems were hacked. According to the company report, criminals gained access to the email addresses of almost 5 million users and other personal information. For non-disclosure of any data, the attackers demanded a ransom.

  1. October 2021 – Twitch

Twitch is a video streaming service that specializes in video games. In October, it became known that an unknown attacker penetrated the source code, as a result of which data sets were compromised, including about payments to the creators of the service. The leak contained 3 years of payout data, information about twitch.tv activities, client source code, proprietary code, etc.

GoUp Chat