In a previously unreported trend, cybersecurity experts have identified a new malware family (cyberattack) that is syphoning from their victims’ bandwidth. It is the same way as crypto mining malware attempts to monetize the victims’ CPU cycles. According to recent data from Cisco’s Talos intelligence division, threat actors have begun to abuse internet-sharing programs. They are known as proxyware, such as Honeygain (see their rebuttal at the end of this post), Nanowire, and others.
While some threats don’t waste any time when they install themselves on your devices, like ransomware and malware, others tend to lurk in the background on your device and cause problems without being detected. A threat called MosaicLoader is one such threat, and it’s a pretty serious issue for businesses.
The past few years have been nothing if not tumultuous for businesses of all shapes and sizes, which has only exacerbated the shifting terrain we’d expect to see in a business’ cybersecurity needs and threats. Let’s take a few moments to examine what 2022’s cybersecurity landscape is likely to look like, considering what we’ve seen recently.
Artificial intelligence, also known as AI, is already used in certain industries, like cybersecurity and automation, but hackers have quickly found out that they too can leverage AI to their advantage. With cybercrime on the rise, it’s expected that AI will play a role in the cybersecurity landscape to come. Let’s take a closer look at some of these trends.
We know that cybersecurity isn’t the most interesting topic in the world, especially for a small business owner, this doesn’t diminish its importance. If you fail to adequately protect your business, even a low-profile SMB can fall victim to a cyber threat. It’s your job as the business owner and thought leader to make sure this doesn’t happen.
When it comes to network security, businesses need all the edges they can get, especially since cybersecurity as an industry is one which is rapidly adjusting and responding to various threats, as well as their responses to those security measures. One way in which security researchers have attempted to subvert this security rat race is through artificial intelligence measures, a trend that promises to change the way businesses protect themselves for the better.
In a zero trust network, you trust nobody, no matter how long they have been around or how invested they are in your organization’s future. Everyone’s identity on your network must be verified, a concept that has been quite helpful in limiting data breaches. Today, we are going to discuss the National Institute of Standards and Technology’s definition of zero trust and what they recommend to businesses wishing to implement it.
Authentication is one of the most important topics on the table for discussion this year, particularly in regards to how the need for secure data access has been increased considerably during the COVID-19 crisis. How can you make sure that your data is being accessed in a safe and secure manner while also verifying the identity of whoever accesses it? Voice-based authentication might be one option.
“Security Theater” Coined by cybersecurity technologist Bruce Schneier in the early 2000s, “security theater” describes any security efforts that make one seem more secure but do very little to enhance security in the practical sense despite the costs associated with them. The concept is reliant upon the notion that security exists in two forms: the emotional feeling of being secure, and the quantifiable mathematical and scientific improvements that one can make to their protections. For an example, let’s look to a personal anecdote that Schneier shared in a 2007 blog article. In this article, Schneier shared an observation from his visit to the maternity ward after a friend’s child had just been born. The infant had been outfitted with an RFID tag bracelet, the purpose of which being cited as a preventative measure against infant theft. However, at the time that Schneier visited the ward, infant abduction was remarkably rare. This led Schneier to hypothesize that the bangles weren’t adopted as an actual security measure, but instead as a performance of security theater. By “protecting” an infant against “abduction,” the new parents could spend a few moments away from their baby without too much worry. Let’s review the hospital anecdote. While they certainly weren’t free, the tags that were used to “track” the infants were available at an extraordinarily low cost. As a result, making the investment to mitigate an incredibly unlikely issue was considered more acceptable, because it improved the experience of the parents. Schneier also cites an even more recognizable example: the tamper-resistant packaging that was introduced on over-the-counter medications in the 1980s. Poisonings were getting a lot of attention in the press at the time, and despite the statistical likelihood of an actual incident being so low and the tamper-resistant packaging not being all that tamper resistant, the impression it made was thoroughly positive. This is because, in both cases, the performance of security theater helped to make the perceived threat level more in line with the actual threat level. Of course, while the benefits that security theater can offer are very real, so are the costs of putting on such a show. Is Security Theater Worth the Price of Admission? I want you to consider a very real potential outcome of these kinds of displays: what if the piece of security theater you invest your money in is actually making your real security measures less effective? Consider what happened to Target in 2013. The company was hacked when their security teams overlooked the warning signs of a breach as they were buried in a deluge of other notifications. Let’s dive deeper into the threat of “overacting” in your security theater, starting with the situation that Target created. Too Many Alerts I want you to consider what happens when your company chat is a flurry of activities that ultimately don’t involve you. Eventually, you tune out the notifications to try and stay productive, right? The same thing happens with your security notifications if there are far too many of them that ultimately mean nothing. As a result, you and your team will gradually stop paying attention to them, allowing the actual threats to come in. Recruiting an MSP to assist you can help sort out these notifications, with the real threats attended to and interruptions minimized. Too […]
Over the last three or four years, we’ve seen some of the world’s biggest data breaches. Yahoo, Marriott-Starwood, and Equifax were the highest profile attacks, with a combined 3.5 billion accounts hijacked for those events on their own. To put that in perspective, you could take any two human beings on the planet, and there would be a pretty good chance that one of them was a victim of a data breach over the last three years. Security breaches like this have increased by over 67% since 2014, and the trend is still climbing. What’s at Stake? We’re Basically All Hacked Now? It’s actually almost a good thing that these massively high-profile data breaches are happening. Hear me out: It brings this type of crime to the public eye – Most Americans know about the Equifax breach. Awareness is a huge step in the right direction. There is so much data in these breaches that it is practically impossible for cybercriminals to use it all – If 500 million credit card numbers are stolen, the chances of one in particular being used goes down substantially. We’re not looking at data breaches in a positive light, but I firmly believe that the last few years has been the lesson the world needed, and it is a lesson a lot of organizations are taking very seriously. Policies and laws are hitting the books, and compliance regulations are being mandated within certain industries. Organizations of all sizes are taking data security seriously. What Does This Mean for Smaller Businesses? Of course, when we talk about data breaches, we always reference the big ones like Yahoo, Target, Sony, eBay, etc. Or we talk about the municipal attacks, where large cities like Albany, NY and Baltimore, MD were targeted, along with smaller towns like Wilmer, TX and Lake City, FL being held at ransom. We don’t hear about the 40-person company that goes under because of a cyberattack, because it affects fewer people. The problem is that small businesses are a major target. In fact, according to a survey by Verizon, 43% of breach victims were small businesses. Smaller businesses are easier targets because they usually don’t pay as close attention to their security. It’s Time to Take Cybersecurity Seriously There are things you can do. If you want to start getting serious about your organization’s cybersecurity, there is no time like the present. Call our knowledgeable IT professionals at SRS Networks today at (831) 758-3636 to get started taking the steps you need to keep your company’s data and infrastructure secure.