Issue 001 – 14-Feb-2020
Welcome to Issue 001 of Threat Report.
It is our aim to use the Thread Report email to inform you about trending threats to you, your business and your IT infrastructure. Our mission is to make the Internet a safer place for you, and part of that is to help you understand the threats in a language you understand.
The format of the email is like an executive summary of the key threats to you, your business and your IT infrastructure. Each summary will link through to more detail about specific threats published in the blog on our website. On the blog you can read back-copies of the Threat Report and other articles we publish.
Once subscribed you should receive your copy of Threat Report in your inbox on the 14th of each month. Please make sure you add firstname.lastname@example.org to your white-list or safe senders in Outlook.
In this first issue I’m going to give you a rundown of the key terms you should be familiar with. This is not a complete glossary, it’s intended to give you an awareness of the specific jargon and types of threat you may read about. Over the coming issues we will address all of these terms in detail, showing you how to identify, resolve and prevent them.
A cyber attack that uses sophisticated techniques to conduct cyber espionage or other malicious activity on an ongoing basis against targets such as governments and companies. Typically conducted by a bad actor with sophisticated levels of expertise and significant resources – frequently associated with nation-state players.
These attacks tend to come from multiple entry points and may use several attack methods (e.g. cyber, physical, deception). Once a system has been breached, it can be very difficult to end the attack.
Cloaking is the practice of presenting different content or URLs to human users and search engines.
For example, dynamic scripts and .htaccess rules can return status codes based on the requests processed. Using this tactic, hackers hide their tracks by returning a 404 or 500 error code to certain IP addresses or browsers, while serving spam to other IP addresses or browsers.
Cross-site scripting (XSS) is a software vulnerability usually found in Web applications that allows online criminals to inject client-side script into pages that other users view.
The cross-site scripting vulnerability can be employed at the same time by attackers to over-write access controls. This issue can become a significant security risk unless the network administrator or the website owner doesn’t take the necessary security means.
Ransomware is a type of malware (malicious software) which typically encrypts all or some of the data on a PC or mobile device, blocking the data owner’s access to it.
After the infection happens, the victim receives a message that tells him/her that a certain amount of money must be paid (usually in Bitcoins) in order to get the decryption key. Usually, there is also a time-limit for the ransom to be paid. There is no guarantee that the decryption key will be handed over if the victim pays the ransom. The most reliable solution is to back up your data in at least three different places (for redundancy) and keep those backups up to date, so you don’t lose your important data.
Remote Access Trojans (RATs) use the victim’s access permissions and infect computers to give cyber attackers unlimited access to the data on the PC.
Cyber criminals can use RATs to exfiltrate confidential information. RATs include backdoors into the computer system and can enlist the PC into a botnet, and spread to other devices. Current RATs can bypass strong authentication and can access sensitive applications, which are later used to exfiltrate information to cyber criminal-controlled servers and websites.
Spear phishing is a cyber attacks that aims to extract sensitive data from a victim using a very specific and personalised message designed to look like it’s from a person the recipient knows and/or trusts.
This message is usually sent to individuals or companies, and it is extremely effective because it’s very well planned. Attackers invest time and resources into gathering information about the victim (interests, activities, personal history, etc.) in order to create the spear phishing message (which is usually an email). Spear phishing uses the sense of urgency and familiarity (appears to come from someone you know) to manipulate the victim, so the target doesn’t have time to double check the information.
To wrap up
In next month’s issue I will covering the following topics which could affect your computer or website, and consequently your business’ ability to make sales.
- some of the more common website hacks
- phishing and how to spot it
- the antivirus software we recommend