Tag Archives: cyber

Top Online Threats To Your Cybersecurity And How To Deal With Them

R.L. Adams ,   CONTRIBUTOR
I write about technology and online marketing.  

Opinions expressed by Forbes Contributors are their own. 
News flashes and sound bites are constantly calling our attention to the latest hacks or threats to our cybersecurity that seem to be filling our social media news feeds and television reporting circuits. While there are plenty of bad actors out there hell bent on doing us harm, symbiotically living in the digital ethers and layers that make up the vast web, there are companies and organizations working in the background to protect and remediate any potential disasters.

Some of these online threats pose significant harm to our lives, our businesses and our finances. Some of them are easy to detect, while others have become increasingly challenging and more sophisticated over the years. They sometimes involve massive bot-nets of millions of devices all acting in concert with one another, and sometimes they're far more individualistic in nature, with specific high-value targets that involve social engineering and location tracking to ensure that their cryptic intentions are fulfilled.

If you've ever been the victim of a phishing scam online or you've ever had someone hijack your profile or social engineer you or your employees to gain access to critical corporate information and infrastructure, or to steal any amount of money from you through methods such as Instagram money-flipping, then you know just how painful this process is. Oftentimes, we search for ways to exact our revenge, usually falling flat on its face due to the anonymity of the World Wide Web.

So, how do you go about protecting yourself from these online threats and cyber criminals who are determined to extra money and valuable information from you?

Clearly, there is no full-proof method to protect yourself. As technology evolves, so do our methods for combating these online threats. However, that doesn't mean that the threats stop. They also evolve. They get smarter, more efficient and more scalable as the near-limitless reach of the web gives them unfettered access to potential billions of dollars in crimes against unassuming individuals and businesses from across the planet.

What Are The Top Online Threats In Cyberspace? 

While there are numerous threats that exist at every turn on the internet, there are 10 very significant threats that pose malicious harm to us. Understanding what these threats are that exist on the web and learning how to combat them is integral to conducting any semblance of business or personal activity these days. Falling for these is painful to say the least, but even more so when you didn't even see it coming from miles away.

One of the biggest and most challenging uphill battles here when it comes to online threats to our security is actually determining whether or not a visitor is human. Bots that crawl the web, or that are designed to somehow infiltrate systems and drop malware generally don't behave like humans. However, this isn't always something that's straightforward. How companies go about detecting automated software and threats in cyberspace has a lot to do with their potential to fall victim to these scams.

Not only is it important to institute a good set of habits when it comes to dealing with online threats like this, but it's also important to stay in-the-know. The more informed you are, the better off you and your employees will be. It's important to note that whatever you do, threats are always evolving. Locate reputable companies that you can work with to help alleviate some of the stress that failure might cause in this arena.

#1 — Ransomware

One of the biggest ongoing concerns and threats to our digital existences has been the proliferation and exponential rise of ransomware. You know, the type of thing that locks you out of your computer with an impending countdown that signals the digital death of your entire virtual existence. As it counts down, threatening to encrypt every last shred of data, you realize the peril that digital criminals can inflict on their unassuming victims.

Your choices? According to Tod Beardsley, Director of Research at Rapid7, a firm dedicated to thwarting these types of attacks through some of their wildly-popular software platforms such as Nexpose and Metasploit, you should never pay the criminals because you don't know the outcome of whether your information will in fact be restored, or simply vanish into thin air.

Redundant backups should be a priority for you. Backup to an external drive somewhere on your network and to the cloud through DropBox or another provider. Rapid7, which oftentimes stress tests other corporations by hacking in an effort to expose security loopholes, working to ensure that networks are safe from potential attacks, knows a thing or two about this. Companies rely on their teams to ensure that they're protected, and they're often the first phone call many make when an attack like this and others do actually happen.

#2 — Phishing schemes

A large majority of people get caught up in phishing schemes. Phishing schemes are engineered to get you to click on things and oftentimes they seem harmless. Simply click on a link and it will go to some URL. That's it. However, as harmless as they seem, phishing schemes can lead to to a number of major online security breaches if you're not careful. By paying close attention to what you're clicking on, you'll better be able to mitigate these types of attacks.

Once you're ensnared in this type of scheme, it's hard to untangle yourself. There are phishing schemes for bank accounts, email accounts, big e-tailers and other service providers that have massive footprints. The goal? Gain access to the consumer's account to do the most damage. If you think you were the victim of a phishing scheme, and you entered in your username and password somewhere online and things didn't seem right, immediately change all your passwords.

Another important thing to note is that most people use the same (weak) password across a variety of services such as Gmail, Facebook and online banking as one example. Never do that. Always use different passwords and ensure that they're not simple passwords to begin with. If a cybercriminal gains access to one service, you don't want them gaining access to the others. You should also be changing up your passwords every few months or so.

#3 — Man-in-the-middle (MIIM) attacks

One of the most sophisticated threats that exist online are man-in-the-middle attacks. I've seen these threats firsthand and know just how malicious they can be. Everything seems okay all the way to the final point of entry (even when using 2-factor authentication). This malware sits on your computer and waits until you've entered in all your credentials, then it actually swaps out the server that receives the communication and even communicates back to you.

Throughout all of this, everything seems fine. Nothing seems amiss. That's why it's such a sophisticated online threat. You almost don't know that anything is happening when it actually is happening. You have to be very wary of what you download to your computer and what reputable sources they're coming from. Virus software is not going to help you in most cases here because these threats are always evolving.

Oftentimes, MIIM attacks are a result of phishing schemes that installed latent software on your computer that sits dormant for some time until you begin accessing the proper network or until its recorded the right keystrokes. It then substitutes its own intercepted server right when you submit your credentials to login.

#4 — Ad fraud

Online ad fraud is far more widespread than anyone could possibly imagine. This is likely one of the biggest cyber-threats that seems to go under the proverbial radar. Few people know that they've been scammed by sophisticated ad fraud systems after it's occurred. Publishers simply see views increasing and most ad platforms don't provide high specifics as far as direct views on every single ad impression or click, leaving most people in the dark.

In a recent conversation with Tamer Hassan, CTO of WhiteOps, a firm deeply entrenched in the fight against automated ad fraud, they've taken this fight to a new level by developing a platform that actively measures 500 to 2000 technical metrics to determine whether the person viewing the ad is in fact a human or a robot. This software analyzes several layers at a time and its the leading platform amidst the largest publishers in the world.

This impressive system developed by Hassan and team runs silently in the background, with no impact on the speed or latency of ad serving or delivery. In fact, most publishers are now building White Ops' software into their contracts, stating that violations in ad clicks and views from bots will result in non-payment of revenues. This human verification on the web is potentially one of the most lucrative types of fraud that so many cybercriminals are working to exploit and companies are working to protect against.

#5 — Social media schemes 

Instagram (IG) money-flipping schemes and many others social media scams have surfaced in recent years. Considering that IG is one of the most popular social media platforms in the world, it's no wonder that unscrupulous cybercriminals are targeting individuals who are in desperate situations, looking to make a few hundred or a few thousand dollars quickly. These IG money-flipping schemes have become so widespread that the company can only take down 1 money-flipping scam for ever 3 that are being created.

In a recent conversation with Evan Blair, co-founder of ZeroFox, a firm specializing in social media security, he tells me that 70% of companies are using social media for business but that a large majority of those companies are uninformed about potential impersonations of customer service representatives or duplication of accounts and impersonation of profiles, until it's too late. In fact, there's little that many of the most popular platforms like IG can do to safeguard against the windfall of social engineering and phishing that is constantly occurring against companies at any given moment.

However, this isn't just a risk to digital security; cybercriminals are now using IG and other social media sites to physically track and harm well-to-do executives, celebrities and other high-profilers such as athletes and even politicians. Without a good system to thwart such attacks, most businesses and individuals are completely left lost in the dark. That's likely why so many of the world's leading companies and affluent individuals rely on ZeroFox's groundbreaking platform to thwart and mitigate such attacks.

Visit the Kairos webiste https://cabinet.kairosplanet.com/register/#111b0e

The 2 Biggest Cybersecurity Fears of NASDAQ’s Chief Information Security Officer

NASDAQ CISO, Lou Modano, shares the big picture fears that businesses need to think about — even if they already have a great information-security program in place.
  
By Joseph Steinberg CEO, SecureMySocial   @JosephSteinberg

I recently spoke with Lou Modano, Chief Information Security Officer of NASDAQ, and asked him what his greatest fears are right now when it comes to keeping NASDAQ cyber-safe. Of course, there are many threats facing NASDAQ – from criminals to hacktivists to nation states – and the stock exchange obviously has an army of highly skilled information-security professionals, intensive information-security-related training, and a robust information-security technological infrastructure, so my question went beyond the usual technological and human issues, and, instead focused on what risks are hardest to correct even with significant cybersecurity resources. As such, CISO Modano's observations provide insight into the big-picture problems that businesses, cybersecurity professionals, and policymakers should be thinking about.

Modano told me that his two greatest concerns are:

1. The speed at which vulnerabilities are exploited to create cyber-weapons.
It is no secret that, in recent years, hackers have become much more adept at creating cyberweapons to exploit vulnerabilities, and that the time between the disclosure of a particular vulnerability and the creation of a weapon that exploits it has dramatically decreased. When vulnerabilities are found in software, the software makers typically issue patches – that is, fixes that can be downloaded and installed either automatically or manually. Modano pointed out, however, that the because the time between the issuance of a patch and the discovery of weapons that exploit the associated vulnerability in unpatched systems is going down, organizations wishing to stay secure often have a lot less time to deploy patches than they used to have in the past. Because a formal change management process including the testing of patches is needed in order to ensure that patches do not interfere with system functions or otherwise have adverse side effects, organizations face a growing risk of being unable to fully deploy patches before hackers start attacking unpatched systems or of deploying inadequately tested patches. While businesses can work to make their patching and change management process extremely efficient, even doing so does not fully solve the problem – especially in situations in which vulnerabilities are announced before patches are available, in which cases criminals often create cyber-weapons that exploit the vulnerabilities even before the associated patches are released by vendors. We may see an example of this in the near term if Wikileaks decides to publish details of CIA cyberweapons before the associated vulnerabilities are fixed by vendors, and folks have had adequate time to test and install the fixes; such an occurrence could force security-conscious organizations to temporarily disable various online services.

–– ADVERTISEMENT ––

Lesson: Make sure you have an efficient process for obtaining, testing, and deploying security fixes, and be aware of when you may be at risk even with such a process in place.

2. How does the information-security team know what it does not know?
As Sun Tzu pointed our thousands of years ago, it is much easier to defend against attacks when you know your enemy and its tactics. While security professionals do attempt to monitor hacker communication channels for indications of brewing attacks and exploits, one of the greatest problems that defenders face is that hackers are, by definition, one step ahead. Security pros face challenges in getting as much intelligence about what threats are coming – sometimes there are warnings from chatter or from information shared on social media, but sometimes defenders know nothing about a powerful attack before it is launched. Modano pointed out that industry groups and other methods of exchanging information do help – as one organization that detects something anomalous or hostile can share its findings with others both to warn them and to see if others have observed similar potential threats. Even firms that compete for business often recognize that when it comes to information security it is in their common interest to share information about threats that they discover – after all, if a criminal or nation state breaches one of the firms, he/she/it is likely to launch similar attacks against the others. At the same time, however, as Modano noted to me, there is a lack of standardization across federal and state regulators on matters related to privacy, information sharing, breach notification, and other areas of security; a lack of uniformity complicates matters related to knowledge sharing, as not all businesses are subject to same rules and requirements.

Lesson for us all: Make sure you obtain as much relevant intelligence as you can about threats to your business and personal information systems. Industry groups and information-security venues can be one good source of such knowledge.

For insights from other experts who attended the recent NASDAQ – National Cybersecurity Alliance Summit in New York, please see my article 6 Insights From Experts At The NASDAQ-NCSA CyberSecurity Summit.

Visit the Kairos webiste https://cabinet.kairosplanet.com/register/#111b0e