A cyber security expert has claimed that businesses and individuals can easily reduce their vulnerability to ransomware and other forms of cyber fraud.
Speaking at the ESET Security Days conference in Sydney, Nigel Phair, the director of UNSW Cyber Canberra, said that a key problem is that people and businesses do not act the same way online as they do in the real world: cautious of their surroundings.
“There’s a disconnect between the way users protect themselves in real life and how they protect themselves online,” Mr Phair said.
“Cautious people look both ways before the crossing the street so they don’t step in front of cars. Similarly, users need to double-check their activities online, think before they click, and exercise secure and responsible cyber safety methods.”
He added: “Consumers, employees and managers all need to remember that what happens online can have real-life security repercussions.”
Nick FitzGerald, a senior research fellow at ESET, an antivirus and cyber security software provider, said at the same event that deceptions can be an easy but profitable means of scammers bypassing security systems.
“Hacker tricks like business email compromise (BEC) can see fake emails, disguised as legitimate ones from colleagues, fool people into making bogus payments. Often, these emails appear to come from a manager’s account to their finance team, and request a large payment to a certain account, or inquire into confidential finance account or employee data details,” he said.
Changing tactics harder to detect
According to Mr FitzGerald, untargeted ransomware and other traditional scammer methods are on the decline, however, with other tactics becoming more common — and less obvious to detect.
“Low-end hackers, or ‘script kiddies,’ have moved away from ransomware attacks that demand a payment in exchange for compromised data. This is because hackers experience a greater return by quietly infiltrating an organisation’s network, and discreetly mining cryptocurrencies using their victims’ computing and electrical power,” he said.
“Ironically, the overall decline in ransomware attacks and increase in cryptomining might mean that enterprises are under increased threat if they do become victim of a ransomware attack. Despite the lower rates of ransomware attacks, remaining ransomware attacks tend to be developed and actioned by more focused, determined cyber criminals.”
Mr FitzGerald noted that remote desktop protocols are one such means that criminals are using to access sensitive data, albeit “an extreme form”.
“If RDP access is only protected with a username and password, attackers can make mass, repeated attempts to guess these, particularly when there’s no rate-limiting mechanism in place to restrict multiple wrong guesses,” he said.
“This type of reformed, enterprise ransomware attack can be very effective, and compromise entire organisations’ networks.
“In 2018, a family of ransomware called SamSam compromised a range of healthcare and government entities, most successfully by brute-forcing RDP endpoints. Cyber criminals behind the attack demanded substantially larger ransom payments than those in run-of-the-mill ransomware attacks.”
Victim blaming plays into scammers’ hands
While many cyber incidents and breaches may be the result of internal actions, Mr FitzGerald suggested that blaming the person responsible can be counterproductive, as it can dissuade people from speaking up should they identify a threat or issue.
“It’s important to avoid victim blaming endpoint users. What matters is that users can identify red flags and suspicious activity, even in the seemingly mild form of an unusual email from a colleague,” he said.
“Organisations need to improve their security training, and encourage employees to exercise the same level of caution online as they would in real life.
“However, organisations can also improve their overall resilience, and implement strong rules to prevent ransomware or cryptomining attacks, for instance, by ensuring payment requests are only authorised over the phone or in-person.”
Mr FitzGerald added: “Daily and business procedures need to significantly improve so they can recognise and resist increasingly sophisticated attacks.”
- Opinion: Why do so many claim to represent small businesses?
By Adam Zuchetti
- Opinion: House prices not all doom and gloom
By Adam Zuchetti
- Analysis: How can SMEs realistically stay competitive?
By Adam Zuchetti