cybercriminals – CyberSecurity Confabulation

Help Desk Personnel are the Side Door for Cybercriminals

Posted 9 months ago by Jane Devry

According to Gartner, worldwide end-user spending on security and risk management is projected to total $215 billion in 2024. That is up nearly 15 percent from 2023. This increase in investments is happening for a good reason. Just look at the spike in ransomware attacks alone. According to recent Corvus Insurance research, ransomware attacks increased by 68 percent in 2023 (over 2022), establishing a new record for a single year at 4,496.

Yet, as businesses invest in new and innovative technologies to tighten the perimeter and battle increasingly sophisticated attacks—endpoint detection and response, secure access service edge, identity, and access management, the list goes on—many are continuing to leave critical gaps that cybercriminals can and will exploit. One example is the IT help desk.

Help desks are being leveraged as a side door for cybercriminals, and for anyone questioning just how big an oversight this is, look no further than a leading Las Vegas resort. Last September, cybercriminals leveraged LinkedIn to get details on a report employee, which was then used to socially engineer the IT help desk into resetting the user’s account. That kicked off a cascading series of unfortunate events leading to a full-on ransomware attack. The full impact was apocalyptic: digital key cards for rooms stopped working, credit card terminals shut down, slot machines went out of service, and more.

In a battle where businesses exhaust vast sums of money to mitigate increasingly sophisticated attacks, incidents such as this stand out because the access point, a user account, and the tactics employed were actually both very low-tech. Yet, despite its simplicity, this approach allows attackers to skip several steps in a short amount of time.

As I’ve been hearing more and more lately, “Attackers don’t break in; they log in.” The resort above is by no means alone. Many other companies have been victimized through the help desk and are responding with investments in secure multifactor authentication (MFA), which requires that employees provide multiple types of verification information. MFA is a great first step, but on its own is not enough.

Many businesses fail to seal all gaps by not investing in processes to validate users before help desk personnel comply with requests to reset credentials. As a result, attackers armed with key pieces of personal information needed to pass the verification processes can cajole help desk personnel into resetting account credentials or the MFA method. From there, they gain free rein to an array of privileged information.

To fully seal the side doors and prevent breaches, some additional steps for help desk personnel to employ include a multi-step verification process. Multi-step verification requires additional verification factors, which decreases the likelihood of a threat actor taking over an account. The key is asking users to provide details beyond any information they could glean from a site such as LinkedIn and other social media destinations. Yes, I’m talking about those overused security questions relying on relatively accessible information such as your mother’s maiden name, the street you grew up on, or high school mascot.

Another element that can help is adding visual verification components. This could be as simple as a video call where the employee’s manager or a team member jumps on Zoom to verify that the person is who they say they are. Businesses can also take the next step and employ face-recognition technologies while tying in contextual information.

A final set of verification factors to consider are location, network, and time of day. Each of these can be valuable in verifying that the person is who they say they are.

Train Your Help Desk

Take the time to educate your help desk team on the latest tactics used by attackers. For example, attackers often create a fake sense of urgency, hoping that this need for immediate help or access will result in staff skipping key verification steps and giving the attacker what they are asking for. This is especially true when attackers are impersonating someone high-ranking at the company. Since this is a tried-and-true tactic, all help desk personnel should be trained to spot it and manage it accordingly.

Well-trained help desk employees should also be able to pick up on other cues. For example, when the help desk team asks a series of personal questions, there is an opportunity to not just wait for answers but to pick up on behavioral cues. There may be instances when a help desk employee may notice that the caller or person on chat takes an unusual amount of time to answer basic questions. This can be a strong indication that they aren’t who they claim to be.

Stop Oversharing

In addition to the help desk, the company’s security team should work to educate all employees regarding the information they share on social media channels. As many of us know from personal experience, many sites ask the same verification questions when you cannot recall your password. You know the ones—what street you grew up on, the name of your first school, what was your high school mascot, what is your mother’s maiden name, etc.… I also know that many people inadvertently share the answers to these questions through the information they post on social media. As a result they put them out there where anyone can grab them. Work closely with your team to ensure the that information they are tying into key verification questions is not the same as what they could be posting online.

In a world where increasingly sophisticated cybercriminals are waging battle against highly innovative security solutions, the simplicity of a help desk attack stands out, and in all likelihood, other bad actors are taking notice. That’s why companies must act now and take the necessary steps to help ensure that help desk personnel are not giving away the company keys to the wrong people, or even unlocking the door for them.

The good news is that by investing in additional solutions and providing help desk personnel and general employee education, you will be able to fortify the help desk side door.

Ryan Bell, Threat Intel Manager, Corvus Insurance

Ryan has been at Corvus Insurance for over a year as the Manager of the Threat Intelligence Team. His role revolves around keeping Corvus insureds a step ahead of threat actors using a wealth of cybersecurity expertise. During his time at Corvus, the Threat Intelligence team has matured proactive alerting and intelligence analytics capabilities, supporting Corvus’s leading loss ratio and stature as a thought leader in cybersecurity. His background includes a graduate degree in sociology, undergraduate degrees in sociology and digital forensics, and numerous experiences starting and leading threat intelligence teams.

The post Help Desk Personnel are the Side Door for Cybercriminals appeared first on Cybersecurity Insiders.

How do cybercriminals use artificial intelligence?

Posted 10 months ago by Jane Devry

The world is becoming increasingly digital, and innovative technological advancements such as artificial intelligence (AI) are evolving at an alarming rate. But unfortunately, as technology advances, so do the strategies of cybercriminals. The integration of AI into nefarious online activities has sparked a cascade of newly sophisticated cyber threats which both individuals and businesses alike need to be aware of.

The key to avoiding falling victim to cybercrime is to be vigilant and intentional when opening and responding to any online correspondence – but as cybercriminals step up their attacks with the power of AI, is training and awareness enough?

Ahead, we break down how cybercriminals are harnessing AI to amplify the scale and efficiency of their cyber attacks, and what you can do to defend yourself.

Machine learning algorithms

Machine learning algorithms can be trained to scour vast amounts of data, identifying trends and predicting patterns, which can be massively beneficial to many businesses and industries. However, in the hands of a criminal, this power can be used to identify vulnerabilities in networks, applications, or systems, enabling attackers to launch highly targeted and adaptive attacks with AI-powered algorithms.

In the same way that businesses can use this technology to run around-the-clock operations and receive real-time insights into their performance, maintenance needs and marketing strategies, so too can cyber scammers. This presents a challenging threat, essentially granting scammers superpowered access to automated, adaptive attacks that can bombard users from multiple angles and with new, more subtle and intelligent tactics.

Phishing

Phishing attacks have been consistently used by cybercriminals to lure vulnerable or unsuspecting users into divulging sensitive information or accidentally installing malware. But with the springboard of AI, these tactics are becoming even more sophisticated and difficult to spot. Where incorrect grammar and obvious spelling mistakes used to give away a fraudulent email to most of us who are tech-savvy, generative AI has made creating fluent, professional-looking emails easy for scammers.

Now, AI-powered systems can analyze huge quantities of data and use it to create highly personalized and convincing phishing emails or messages which are tailored to individuals based on their online behaviors, patterns and preferences. This increases the likelihood that a user will trust the email as genuine and follow a link or reply with sensitive information.

Phishing emails are incredibly dangerous, as a single misplaced click can quickly devastate a company by allowing access to private and confidential information such as customer details, account information or trade secrets. Not only does this potentially breach confidentiality laws, but a successful attack can also cost the reputation and integrity of a business – not to mention the financial impact if the scammers manage to breach your accounts.

Malware

Malware and ransomware are types of viruses that ransack a computing system, stealing confidential information and often rendering it useless. Using machine learning systems, cybercriminals are leveraging AI to continuously mutate the code of malware – evading detection from traditional antivirus software. AI-driven ransomware attacks have also become increasingly prevalent, as attackers can harness AI to identify high-value targets and demand the optimal amount for restoration of their computers based on the individual or company’s financial history and position.

AI-fuelled cyber threats can also target a company’s internal AI systems, poisoning the data to create flawed outcomes and spread chaos and destabilization – which makes it easier for criminals to breach defenses with further cyberattacks. The rise of AI usage in cyberattacks certainly poses a national security threat, and a multifaceted approach is necessary to effectively protect individuals and businesses against these newly powered threats.

Investing in AI-driven cybersecurity solutions, capable of detecting and mitigating advanced threats in real-time, is paramount. Employee training must be prioritized, with regular awareness programs about how to recognize cyber threats, risk analysis and effective response protocols.

Stay vigilant

Although the evolution of AI represents a significant escalation in cybersecurity threats, it’s possible to mitigate the risks and safeguard your digital assets. Staying vigilant and avoiding the temptation to respond impulsively to any online correspondence is essential, as cybercriminals prey on the sense of urgency to convince you to expose yourself. By creating a comprehensive cybersecurity infrastructure, you can be proactive in defending against cybercriminal activity as AI continues to revolutionize our digital world.

The post How do cybercriminals use artificial intelligence? appeared first on Cybersecurity Insiders.

Four ways to make yourself a harder target for cybercriminals

Posted 11 months ago by Jane Devry

All of us rely on at least one device in order to go about our daily lives. Our smartphones help us get from A to B, connect us with friends and manage our bank accounts, our work laptops allow us to earn an income, our home laptops allow us to play games and stream entertainment. So how would you feel if they were all taken away?

With our reliance on technology increasing, so too does our level of risk when it comes to cybercrime. You might not think about it this way, but your smartphone, for example, holds the key to multiple accounts which store your personal information – yet most of us don’t have security software installed, or even a hugely secure password.

In this post, we explore four ways to keep your devices and information secure.

Use a password generator

Whilst many mobile apps now utilize biometric logins, passwords are still the dominant form of security for most websites. Using the same one, or even a slight variation for each site means that if a cybercriminal gets hold of your information, they have access to almost everything.

Most people don’t have the headspace to think of a variety of long, varied passwords and then keep that information in their brain for whenever they need it. Fortunately, secure, encrypted password generator programs allow you to create a unique password, made up of letters, symbols and numbers, and save it in a digital ‘vault’. You then only need to remember the master password, or use a biometric login to access this. The app will allow you to directly copy your password over, so you don’t even need to see what it is – heavily reducing the risk that someone will be able to crack it.

Setup multi-factor authentication

Most of us will be logged into our accounts in multiple places – for example, emails on your phone and on your laptop – as well as staying permanently logged in to social media apps. It’s quick and convenient, and you can get real-time notifications that allow you to stay connected and informed. Unfortunately, this practice means that it’s harder to notice if anything suspicious is happening on your accounts, as multiple people could be logged in, using your credentials, without you even realizing it.

Multi-factor authentication (MFA) adds another layer of security, requiring you to enter extra information such as an authentication code for any new login attempts. The chances are, a criminal would log in on a device that is unrecognized by your account, and so it would prompt an authorization check on your primary device, keeping your information secure. With many major social media sites and cloud providers now offering MFA, this is an easy, no-cost solution to make yourself a harder target for cybercriminals.

Keep your software updated

Do you regularly hit ‘install later’ on the software update pop ups on your computer? If so, you could be putting your information at risk. With cyber threats regularly evolving, having the latest technology installed on your device can help tackle any new attacks that come your way. Whilst updates do often include layout changes or new features that you don’t necessarily want or need, they also offer vital additions to your computer’s defenses.

Be more cautious

The final step towards making it harder for cybercriminals to target you is to stay vigilant, and challenge any suspicious behavior. Scammers tend to target people who aren’t that cyber-savvy, so even a basic understanding of what to look out for can help protect your money and information.

For example, if a company calls you and asks for your details to solve a problem you’ve reported, you’re well within your rights to say that you’ll call them back. This way, you can make sure that you’re dialing the official phone number from your previous correspondence or their website, and haven’t been caught out by an impersonation scam.

Phishing emails are also an incredibly popular way for scammers to get hold of sensitive information or gain control over people in order to extort money. Research estimates that 3.4 billion spam emails are sent every day, so the chances are that all of us will see them in our inbox at some point. Don’t click on any links that you’re not sure about, open unusual attachments, or reply to any unknown senders. Criminals are also increasingly impersonating legitimate email accounts too, so look out for typos or other features that may suggest something isn’t quite right.

The post Four ways to make yourself a harder target for cybercriminals appeared first on Cybersecurity Insiders.

FBI issues warning after crypto-crooks steal $1.3 billion in just three months

Posted 3 years ago by Graham Cluley

Amid a wave of hacks that have cost investors billions of dollars worth of cryptocurrency, the FBI is calling on decentralised finance (DeFi) platforms to improve their security. In a warning posted on its website, the FBI said that cybercriminals are increasingly targeting DeFi platforms to steal cryptocurrency, often exploiting vulnerabilities in smart contracts to […]… Read More

The post FBI issues warning after crypto-crooks steal $1.3 billion in just three months appeared first on The State of Security.