Cyber threats now and beyond the Covid-19 pandemic
Approximately 40% of employed workers in the country worked remotely during COVID-19 Alert Level 4 lockdown. Even with alert levels easing to Level 1 across the country, many of us are continuing to work from home.
Because it’s easier to hack a remote user than it is a worker inside a corporate environment, we’ve seen an increase of activity exploiting weakened security since the start of the NZ lockdown period in March. Across the world, cyber attacks have jumped 400%.
The Cyber Risk Index, which covers 50 countries, puts New Zealand at the higher end of being susceptible to attacks. The higher the index between 0 and 1, the higher the risk, and New Zealand sits at 0.660. These ever-present and evolving online security issues are what keeps IT professionals on their toes.
We take a look at the five types of cyber attacks that the country has experienced recently, and the methodologies that hackers are using to boost their attacks going forward.
These attacks involve encrypting data on target systems and demanding ransoms in exchange for letting the users have access to the data again.
In May and June, transport company, Toll Group, and brewing giant, Lion, were hit by ransomware. Increasingly, businesses are being targeted as they have more money than individuals to fork out the ransoms.
DDOS (distributed denial of service) attacks involve taking over many devices to invoke functions of a target system e.g. websites, causing them to overload and crash.
In August, NZX, Stuff and Auckland Council succumbed to DDOS attacks which caused operational chaos for days.
DDOS attacks are considered one of several cloud computing vulnerabilities that also include insider threats, account hijacking and data breaches.
Malware is malicious software that ends up on a device or network which then takes down a system or corrupts data.
Phishing campaigns are malicious emails that trick recipients into disclosing confidential information, or downloading malware via hyperlinks within the email messages.
One of the oldest types of cyber attacks, phishing lets hackers steal user logins, credit card credentials and gain access to private databases.
Nowadays, machine learning is used to quickly create and distribute convincing fake messages that can compromise an organisation’s networks and systems.
These attacks occur when hackers take over smart devices (e.g. wi-fi enabled speakers, appliances, alarm clocks etc) and make them part of a DDOS attack to steal data.
Enhanced hacking methodologies
Staying inside a target network is key to a successful cyber attack. Counter-incident response turns off antivirus, firewalls, and anything that might trigger detection.
The longer hackers get to achieve their goal, the more successful they can be, for instance going further in data collection, or up the supply chain.
Mitigation will have to include filtering the noise in incident reporting in order to respond to the real problems as fast as possible.
Just as security operations are starting to apply intelligent automated incident response filtering, hackers are finding that automated attacks work in their favour.
Automated attacks cause significant damage to businesses. These start with automated mass reconnaissance scans and basic malware infections, with human involvement coming later to see what's been caught in the net -- essentially, it's a type of criminal penetration testing.
Mitigation includes keeping your cybersecurity emergency basics in place.
Big game hunting
Rather than take a scattergun approach of automated malware infection, big game hackers bide their time to target key organisations for the best return.
The favourite method is ransomware, which employs well-tested and human-powered reconnaissance, delivery and lateral-movement tactics, techniques and procedures.
Mitigation requires proactive monitoring for attack indicators by capturing all raw events to detect malicious activity not identified by traditional prevention methods.
While there’s no foolproof way of preventing a cyber attack, the New Zealand government offers the following tips to help keep your business data and operations secure.
Plan to protect important data
Restrict access to your systems to those who really need it
Encrypt all sensitive data
Use passphrases that are at least 15 characters long with a combination of character types
Monitor online behaviour
Use a developer who builds using Open Web Application Security Project (OWASP)’s top 10 guidelines
See further details in the ‘Protecting business data’ guide.
Cyber attacks up 400% compared to pre-COVID-19 levels, Security Brief
What are cyber attacks and what to do about them, Prey Project
Future of cybersecurity, Racounteur