We often find ourselves talking about security a lot lately – the reason being that data breaches are pretty much a daily occurrence. Just go to Google and search for “data breach.” As of this writing it returns 19.5 million search results. According to The Identity Theft Resource Center there were 783 breaches in the U.S. alone in 2014. That is more than two per day which leaves many people questioning, like those at Security InfoWatch, “When will your data breach happen?”
Like many experts have said, it is no longer a matter of if, but when your data will become compromised. With this knowledge comes an even greater responsibility to defend and secure our own networks and systems to combat data breaches. We have to educate our bosses, co-workers, and staff on ways that they can protect themselves and those around them. This is why we have taken the time to compile a short list of the three most common ways data breaches begin, and the list might surprise you.
- Phishing Emails – We spoke in-depth about phishing emails in September. Phishing emails attempt to solicit usernames, passwords, or other personal information about a victim. Often the email presents a link to a false, intentionally deceptive, website that the victim will “log in” to and then be redirected to the real website. By the time they reach the real website their credentials have already been stolen. The link can also direct the victim to a site that is hosting malware, prompting the user to “update” a plugin or download a malicious file to verify account information. In any case, clicking links or opening attachments in email from untrusted senders (sometimes even trusted senders) is the quickest way to an infected computer or to lose personal data, such as login credentials. This is also one of the easiest attacks, because the victim usually “consents” to being attacked because they are deceived.
- Malware – Malware is malicious software that is often installed with user consent through deceptive means, but can also be installed without consent under certain circumstances. Its intention is to damage or disable a computer or network, or open a backdoor for more aggressive attacks. We touched on this briefly in the former paragraph. Malware is often the reconnaissance unit that preempts a larger attack. Once it finds it ways onto a system it can begin scanning the system for vulnerabilities, downloading more malware in the background, and even looking out into the network for more details that it then sends back to a human attacker. Most malware is purpose-specific, such as ransomware which encrypts your data and then holds it hostage for a fee, but other malware can be more complicated. Some malware instances can scan a network for servers and databases, alerting a human attacker of their presence on the network for further attack. Since most malware attacks blindly, it is a game of odds with the attacker hoping to win the lottery with each new infection.
- Social Engineering – This form of attack is often specific to a business or business sector. In a social engineering scenario an attacker will contact someone within a company, usually by phone or email, and attempt to extract information from them that could allow them to breach security defenses. The reason that these attacks work so well is because the attacker is relying on an assumed level of trust. If an attacker is at this stage of an attack they will know a lot about their victim already. They will pose as someone trusted, such as an internal or external IT department, vendor, or manager within the organization. They will often ask for things such as login credentials, pin numbers, or about other people in the organization, such as any managers or the CEO, in order to identify other potential victims.
Most often all three of these work in coordination. A typical scenario could be the following:
A receptionist receives an email from a vendor asking them to follow a link to verify some information. The receptionist follows the link to the page and is asked to “update” their Flash Player. The receptionist agrees to the prompt on the screen and unknowingly consents to install malware. At this point the attacker has an entryway into the network from which to work. The malware is highly automated: downloading other software in the background, looking for vulnerabilities on the system, installing a keylogger, and scanning the network for system names, servers, and other vulnerable, unpatched workstations which it can infect. Once it begins to infect other systems it repeats the process, but now it can do so exponentially. Within a few days this one infected system has allowed other systems to become infected. With a wealth of information at their fingertips, the attacker has already begun to “fingerprint” the network, looking for usernames on workstations, cataloging credentials extracted from keyloggers, looking for servers that might contain databases which they can upload to their own systems (this is the breach), and seeking people to call as part of a larger social engineering attack to verify information gathered.
Attacks can begin with any one of these three points mentioned above, so always be mindful of links, emails, calls, and software. As Brian Krebs, an American Journalist and investigative reporter has said, “if you didn’t go looking for a program, don’t install it.”
If you ever have any questions about a link, email, software, or a call you have received, please call us and we will be pleased to help. As the old adage goes: “An ounce of prevention is worth a pound of cure.”
Write down our contact information and keep it close.
Phone: (877) 896-3681, press 1 for support.