Computer security is an issue that is not going to go away anytime soon, and any business that ignores cybersecurity does so at its peril. Whether it’s a data breach or the insertion of a piece of ransomware, you want to do everything you can to keep your computer networks safe.

Part of that involves being aware of what’s happening on your network and knowing how to recognize suspicious activity when it happens. By spotting trouble as soon as it appears, you stand a much better chance at saving yourself any number of headaches and costs.

Here are some things to consider when it comes to identifying suspicious network activity.

Identifying Suspicious Activity

Any number of behaviors, including database activities, unusual access patterns, and changes to files for logs, can point toward a cyberattack or data breach. Recognizing these activities for what they are is vital if you want to locate the source and type of attack. Doing so will let you act quickly in stopping the security threat and minimizing any damage.

Here are some common examples of suspicious activity:

  • Account abuse: The sudden overuse of privileged accounts to grant access to new or inactive accounts is a sure sign of an attack from the inside. Either an employee has initiated a run of unusual activity, or a hacker has gained access to a top-tier account. Other signs could include sharing information without cause, modifications applied to audit records, or mysterious deletion of login files.
  • User access: Unexpected user access changes are often a reliable sign that an outside hacker has acquired a user’s credentials and is poking around your system. Behaviors you may notice include user access at odd hours, remote access, and multiple failed attempts to log in.
  • Database activity: Unusual database activity can come from both inside and outside your business. Vital signs to watch include unexpected changes in users, changes in permissions, changes in data content growth, and access during non-business hours.
  • Unexpected network behavior: Network activities that fall outside of usual expectations are a reliable signal that something amiss is happening. Look for traffic originating from outside your network, protocol violations, and unauthorized scans. A sudden change in network performance should also be checked out.
  • Unexpected virus notifications and system slowdowns: Simple warnings to be on the lookout for would be a sudden increase in virus warnings or pop-up windows. If computers or networks slow to a crawl, there could be a problem. A hacker may have gotten in and installed malicious software, or a website or email may have downloaded and installed malware on the sly.
  • Unauthorized port access: Most ports have specific assignments. If unsanctioned port access occurs, it could be a sign that files are being accessed without authorization or that a malware attack is underway.

How Suspicious Activity Can Vary

Depending on the sort of business you’re in, suspicious activity may present itself in different ways. For instance, smaller companies might notice user abuse or abnormal database activities early on as bad actors access personal or cardholder information. A larger business or financial institution may more likely experience dodgy account behavior, unauthorized port access, and malware or spyware designed to steal financial data and personal identity information.

Some organizations find themselves the target of advanced persistent threats (APTs). These multi-phase attacks usually go after an organization’s network and vary in their subtlety as they poke and probe for weak

nesses or backdoor access. APTs often choose to attack government organizations or large corporations but have been known to cause trouble for small and medium-sized businesses as well occasionally.

Dealing With Suspicious Network Activity

As with most security issues, the key to approaching suspicious network activity is prevention. This requires having set protocols and procedures for both you and your employees. An effective data security policy should include:

  • Solid password policies
  • Periodic review of traffic, error reports, network alerts, and performance
  • Malware and virus protection
  • Robust firewalls
  • Regular risk assessments
  • Employee education
  • Incident and failure response strategies
  • File integrity monitoring

Data Security Is Serious Business

Your customers expect you to keep their information safe, and your business’s reputation is on the line. As often as hackers and other bad actors keep finding new ways to target and exploit networks, so too do the strategies and tools for combating these threats evolve. Whether it’s adopting file integrity monitoring, conducting system activity audits, or running simple virus checkers, you can stay ahead. It just takes a bit of vigilance and commitment to your network’s security.

Your business will be stronger for it.

Curtesy: Medium.com

India has been aggressive with its vaccination drive since its launch in January 2021, for health care and frontline workers first in line. The second phase of the vaccination program for the public kickstarted on March 1, 2021. The two vaccines being administered include “Covishield” from the Serum Institute of India and “Covaxin” from Bharat Biotech. Technology plays a critical role in planning, deploying, and monitoring vaccination programs. Hence, citizens are urged to register via Aarogya Setu or on the CoWIN website. However, hackers are testing the country’s digital architecture, and allegedly impersonating the legitimate CoWIN website to coax citizens into registering on the fake portal and exfiltrate their personal information.

RDP Attacks Skyrocket

Remote work continues to top the business continuity operations in India. According to a cybersecurity report from Kaspersky, India witnessed 9.04 million brute-force attacks against remote desktop protocol (RDP) in February 2021, compared to 1.3 million in February 2020 and to 3.3 million in March 2020. Working in decentralized environments has become the new normal and brute-forcing RDPs, the most common technique for cybercriminals to gain access to Windows systems and execute malware.

“Remote work isn’t going anywhere. Even as companies begin considering re-opening their workplaces, many have stated that they will continue to include remote work in their operating model or pursue a hybrid format,” said Dmitry Galov, a security expert at Kaspersky. “That means it’s likely these types of attacks against remote desktop protocols will continue to occur at a rather high rate. 2020 made it clear that companies need to update their security infrastructure, and a good place to start is providing stronger protection for their RDP access.”

The New-age Oil Leaks Copiously

The data breach landscape in India, pre-COVID, was simple. Adversaries launched ransomware attacks by encrypting the data on vulnerable systems and demanding ransom in exchange for a decryption key. Cybercriminals were complacent in inventing new attack vectors. But as the adage goes, change is the only constant. Today, ransomware groups are re-inventing their modus operandi to not just attack the data or “the new-age oil,” but the brand image of a business. With improved infrastructure, India is opening its doors to global market players. Threat actors are leveraging this opportunity to attack the brand image of a business/enterprise by dropping malware payloads on the targeted system and exporting data, in turn damaging intellectual property and national security.

The recent MobiKwik data leak exposed the data of 3.5 million users, with 6TB of KYC details and 350 GB of compressed MySQL dump. To add to the list, the personal information of 533 million Facebook users from 106 countries was leaked for free on an underground hacking forum – with 6.1 million users from India alone. And if this was not enough, India’s second-largest stockbroker, Upstox, was reportedly the latest victim of a breach, allegedly leaking data of 2.5 million users.

Souring India-China Relations

Ever since the pandemic broke out, India’s relationship with China turned sour. This was evident in the Mumbai power outage in October 2020, which crippled the financial capital with chaos. An investigation from Maharashtra cyber department revealed a malware attack with unaccounted data transfer from a foreign server to the Maharashtra State Electricity Board (MSEB) server. However, evidence from Recorded Future underlined the geopolitical tensions and border clashes between the two Asian neighbors. It claimed that Chinese-state sponsored group “RedEcho” targeted India’s power grid. However, it did not stop here. CERT-In averted a hacking attempt on Telangana state power utilities, TS Transco and TS Genco, by a Chinese cybercriminal hacking group.

In the past, the Indian government alleged Chinese threat actors for attacks on the National Informatics Centre (NIC), the National Security Council (NSC), and the Ministry of External Affairs (MEA). The transformative role of technology impacted Indian cyberspace and the information sector. Another report stated that India was named one of the most cyber-targeted countries globally in 2019, with over 50,000 cyberattacks from China alone. Whereas, the IBM Security report titled “2021 X-Force Threat Intelligence Index,” revealed that India was the second most cyberattacked country in the APAC.

Where do we go from here?

Apart from vaccine disruptions, RDP attacks, and foreign intrusion, team CISO MAG continues to observe common attack trends such as phishing and business email compromise directed towards Indian governments and enterprises. Armies in countries like the U.S. have a cybersecurity unit (U.S. Cyber Command) that is responsible for countering cyberwarfare. India has cyber cells attached to its state police forces, and in a similar vein, the Indian government needs to seriously consider a cyberwarfare unit within the armed forces and scale up its cyber maturity.

Cyberwarfare is here to stay threat actors are eyeing every chance to sabotage the country’s defense mechanism. Out of the many attempts made by security agencies, India’s agility in incident response has been inadequate. And with the soaring second COVID-19 wave, it would be interesting to watch how India combats the vicious nature of existing and new cyberthreats

Curtesy: ciscomag.eccounsil.org