Are SMBs unprepared for cyber extortion?

In the past decade over 50 million Micro, small, medium enterprises (MSMEs) business are formed in India.  These MSME firms fueling the economy and contributing to economic growth. They are also a ripe target for cyber attackers, as most of them are connected to the internet than ever before, yet their cyber security capabilities are more limited than businesses elsewhere.

Many MSMEs lack the technology, knowledge, and expertise required to deal with even relatively modest cyber security threats. One threat that stands out above the rest, which is the Ransomware attacks.  In the recent days, Ransomware attacks are commonly seen and once infected the companies (esp the MSME) are brought down to its knees.   These Ransomware attacks impacts the MSMEs more than larger enterprises, just for the fact that larger enterprise are generally more immune to handle such unforeseen event than the MSMEs.

Who is at risk? The short answer: Everyone with a computer on the internet. Ransomware attackers often target essential and highly sensitive information from a wide range of data-centric businesses and industries including health care, law firms, KPO, BFSI and energy organizations.

Ransomware often infects its victims via the web or email. Web-based attacks tend to use drive-by exploits that target browser, platform or system vulnerabilities, or rely on malicious URLs that may redirect users to sites that host exploit kits. Email-based ransomware is generally used in targeted attacks, and relies on a variety of methods including phishing, spear phishing, malicious attachments, and URLs.

Online virtual currencies such as Bitcoin are the preferred methods of payment because they are not easily traceable. Yet paying the ransom offers no guarantee that the files will be unlocked, leading to loss of both data and money.

Traditional security solutions rely on static analysis and signatures to detect and block known threats. Ransomware attackers can easily bypass those defences. To reduce the chance of a ransomware attack succeeding, organizations need visibility into their internal system security levels and a strong understanding of the attackers’ tools, tactics, and procedures:

  • Email security as first line of defence to block ransomware distributed through email attachments and embedded malicious links.
  • Network security solutions such as advanced endpoint technology can identify an attack in progress and block further damage.
  • Backup strategies should be tested and evaluated regularly to ensure recovery is successful.
  • Copies of backups should be stored offsite in case onsite backups are targeted.

Disruptive attacks have become a legitimate issue and businesses must plan and prepare accordingly. The best way is to prevent the ransomware attack is have the right set of controls in place – Security Awareness Training People, Stringent Security Process and Robust Technical Controls.

Cyber Security on IoT and SCM

In the recent days Internet of Things (IoT) has a pivotal influence on multiple sectors and would lead to the dawn of an unprecedented era of automation when billions of devices would be connected to the internet and would be able to share information. This would undoubtedly provide a boost to technological innovations and foster path-breaking developments. It is estimated that by 2020 over 24 billion devices connected to the internet would be installed.

The supply chain is no exception when every aspect of product development and delivery is being transformed, facilitated, and made more efficient through automation and integrated intelligence.

IoT empowers supply chain and logistics management

IoT Technology has been a major differentiation in the supply chain and logistics. Whether it is warehouse management, fleet management, delivery or shipment, IoT has majorly made its impact on this field.

Today, many firms are extending Internet of Things (IoT) devices into their supply chain to improve productivity and customer service. Sensors, communication devices, analytics engines, and decision-making aids are being employed to improve the efficiency of fleet management services, schedule optimization, routing, and reroutes due to adverse conditions. The IoT provides real-time tracking solutions and instant inventory visibility.

Risks in Supply Chain Management

However, as firms use the IoT to expand their reach into the supply chain, so too does it increase their attack vectors and potential loss of proprietary and sensitive data. Information System stores data and passes it between potentially thousands of devices that may have exploitable vulnerabilities; a poorly designed architecture could provide hackers the ability to disrupt, destroy, or steal vast and valuable stores of corporate and personal data.

The major security risk associated with the IoT comes from interactions with physical processes and its content leakage.  Specific to the supply chain is the issue of data leakage, where content becomes visible to hackers either through malicious or unintended means and with manufacturers making devices to different standards, problems could include a lack of device-interoperability, devices interacting unintentionally and even representing a risk to user safety, devices constructed from cheap or inferior hardware posing a cybersecurity risk by containing malware.

Also, IoT sensors are most susceptible to counterfeiting (fake products embedded with malware or malicious code); data exfiltration (extracting sensitive data from a device via hacking); identity spoofing (an unauthorized source gaining access to a device using the correct credentials); and malicious modification of components (replacement of components with parts modified to generate incorrect results or allow unauthorized access).

Risk Mitigation

Cyber security measures should be considered throughout the lifecycle of an operation—including planning, architecture and design, implementation, testing and migration.

There are several international and national standards documenting cyber security capabilities, policies and practices. Its recommended by experts these three as essential to creating a good foundation in the development of an IoT/cyber security strategy.

  • International Electrotechnical Commission (IEC) 62443: Industrial Automation & Control Systems Security
  • National Institute of Standards and Technology (NIST) 800-82: Guide to Industrial Control Systems (ICS) Security
  • Industrial Organization for Standardization (ISO) 27002: Information Technology—Security Techniques—Code of Practice for Information Security Controls

WordPress – WooCommerce Security Flaw

Up to 4 million online merchants who use the popular WooCommerce WordPress plugin are vulnerable to a file deletion vulnerability that could allow a rogue “shop manager” to escalate privileges and eventually execute remote code on impacted websites.

Researchers at RIPS Technologies trace the bug to an un-patched design flaw in the privilege system of WordPress which can lead to an attack. While the flaw impacts many plugins on WordPress, one of the bigger impacted plugins is WooCommerce, an open source e-commerce plugin designed for small to large-sized online merchants using WordPress.

WooCommerce establishes “roles” for users ranging from customer, shop manager to admin. The shop manager role allows a user to manage all settings within WooCommerce platform, such as creating and editing products.

A bad actor in the “shop manager” role could open the vulnerable log manager in WordPress and inject a payload to delete the WooCommerce plugin. By deleting this, it disables runtime restrictions on the plugin and the attacker can then edit and takeover the admin account.

An admin account takeover by shop managers occurs because WordPress assigns filters to different roles – in this case WooCommerce roles. Roles are independent of one another and exist even if a plugin is inactive. The roles are stored in the database as a core setting of WordPress – however, it means that they only get executed when the plugin is active.

That would allow shop managers to update the password of admin accounts and take over the entire site.

A potential attacker could access the shop manager role via XSS vulnerabilities or phishing attacks, and then exploit the flaw to take over any administrator account and execute code on the server.

 

Cyber Security Best Practices for SMB

The India Risk Survey report ranks ‘Information & Cyber Insecurity’ as the biggest risk facing Indian companies. Indian organizations, both public and private, had witnessed over 27,000 incidents of security threat. 

Phishing, scanning/probing, website intrusions and defacements, virus/malicious code, ransomware, Denial of Service attacks, and data breaches are some ways in which hackers attack business websites, which can cause operation.

Let’s look at some must-have cyber security measures for SMEs: 

Back to Basics: It is always best to have the basics right.  It is still the best defense from various viruses, malware and other online threats. Prioritize your assets based on its business criticality and address the risks accordingly.  Ensure that the systems, web browsers and operating systems are updated with the latest security patches. Implement firewall security and run antivirus software after each update. 

Security Policy and Procedure: Define Information Security policies and procedure which would be guiding light for the organization and the employees on the Security Best practices.  The organization shall enforce the implementation of such policies and procedure, with appropriate security controls to safeguard their assets.

Security Awareness: Security awareness plays a very critical role in an organization.  Conduct secure awareness training to employees, contractors and vendors on the organization information security policy and procedure. The organization shall ensure all their employees, contractors and vendor understand and adhere to he security policy and practice of the organization. 

Need for BCP: Ensure regular backup of all critical data – whether stored in-house or on the cloud. Perform Disaster Recovery drill at a regular time interval to test the integrity of the BCP plan.

Cyber insurance: After the WannaCry ransomware incidents, small businesses have learnt the potential harm and legal ramifications of an attack. Consider investing in cyber liability insurance to help cover liabilities arising from theft, loss of data, breach of security and privacy. 

Vendor management: With many of a businesses’ assets either being hosted or managed by external service providers – be it your web hosting service or cloud hosting service – working closely with your vendors on a comprehensive plan for risk mitigation is critical. Take the time to understand the vendors’ security certifications, encryption measures, business continuity plans, emergency contact information, etc., to know exactly the level of risk your business is exposed to.

Continuous Assessment and Improvement: As the organization business evolves, so do the IT systems, network and softwares.  IT should be brought under strategic focus are of the organization and it need to be continuously monitored and assessed against new threats and weaknesses.  Appropriate corrective action should be taken to remediate the weaknesses at the right time.

E-Commerce Security – Best Practices

It is obvious that Cybersecurity is one of the most important feature of E-Commerce. Without proper protocols in place, online retailers put themselves and their customers at risk for payment fraud. Smaller stores face even greater e-commerce security risks due to insufficient internet safety from cybercriminals. Records show one in five small business retailers fall victim to credit card fraud every year, with 60 of those stores being forced to close within six months.

Outside of financial consequences, data breaches damage a brand’s reputation and can cause once loyal customers to avoid putting their information at risk again. However, using the right tools will minimize the threat of fraud and instill trust within your customer base.

Here are some of the best practices that can be followed to reasonably protect the business

1.) Make sure your e-commerce platform has multi-layered security.

The best way to keep your e-commerce business safe from cybercriminal activity is to layer your security. Make sure your platform host has protections in place on an application-level like contact forms, search tools and login fields.

2.) Monitor all transactions.

Ensure you and your hosting provider are monitoring all transactions for suspicious activity. Set up an alert system to flag potential threats like a billing address and shipping address not matching, or multiple orders being placed by a single user with different credit cards.

3.) Deploy regular PCI scans and updates.

Your e-commerce platform should issue frequent updates and PCI scans to field for any potential threats that may be targeting your online store. Automatic updates should also be a standard practice in preventing new vulnerabilities to viruses and malware.

4.) Utilize the Address Verification System.

To facilitate safer credit card processing, use an Address Verification System to compare the billing address a customer has entered to what the credit card issuer has on file. An AVS will automatically separate legitimate transactions from fraudulent attempts.

5.) Require a CVV.

Card Verification Value is the three- or four-digit code on the back of a credit card. Under PCI standards, retailers are not allowed to store this number, even if they record customers’ names, addresses and credit card numbers for future transactions. Additionally, many cybercriminals have a credit card number, but not the physical card. A CVV requirement makes it much more difficult for a fraudulent transaction to be processed.

6.) Require stronger passwords.

Hackers use algorithms that generate customers’ passwords. These programs run through all the possible combinations for a four-digit password, with the ability to find the right alpha-numeric password quickly. Longer passwords with at least one special character and a capitalization are more secure.

7.) Use SSL certificates to facilitate a secure connection.

SSL certificates authenticate the identity of your business and secure the data in transit during checkout. This keeps your company and your customers protected from having financial or important information compromised by hackers.

8.) Choose a hosting provider that is PCI compliant.

In order to be PCI compliant, and e-commerce platform must adhere to a strict set of policies and procedures that guarantee the security of payment via credit or debit card. Some of those measures include encryption, anti-malware software, extensive monitoring, risk analysis and more.

9.) Make sure your platform protects against DoS/DDoS attacks.

Most websites simply don’t have the bandwidth to protect against a DoS/DDoS attack, however, the e-commerce platform you choose should have the security in place to counter this threat.

Healthcare Industry Cyber Security Challenges

Data breaches at healthcare organizations have consistently increased year over year, with 277 occurring this year through Oct. 1, compared with 271 during the same period last year. While hackers sell patient data on the dark web, hospitals and health systems
 struggle to recover, sometimes even slowing business to do so.

According to Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR)
  • 58% of healthcare systems breach attempts involve inside actors, which makes this the leading industry for insider threats today.
  • Ransomware leads all malicious code categories, responsible for 70% of breach attempt incidents.
  • Stealing laptops from medical professionals’ cars to obtain privileged access credentials to gain access and install malware on healthcare networks, exfiltrate valuable data or sabotage systems and applications are all common breach strategies.

Solving the security challenges healthcare providers face is going to fuel faster growth. Digitally-enabled healthcare providers and fast-growing digital businesses in other industries are standardizing on Zero Trust Security (ZTS), which aims to protect every internal and external endpoint and attack surface. ZTS is based on four pillars, which include verifying the identity of every user, validating every device, limiting access and privilege, and learning and adapting using machine learning to analyze user behavior and gain greater insights from analytics.

What is ZTS?

Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.

ZTS starts by defining a digital business’ security perimeter as every employees’ and patients’ identity, regardless of their location. Every login attempt, resource request, device operating system and many other variables are analyzed using machine learning algorithms in real time to produce a risk score, which is used to empower Next-Gen Access (NGA).  The higher the risk score, the more authentication is required before providing access. Multi-Factor Authentication (MFA) is required first, and if a login attempt doesn’t pass, additional screening is requested up to shutting off an account’s access.

With the same intensity they invest in returning patients to health, healthcare providers need to strengthen their digital security, and Zero Trust Security is the best place to start. ZTS begins with Next-Gen Access by not trusting a single device, login attempt, or privileged access credential for every attack surface protected. Every device’s login attempt, resource request, and access credentials are verified through NGA, thwarting the rampant misuse and hacking based on comprised privileged access credentials. The bottom line is, it’s time for healthcare providers to get in better security shape by adopting a Zero Trust approach.

Security Gaps in Industrial Environments

Gone are the days, where security threat are only related to IT.  With core industries moving rapidly towards IoT and connecting to various networks and sharing data, clearly, security weaknesses in Operational Technology (OT) networks are becoming a mainstream concern.

The Recent study from Kaspersky noted that 77 percent of security professionals in industrial environments believe their organizations are likely to become targets of a cybersecurity incident. At the same time, 48 percent of respondents said they do not have a specific OT/ICS incident response program while 31 percent revealed that their organizations experienced one or more incidents in 2017.

It is evident that security gaps in the industrial environments are the need of the hour.  Here are the top seven security gaps

Malware

WannaCry and Petya, the two biggest malware threats in the past few years, did not specifically target industrial networks but they did reach them. These threats proved that weak security defences in and between IT and OT networks make it inevitable that OT will be attacked.

The prime reason WannaCry was so destructive is it targeted organizations running outdated versions of Windows, as old as Windows XP — which are no longer receiving security updates and patches. Making them completely vulnerable.

Attacks on Popular OT Tools

In May of this year, Tenable Research issued a warning about vulnerabilities in two Schneider Electric applications widely used in the United States for managing industrial processes in oil and gas, and other industries.

The vulnerabilities shone a stark light on the weaknesses of cyber security vendors and internal security teams, both of which have devoted considerable resources to IT while neglecting industrial environments.

Insecure Controllers Are Prevalent 

Today, many organizations with OT networks face a massive challenge to maintain operational efficiency and improve network security at the same time. The challenge stems from the fact that organizations have a mix of vulnerable legacy controllers and newer Internet-based ones.

Legacy controllers are vulnerable because they lack critical security functionality that is common in newer technologies. Organizations often choose not to update or patch older systems, preferring operational efficiency over network security.

Insider Threat

When an accidental or negligent change is made to an OT network, it can have consequences that are just as devastating as an external attack. The source of the change is immaterial. It doesn’t matter whether the change originates from an employee or a third-party contractor.

‘Air Gap’ Myth

Until recently, industrial networks were separated from the rest of the world by air gaps. In theory, an air gap is a great security measure because it separates the industrial network from the business network — and, therefore, protects it. However, in today’s Internet-centric world, air gaps do not exist as IT and OT worlds are increasingly aligned and therefore more vulnerable to attack.

Disgruntled Employees

Whether a disgruntled employee steals code, sabotages a production line, or poisons a recipe, the impact can be catastrophic.  Having real-time visibility into the network will not prevent a disgruntled person from performing malicious activity, but it will rapidly identify threats. Ideally, visibility should include a intrusion-detection system that analyzes network traffic, and active device integrity checks to identify threats.

Waiting for a Reason to Worry

One of the leading CISO concerns today is business risk. To minimize risk, organizations often adopt a top-down approach to securing all technologies as effectively as possible. This solid approach is rarely followed in the OT world because many people believe they should not worry until some event causes them to do so.