WE ARE ALWAYS UNDER CYBER ATTACK …

We are always under cyber attack and unfortunately it is now a commonly accepted condition. On a personal level, we note the large number of phishing emails we receive daily and the continuous false requests from various bogus banking institutions with the aim of extorting our accounts credentials.

A recent publication, Microsoft’s Digital Defense Report 2020, has highlighted even more how cyber attacks are now our daily normality.

The ideas, coming from the report, are many, so we will try to highlight those that we believe to be of greater or more immediate interest.

Cybercriminal organizations are evolving in terms of efficiency and competence; also because they can count on substantial funding, both from organizations linked to certain nation-states and from criminal organizations. Many attacks are often attributable to organizations present in various states of Eastern Europe, the Middle East and the Far East.

These organizations are also developing new tools, both automatic (based on sophisticated algorithms and sw robots) and industrial espionage (with a strong human investigative activity), using, as the main basis of first attack, automatic web reconnaissance and email phishing. The secondary purpose is to get to the theft of credentials, ransomware and encrypted malware, with the ultimate goal of obtaining a fraudulent economic gain and/or creating management and economic problems for companies and/or government agencies. Particularly in this area, the creation of Exploit VPN has highlighted the criminal interest in being able to block corporate networks (through DoS and DDoS).

A further element of evaluation is that these organizations have shown a strong spirit of adaptation; in fact, the period of COVID-19 has led to a significant increase in phishing email based on topics related to viruses, defense medical devices and health services. It has been noticed that the variations of topics even follow the top trends, to launch themed lures, with maximum effect.

Malicious servers, where various fake sites and malicious software are kept, are now hidden in the cloud, well camouflaged among other traditionally conventional sites and applications.

IoT devices, being frontier elements, are considered by hackers the weak links in the chain, where attacks can converge. In fact, in 2020 there was an increase, compared to the previous year, of about 35% in attacks on IoT devices.

So what to do ?

The report itself tries to give answers. Based on both common sense and the functionality of the latest technologies, we report about ten (those of our greatest interest).

Adopt multi-factor authentication (MFA): The attacker will have to overcome additional control factors to get our account and this drastically decreases the statistical probability of success of the attack (eg PIN, Code via PEC or SMS, SPID, Electronic cards, dedicated mobile apps, …).

Go beyond passwords: It being understood that passwords must be complex, unique and possibly random, the current technologies allow biometric recognition to be added to passwords. Therefore we can adopt, now at acceptable costs, the recognition of the face, fingerprints, voice, retina or other to increase our safety exponentially.

Maintain Email: Because 90% of attacks start with an email, preventing phishing can limit the opportunity for attackers to succeed. Email platforms now provide filters for inbound, outbound and link. We also consider the possibility of limiting or disabling autoforwarding for email.

Achieve a secure software development lifecycle: Whether you develop it yourself or purchase it, it is recommended that you organize a robust software development lifecycle, that includes threat modeling, design reviews, deeper static and dynamic application testing and penetration testing in production.

Adopt the 3-2-1 approach to backups: Backups are essential for reorganizing and restarting the business after a breach. It is useful to implement the 3-2-1 rule: keep 3 copies (original + 2 backups), use 2 different types of backup storage and keep 1 backup copy in another place (offsite).

Adopt the principle of least privilege: To limit insider risks, both intentional and unintentional, it is necessary to practice the principle of least privilege, that provides for the release to the user of the minimum and sufficient credentials to perform his business functions. Always we consider to limit of system administrators’ privileges, to avoid unwanted intrusions to systems and applications of business importance.

Adopt security policies for the IoT: We understand that IoT devices are and will be the weak link of the IT system, therefore it is necessary to integrate each IoT device within the corporate security programs, monitoring their functioning, with the aim of achieving complete governance of the device itself.

Know your perimeter: Recent pushes towards smart-working and the personal devices and networks use (BYOD) have led to the redefinition of the IT corporate perimeter. Endpoints are increasingly distant from the corporate network, expanding with new software installations, for videoconferencing and collaborative activities, becoming reference points for hacker activities, such as reconnaissance and infiltration into the network. Monitoring endpoints (including non-corporate ones) and checking their correct and safe functioning is the challenge of the present and will be even more so in the future.

Invest in continuous user training: Users, being the first line of corporate defense, must be strongly sensitized on the topics of IT security. Training must be institutionalized at an organizational level and must always be updated on the methods and tools to identify and manage the various types of cyber attacks.

Adopt a Zero Trust mindset: Never think that everything behind our corporate firewall is safe. Regardless of the origin of the request or the resource being accessed, we always evaluate authentication, authorization and encryption before granting access.

ACTION ICT   (October 2020)

 

ACTION ICT is a young, dynamic and innovative IT company. It operates, both nationally and internationally, offering professional skills and design solutions in the ICT field to medium and large businesses. Our highly skilled know-how is housed in three expertise specific departments: ACTION DATA (Big Data Analytics and Artificial Intelligence), ACTION APP (Web & Mobile Application) and ACTION IOT (Internet of Things and Robotics).

Latest from blog

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close