Cyber Defense eMagazine January 2021 Edition

More documents

Recommendations

Info

However, just as online sales are at the forefront, so should cybersecurity. Retailers aren’t the only ones looking to capitalise on the increase in online spending. Shopping seasons offer hackers an opportunity to profit as well. We’ve already seen a huge uptick in cyber-threats due to COVID-19. Now, online shopping provides cyber-criminals with additional motivation to launch their attacks using some of the below tactics: Phishing – Phishing and its variants, including spear-fishing and whaling, are email-based attacks that leverage social engineering techniques to fool recipients into providing sensitive information to the attacker. While spear-fishing and whaling attacks are more targeted than phishing, all three forms attempt to get the victim to read the email, click on a link, possibly open an attachment, and ultimately disclose valuable personal or corporate information. Ransomware – Ransomware attacks seek to extort money from victims by encrypting access to files or entire systems until they pay the attacker a ransom, have become increasingly popular in recent years. Much of this has to do with the potential to make large sums of money from the ransoms. Another reason for the rise in ransomware attacks is the availability of ransomware-as-a-service (RaaS) kits, which are inexpensive to purchase on the black market, making it easy for novice hackers to launch their own attacks. Phishing emails are the top threat vector to distribute ransomware. Distributed Denial of Service (DDoS) – DDoS attacks are designed to stop a computer, server, website, or service from operating by flooding it with internet traffic generated by an army of bots called a botnet. The tremendous growth in Internet of Things (IoT) devices, many of which are not properly secured, has made it easier for attackers to take control of more devices and create botnets. DDoS attacks can be especially damaging to e-commerce businesses if customers can’t access their websites to make purchases. Malware – Malware attacks take many forms including viruses, worms, spam, spyware, and more. Some malware threats such as spam are more of an annoyance, while others such as viruses and worms can spread across a network infecting systems and negatively impacting their performance and user productivity. Similarly, spyware can slow down systems. However, it can also be used to report sensitive information such as passwords back to the hacker. Injections – Injection attacks such as cross-site scripting and SQL injections are used to exploit vulnerabilities in web applications by injecting malicious code into a program, which then interprets the code and changes the program’s execution. In other words, it gets the application to do something unintended such as alter the behavior of a website or expose confidential data like login credentials to the attacker. E-commerce businesses hit with an injection attack could find their customers redirected to a fake site which illegally harvests customer information. The Consequences of Poor Cybersecurity If e-commerce merchants are not prepared to stop malware, DDoS attacks, and other threats, the consequences of a successful attack could be the difference between surviving and ceasing trading. Here’s what businesses could be facing: Lost Revenue – Any downtime to a web server that prevents customers from making a purchase is damaging to online sales and can potentially have a severe impact, especially for smaller organisations. Data Theft – The increase in online shopping during sales periods is a lure for cybercriminals to launch attacks aimed at stealing corporate and customer data. Phishing emails claiming to have information on fake shopping receipts, shipping status, and customer surveys are very popular in the run-up to Christmas. Disruption of Services – DDoS and ransomware attacks can target services that we deem essential. E-commerce sites, public utilities, and schools are just a few examples of their victims. Shutting down access to a service, even for a short period time, can have major financial and social impacts. Cyber Defense eMagazine – January 2021 Edition 74 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Damaged Reputation – Damage can extend beyond short-term financial losses and data theft. Consumer confidence and brand reputation can quickly erode when consumers have a poor online experience. Customers aren’t shy about using social media to express their displeasure. Reduced Productivity – It’s not just customers who feel the impact of a successful attack. If employees can’t access the applications they need to do their jobs, expect to see a drop in productivity with an accompanying rise in undesirable workarounds. Steps to Take Cybersecurity is an everyday concern. Fortunately, there are some things that organisations can do to keep applications, networks, and the business safe from threats, especially during peak online shopping periods. First, look for a solution that provides DDoS detection and mitigation to ensure services are continually available to legitimate users. Hackers have learned how to weaponise IoT devices to launch complex multi-vector and volumetric attacks, capable of bringing down application servers and entire networks. Second, protect web-based applications with web application firewall (WAF) technology. Outdated applications are especially vulnerable to attacks. A WAF will secure them from hackers looking to exploit HTTP and web application-based flaws. Third, find solutions that meet current and future platform needs. Organisations may not have transitioned to the cloud yet, but they’ll likely have some cloud-based apps. They must be sure their solution is ready when the company is ready, whether it is moving to a hybrid cloud or multi-cloud infrastructure. And finally, continue to educate employees on the need for good cyber hygiene. According to a 2019 IBM study, 95% of cybersecurity breaches are caused by human error. With this shift to online a potentially permanent one, e-commerce merchants should expect these sustained levels of activity going forward. Therefore, it’s imperative that e-commerce businesses secure applications, servers, and networks from cyber threats at all times. About the Author As VP EMEA, Anthony Webb is responsible for managing and growing A10’s sales operations, as well as leading the company’s sales and channel strategy across the region. Before joining A10, he served as vice president EMEA of Ixia Technologies, focusing on maintaining Ixia’s position as the leading provider in network testing while driving their leadership status in network visibility. Prior to joining Ixia, he held positions at the vice president and managing director level for Juniper Networks, running sales organizations across EMEA and in the UK. In 2000, he joined Cisco as sales manager for service provider and enterprise verticals in the UK, before serving as enterprise sales director emerging markets with Cisco in MEA, then collaboration sales director emerging markets. He left Cisco in 2011 to return to the UK. Anthony can be reached online at (awebb@a10networks.com) and at our company website https://www.a10networks.com/ Cyber Defense eMagazine – January 2021 Edition 75 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
3 Email Hacking Techniques to Watch
Page 3 and 4:
The Rising Tide of Security Threats
Page 5 and 6:
@MILIEFSKY From the Publisher… Ne
Page 7 and 8:
Welcome to CDM’s January 2021 Iss
Page 9 and 10:
Cyber Defense eMagazine - January 2
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24: 3 Email Hacking Techniques to Watch
Page 25 and 26: 3. Hijacking email threads When Emo
Page 27 and 28: etween the data sets and filter out
Page 29 and 30: The Bottom Line AIOps is a journey,
Page 31 and 32: handle the IT and security challeng
Page 33 and 34: Businesses Must Protect Their Most
Page 35 and 36: Tokenization also allows businesses
Page 37 and 38: Lately, Zero Trust is all the buzz,
Page 39 and 40: Let's look at what's the same. They
Page 41 and 42: Cryptocurrency Ransomware Is on The
Page 43 and 44: commission from you. That is why co
Page 45 and 46: The second national lockdown in Nov
Page 47 and 48: Communication Streaming Challenges
Page 49 and 50: the plaintext ends up with some sig
Page 51 and 52: create new global admins, add them
Page 53 and 54: Cybersecurity Maturity Model Certif
Page 55 and 56: est practices into your core busine
Page 57 and 58: Businesses Should See Security as A
Page 59 and 60: Businesses must increasingly focus
Page 61 and 62: Cybersecurity risk not only help un
Page 63 and 64: - Mapping sensitive data assets (su
Page 65 and 66: ACRR Formula The ACRR is based on t
Page 67 and 68: Development Model This indicated if
Page 69 and 70: About the Author Gyan Prakash is a
Page 71 and 72: Understanding the Industrial IoT Wh
Page 73: E-Merchants: Secure Your Online Sal
Page 77 and 78: IT Automation Software and the Atta
Page 79 and 80: How To Keep Your Children Safe In R
Page 81 and 82: About the Author Nevin Markwart, Ch
Page 83 and 84: The cause? More remote work, fear o
Page 85 and 86: About the Author Jody Paterson is a
Page 87 and 88: Identifying personal data breaches
Page 89 and 90: Brave New World: Safari Content Blo
Page 91 and 92: AdGuard, EasyList and uBlock filter
Page 93 and 94: When Businesses Get Hacked- Who Are
Page 95 and 96: failing to enforce adequate securit
Page 97 and 98: Security and Remote Management: Wha
Page 99 and 100: Looking Ahead to 2021, and Beyond A
Page 101 and 102: workforces and education. However,
Page 103 and 104: About the Authors Steve Hanna is th
Page 105 and 106: As solutions for eXtended Detection
Page 107 and 108: 2. Threats against MSPs, cloud serv
Page 109 and 110: Why 'Thinking Small' Is the Way to
Page 111 and 112: Simplification of micro-segmentatio
Page 113 and 114: commonly used by IT orgs -- can int
Page 115 and 116: ServiceNow Discovery Documentation
Page 117 and 118: Are Your Organization’s Critical
Page 119 and 120: ● Gaining insight into how attack
Page 121 and 122: MITRE Shield introduces active defe
Page 123 and 124: How Next-Gen Identity Governance an
Page 125 and 126:
• performing access reviews and c
Page 127 and 128:
and intent-based authentication pol
Page 129 and 130:
Innovation, Automation and Securing
Page 131 and 132:
management, as well as monitoring c
Page 133 and 134:
Peer-To-Peer Cybersecurity Insights
Page 135 and 136:
Transitioning to Remote Work: The A
Page 137 and 138:
Traqq also performs automatic track
Page 139 and 140:
6. Tool to Prevent Inefficient Task
Page 141 and 142:
Page 143 and 144:
You asked, and it’s finally here
Page 145 and 146:
9 Years in The Making… Thank You
Page 147 and 148:
Page 149 and 150:
show all

Cyber Defense eMagazine January 2021 Edition

Create successful ePaper yourself

Delete template?

Save as template?