The Haunting Horror Story Of Cybercrime

Uploaded on 2018-10-30 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

As the old saying goes, “darkness falls across the land, the midnight hour is close at hand.” Halloween is upon the scene and frightening things are unforeseen. 

Imagine watching a chilling movie depicting a zombie apocalypse or a deadly virus spreading fast across a metropolis, infecting everything in its wake. Sounds like a monstrous scenario? Sounds analogous to a cyber-attack? You could be onto something. Strap yourself in. It’s going to be a bumpy ride.

According to a recent F5 Labs threat analysis, the top application breaches haunting companies right now with rapidly mutating sophistication include payment card theft via web injection (70%), website hacking (26%), and app database hacking (4%).

Frighteningly, further analysis shows that 13% of all web application breaches in 2017 and Q1 2018 were access related. 

This bloodcurdling discovery can be dissected as follows: credentials stolen via compromised email (34.29%), access control misconfiguration (22.86%); credential stuffing from stolen passwords (8.57%), brute force attacks to crack passwords (5.71%), and social engineering theft (2.76). The eerie evidence also shows that applications and identities are the initial targets in 86% of breaches.

Businesses worldwide now face a sense of creeping dread and imminent disruption. Nowadays, they are more prone than ever to terrors such as malware hijacking browsers to sniff or intercept application authentication credentials. Then there are the strains of malware that target financial logins to menace both browser and mobile clients.

There’s no way around it. Getting your cybersecurity posture right is the only way to stay safe. Get it wrong, however, and you’ll get the fright of your life in the shape of EU’s General Data Protection Regulation (GDPR) enforcement. There is definitively nowhere to hide this Halloween if you’re breached or fall short of tightening compliance expectations.

Yet, if scary movies have taught us anything about horror stories, it is to never to scream and run away. As this ghoulish season can overshadow any organisation, it’s imperative that preventative measures are in place to protect vital assets. 

Yes, the findings from F5 Labs may paint a bleak picture but there are plenty of preventative measures you can take to improve your security posture and safeguard your employees’ applications and sensitive data: 

• Understand your threat environment and prioritise defences against grave risk concerns. Know which applications are important and minimise your attack surface. Remember, an app’s surface is broadening all the time, encompassing multiple tiers and the ever-increasing use of application programming interfaces (APIs) to share data with third parties.

• Use data to drive your risk strategy and identify what attackers would typically target. Beware that any part of an application service visible on the Internet will be probed by fiendish hackers for possible exploitation.

• Configure your network systems properly or suffer the consequences of applications leaking internal and infrastructure information, including server names, private network addresses, email addresses, and even usernames. This is all valuable ammunition for a horrible hacker to carry out an attack.

• Be aware of common threats including DDoS attacks, ransomware, malware, phishing, and botnets. Ensure your IT response strategies are built to adapt and update in line with new vulnerabilities and threats will invariably improve survival rates.

• Implement a strong set of easily manageable and powerful security solutions such as an advanced web application firewall (AWAF). This type of technology is extremely scalable and can protect against the latest wave of attacks using behavioural analytics, proactive bot defence, and application-layer encryption of sensitive data like personal credentials.

• Ensure the company enforces a proactive culture of security and educates employees on policy, device management, as well as safe internet and cloud usage.

• When travelling on business, ensure staff never conduct financial transactions requiring a debit or credit card when using public or free Wi-Fi services. Never assume mobiles and laptop devices are safe, even at the local coffee bar.

• Change your passwords regularly (i.e. every month). This is especially important after travel. Devices may have been compromised during transit.

• Always perform regular data backups on approved devices and/or secure cloud platforms to ensure sensitive information is not lost or stolen and can be quickly recovered in the event of an attack.

• Remember, careless employees who feel they are unaccountable for the loss of work devices can damage business reputations.

The Grim Reality

Remember this is the time of year when “creatures crawl in search of blood to terrorize the neighbourhood”. Whether you’re expecting a trick or treat this Halloween, neglecting cybersecurity is certain to have ghastly consequences.

The business world is littered with victims of cybercrime, so don’t get consigned to the grievous graveyard of cyber fraud. Know what makes your apps vulnerable and how they can be attacked. 

Makes sure you put the right solutions in place to lower your risk. Now is the time to stop being haunted by cybercriminals draining the lifeblood out of your business.

ISBuzz News:

You Might Also read:

Guide To All Things Criminal On The Web

« Amazon Scraps AI Recruiting Tool That Showed Bias Against Women
Britain To Spend Up To £1B Extra On Cyber Warfare »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North European Cybersecurity Cluster (NECC)

North European Cybersecurity Cluster (NECC)

NECC promotes information security and cybersecurity-related cooperation and collaboration in the Northern European region in order to enhance integration into the European Digital Single Market.

Taoglas

Taoglas

Taoglas Next Gen IoT Edge software provides a pay as you go platform for customers to connect, manage and maintain their edge devices in an efficient and secure way.

e.Kraal Innovation Hub

e.Kraal Innovation Hub

e.Kraal is a Cybersecurity Innovation Hub whose mission is to secure the future of Cybersecurity in Kenya by accelerating innovation and creativity in the cyberspace ecosystem.

Thridwayv

Thridwayv

Thirdwayv helps your enterprise realize the full potential of loT connectivity. All while neutralizing security threats that can run ruin the customer experience - and your reputation.

Prove Identity

Prove Identity

Prove (formerly Payfone) is a leader in mobile & digital identity authentication for the connected world.

Selectron Systems

Selectron Systems

Selectron offers system solutions for automation in rail vehicles and support in dealing with your railway cyber security challenges.

World Informatix Cyber Security (WICS)

World Informatix Cyber Security (WICS)

World Informatix Cyber Security provides a range of cyber security services to protect valuable information assets to global business and governments.

KryptoKloud

KryptoKloud

KryptoKloud offer a suite of Managed Services including Security Monitoring and Incident Response as well as a full portfolio of Compliance, Governance and Audit solutions.

Raxis

Raxis

Raxis is a cybersecurity company that hacks into computer networks and physical structures to perform penetration tests, assessing corporate vulnerability to real-world threats.

Narf Industries

Narf Industries

Narf Industries are a small group of reverse engineers, vulnerability researchers and tool developers that specialize in tailored solutions for government and large enterprises.

CDS

CDS

CDS is a strategic change agency enabling organisations and businesses to create and build better services to meet the evolving needs of customers, employees and citizens.

Buzz Cybersecurity

Buzz Cybersecurity

Buzz Cybersecurity systems and services are designed to proactively guard against common and uncommon cyber threats.

The Cyber Scheme

The Cyber Scheme

The Cyber Scheme provides NCSC certified and assured assessments, training and career support for security testers & technical cyber professionals.

StackGen

StackGen

StackGen (formerly appCD) automatically generates Infrastructure from Code (IfC) based on application code with golden standards applied.

SSL2BUY

SSL2BUY

SSL2BUY is a leading SSL certificate provider, authorized to sell top CA brands like Comodo, DigiCert, GlobalSign, Thawte, GeoTrust and more.

ITConnexion

ITConnexion

ITConnexion is an Australian-based Managed IT Service with over 20 years of experience. We offer a complete IT management service for non-profits, SMEs, and enterprises.