Category Archives: Internet Security
Types of Cyber Attacks You Should Be Aware of in 2024 – Simplilearn
Life today has become far more comfortable because of various digital devices and the internet to support them. There is a flip side to everything good, and that also applies to the digital world today. The internet has brought in a positive change in our lives today, but with that, there is also an enormous challenge in protecting your data. This gives rise to cyber attacks. In this article, we will discuss the different types of cyber attacks and how they can be prevented.
There are many varieties of cyber attacks that happen in the world today. If we know the various types of cyberattacks, it becomes easier for us to protect our networks and systems against them. Here, we will closely examine the top ten cyber-attacks that can affect an individual, or a large business, depending on the scale.
Elevate your cybersecurity acumen with our intensive Cyber security Bootcamp, where you'll delve into the diverse landscape of cyber attacks. From phishing to malware, ransomware to DDoS attacks, our comprehensive program equips you with the skills to anticipate, prevent, and mitigate a wide range of threats.
Lets start with the different types of cyberattacks on our list:
This is one of the most common types of cyberattacks. Malware refers to malicious software viruses including worms, spyware, ransomware, adware, and trojans.
The trojan virus disguises itself as legitimate software. Ransomware blocks access to the network's key components, whereas Spyware is software that steals all your confidential data without your knowledge. Adware is software that displays advertising content such as banners on a user's screen.
Malware breaches a network through a vulnerability. When the user clicks a dangerous link, it downloads an email attachment or when an infected pen drive is used.
Lets now look at how we can prevent a malware attack:
Phishing attacks are one of the most prominent widespread types of cyberattacks. It is a type of social engineering attack wherein an attacker impersonates to be a trusted contact and sends the victim fake mails.
Unaware of this, the victim opens the mail and clicks on the malicious link or opens the mail's attachment. By doing so, attackers gain access to confidential information and account credentials. They can also install malware through a phishing attack.
Phishing attacks can be prevented by following the below-mentioned steps:
It is a form of attack wherein a hacker cracks your password with various programs and password cracking tools like Aircrack, Cain, Abel, John the Ripper, Hashcat, etc. There are different types of password attacks like brute force attacks, dictionary attacks, and keylogger attacks.
Listed below are a few ways to prevent password attacks:
A Man-in-the-Middle Attack (MITM) is also known as an eavesdropping attack. In this attack, an attacker comes in between a two-party communication, i.e., the attacker hijacks the session between a client and host. By doing so, hackers steal and manipulate data.
As seen below, the client-server communication has been cut off, and instead, the communication line goes through the hacker.
MITM attacks can be prevented by following the below-mentioned steps:
A Structured Query Language (SQL) injection attack occurs on a database-driven website when the hacker manipulates a standard SQL query. It is carried by injecting a malicious code into a vulnerable website search box, thereby making the server reveal crucial information.
This results in the attacker being able to view, edit, and delete tables in the databases. Attackers can also get administrative rights through this.
To prevent a SQL injection attack:
A Denial-of-Service Attack is a significant threat to companies. Here, attackers target systems, servers, or networks and flood them with traffic to exhaust their resources and bandwidth.
When this happens, catering to the incoming requests becomes overwhelming for the servers, resulting in the website it hosts either shut down or slow down. This leaves the legitimate service requests unattended.
It is also known as a DDoS (Distributed Denial-of-Service) attack when attackers use multiple compromised systems to launch this attack.
Lets now look at how to prevent a DDoS attack:
As the name suggests, an insider threat does not involve a third party but an insider. In such a case; it could be an individual from within the organization who knows everything about the organization. Insider threats have the potential to cause tremendous damages.
Insider threats are rampant in small businesses, as the staff there hold access to multiple accounts with data. Reasons for this form of an attack are many, it can be greed, malice, or even carelessness. Insider threats are hard to predict and hence tricky.
To prevent the insider threat attack:
The term Cryptojacking is closely related to cryptocurrency. Cryptojacking takes place when attackers access someone elses computer for mining cryptocurrency.
The access is gained by infecting a website or manipulating the victim to click on a malicious link. They also use online ads with JavaScript code for this. Victims are unaware of this as the Crypto mining code works in the background; a delay in the execution is the only sign they might witness.
Cryptojacking can be prevented by following the below-mentioned steps:
A Zero-Day Exploit happens after the announcement of a network vulnerability; there is no solution for the vulnerability in most cases. Hence the vendor notifies the vulnerability so that the users are aware; however, this news also reaches the attackers.
Depending on the vulnerability, the vendor or the developer could take any amount of time to fix the issue. Meanwhile, the attackers target the disclosed vulnerability. They make sure to exploit the vulnerability even before a patch or solution is implemented for it.
Zero-day exploits can be prevented by:
The victim here is a particular group of an organization, region, etc. In such an attack, the attacker targets websites which are frequently used by the targeted group. Websites are identified either by closely monitoring the group or by guessing.
After this, the attackers infect these websites with malware, which infects the victims' systems. The malware in such an attack targets the user's personal information. Here, it is also possible for the hacker to take remote access to the infected computer.
Let's now see how we can prevent the watering hole attack:
An attacker impersonates someone or something else to access sensitive information and do malicious activities. For example, they can spoof an email address or a network address.
Perform to steal or manipulate others' personal information, like login someone's PINs to steal unauthorized access to their systems.
Performed by inserting malicious code into a software application to manipulate data. For example, the attacker puts malicious code into a SQL database to steal data.
Exploit software or hardware supply chain vulnerabilities to collect sensitive information.
Attacker uses the Domain Name System (DNS) to bypass security measures and communicate with a remote server.
Cyberattack in which an attacker manipulates the DNS records from a website to control its traffic.
Exploit vulnerabilities in the Internet of Things (IoT), like smart thermostats and security cameras, to steal data.
Encrypt the victim's data and demands payment in exchange.
Flood a website with traffic to make it unavailable to legitimate users and to exploit vulnerabilities in the specific network.
Send unauthentic emails to spread phishing scams.
Hackers use stolen login credentials to access others' bank accounts.
Hackers get close to a bank's computer systems to withdraw large amounts of cash from ATMs.
Target high-profile individuals like executives or celebrities using sophisticated social engineering techniques to get sensitive information.
Target specific individuals or groups under an organization. Attackers use social engineering techniques to get sensitive information.
A web browser interprets a URL (Uniform Resource Locator) and requests the corresponding web page to exploit vulnerabilities in the URL interpretation.
The hacker gets access to a user's session ID to authenticate the user's session with a web application and take control of the user's session.
An attacker gets unauthorized access to a system by trying various passwords until the correct one is found. It can be highly effective against weak passwords.
Targets websites and can insert SQL injection, cross-site scripting (XSS) and file inclusion.
Malware that appears to be a legitimate program but which contains malicious code. Once installed, it can perform malicious actions like stealing data and controlling the system.
The user's system is flooded with malware by visiting its compromised website to exploit vulnerabilities in other software to insert the malware without the user's knowledge.
An attacker inserts unauthorized code into a legitimate website to access the user's information to steal sensitive information like the user's passwords and credit card details.
An attacker intercepts communication between two parties to access sensitive information.
A cryptographic attack exploits the birthday paradox to access a collision in a hash function. The attacker successfully generates two inputs to get the same output hash value. This can be used to compromise to bypass access controls.
The attacker floods a system with heavy data to make it inaccessible to legitimate users. For instance, DDoS attacks in which various compromised computers flood a specific website with traffic to crash it.
Exploits vulnerabilities in network protocols to gain unauthorized access to a system or disrupt its regular operation. Examples include the Transmission Control Protocol (TCP) SYN Flood attack and the Internet Control Message Protocol (ICMP) Flood attack.
Targets the application layer of a system, aiming to exploit vulnerabilities in applications or web servers.
An attacker attempts to guess a user's password by trying a list of common words. This attack becomes successful because many users use weak or easy passwords.
Malicious software can replicate itself and spread to other computers. Viruses can cause significant damage to systems, corrupt files, steal information, and more.
Replicates itself and spreads to other computers, but unlike viruses, worms don't require human interaction.
This vulnerability allows attackers to bypass standard authentication procedures and gain unauthorized access to a system or network.
These software programs automate network or internet tasks. They can be used for malicious purposes, such as Distributed Denial of Service (DDoS) attacks.
Targets businesses and organizations by using email. The attackers impersonate a trusted source to trick the victim into transferring funds or sensitive information to the attacker.
Targets web applications by injecting malicious code into a vulnerable website to steal sensitive information or to perform unauthorized attacks.
Use artificial intelligence and machine learning to bypass traditional security measures.
Provide attackers privileged access to a victim's computer system. Rootkits can be used to hide other types of malware, such as spyware or keyloggers, and can be challenging to detect and remove.
Is malware designed to collect sensitive information from a victim's computer system. This can include passwords, credit card numbers, and other sensitive data.
is a technique cybercriminals use to manipulate users to make them divulge sensitive information or perform actions that are not in their best interest.
Is a malware designed to capture keystrokes a victim enters on their computer system. This can include passwords, credit card numbers, and other sensitive data.
Are networks of compromised computers controlled by a single attacker. Botnets can launch distributed denial of service (DDoS) attacks, steal sensitive information, or perform other malicious activities.
Is malware designed to steal sensitive information and spread it to other computers on a network. Emotet is often spread through phishing emails and can be very difficult to detect and remove.
Is malware that displays unwanted advertisements on a victim's computer system. Adware can be annoying and disruptive, but it's generally less harmful than other types of malware.
Doesnt rely on files to infect a victim's computer system. Instead, fileless malware executes malicious code using existing system resources, such as memory or registry keys.
Target individuals or organizations using highly targeted and personalized emails. Angler phishing attacks can be difficult to detect and are often successful in stealing sensitive information.
Is a cyberattack characterized by long-term, persistent access to a victim's computer system. APT attacks are highly sophisticated and difficult to detect and remove.
See more here:
Types of Cyber Attacks You Should Be Aware of in 2024 - Simplilearn
One small update brought down millions of IT systems around the world. Its a timely warning – The Conversation
This weekends global IT outage caused by a software update gone wrong highlights the interconnected and often fragile nature of modern IT infrastructure. It demonstrates how a single point of failure can have far-reaching consequences.
The outage was linked to a single update automatically rolled out to Crowdstrike Falcon, a ubiquitous cyber security tool used primarily by large organisations. This caused Microsoft Windows computers around the world to crash.
CrowdStrike has since fixed the problem on their end. While many organisations have been able to resume work now, it will take some time for IT teams to fully repair all the affected systems some of that work has to be done manually.
Many organisations rely on the same cloud providers and cyber security solutions. The result is a form of digital monoculture.
While this standardisation means computer systems can run efficiently and are widely compatible, it also means a problem can cascade across many industries and geographies. As weve now seen in the case of CrowdStrike, it can even cascade around the entire globe.
Modern IT infrastructure is highly interconnected and interdependent. If one component fails, it can lead to a situation where the failed component triggers a chain reaction that impacts other parts of the system.
As software and the networks they operate in becomes more complex, the potential for unforeseen interactions and bugs increases. A minor update can have unintended consequences and spread rapidly throughout the network.
As we have now seen, entire systems can be brought to a grinding halt before the overseers can react to prevent it.
When Windows computers everywhere started to crash with a blue screen of death message, early reports stated the IT outage was caused by Microsoft.
In fact, Microsoft confirmed it experienced a cloud services outage in the Central United States region, which began around 6pm Eastern Time on Thursday, July 18 2024.
This outage affected a subset of customers using various Azure services. Azure is Microsofts proprietary cloud services platform.
The Azure outage had far-reaching consequences, disrupting services across multiple sectors, including airlines, retail, banking and media. Not only in the United States but also internationally in countries like Australia and New Zealand. It also impacted various Microsoft 365 services, including PowerBI, Microsoft Fabric and Teams.
As it has now turned out, the entire Azure outage could also be traced back to the CrowdStrike update. In this case it was affecting Microsofts virtual machines running Windows with Falcon installed.
Dont put all your IT eggs in one basket.
Companies should use a multi-cloud strategy: distributing their IT infrastructure across multiple cloud service providers. This way, if one provider goes down, the others can continue to support critical operations.
Companies can also ensure their business continues to operate by building in redundancies into IT systems. If one component goes down, others can step up. This includes having backup servers, alternative data centres, and failover mechanisms that can quickly switch to backup systems in the event of an outage.
Automating routine IT processes can reduce the risk of human error, which is a common cause of outages. Automated systems can also monitor for potential issues and address them before they lead to significant problems.
Training staff on how to respond when outages occur can manage a difficult situation back to normal. This includes knowing who to contact, what steps to take, and how to use alternative workflows.
Its highly unlikely the worlds entire internet could ever go down due to the distributed and decentralised nature of the internets infrastructure. It has multiple redundant paths and systems. If one part fails, traffic can be rerouted through other networks.
However, the potential for even larger and more widespread disruptions than the CrowdStrike outage does exist.
The catalogue of possible causes reads like the script of a disaster movie. Intense solar flares, similar to the Carrington Event of 1859 could cause widespread damage to satellites, power grids, and undersea cables that are the backbone of the internet. Such an event could lead to internet outages spanning continents and lasting for months.
Read more: Solar storms that caused pretty auroras can create havoc with technology heres how
The global internet relies heavily on a network of undersea fibre optic cables. Simultaneous damage to multiple key cables whether through natural disasters, seismic events, accidents, or deliberate sabotage could cause major disruptions to international internet traffic.
Sophisticated, coordinated cyber attacks targeting critical internet infrastructure, such as root DNS servers or major internet exchange points, could also cause large-scale outages.
While a complete internet apocalypse is highly unlikely, the interconnected nature of our digital world means any large outage will have far-reaching impacts, because it disrupts the online services weve grown to depend upon.
Continual adaptation and preparedness are vitally important to ensure the resilience of our global communications infrastructure.
Read the rest here:
One small update brought down millions of IT systems around the world. Its a timely warning - The Conversation
Can We Survive Without Internet? – hackernoon.com
What would happen if, in the course of some war or conflict, China or Russia or some other rogue actor decide to disrupt the internet? The entire world relies on technology and inter-connectivity. If this global system collapses, would it be catastrophic or manageable?
Disrupting the internet on a global scale would involve targeting critical network infrastructure such as undersea cables, internet exchange points (IXPs), and major data centers which China and Russia are likely capable of doing.
Many regions would immediately lose connectivity, especially those heavily dependent on international data links. Even if not completely severed or entirely disrupted, bad network performance would lead to significant slowdowns and congestion due to rerouted traffic. Key online services, including cloud computing platforms, would certainly be disrupted, affecting businesses and individuals reliant on these important services.
Naturally, such a disruption will expose vulnerabilities in data security and integrity and attackers would likely exploit the chaos to breach sensitive data.
Significant data loss could occur if disruptions affect data centers, and it is highly likely that encrypted communications will be intercepted or disrupted, affecting secure data transfer.
In the event of such a catastrophic internet meltdown, IT operations would face numerous challenges. Hopefully, the IT guys are prepared for such a scenario.
Companies generally need robust incident response plans to quickly adapt to the changing network landscape - even more so in the event of a catastrophic internet breakdown. This means ensuring that backup systems are up-to-date and capable of handling increased loads or manual failovers.
IT teams would need to be on the lookout and maintain heightened vigilance against cyber-attacks such as phishing, malware, or ransomware attacks.
Of course, this is just the tech side of it.
The deliberate disruption of the internet would be seen as a highly provocative act and would require a serious international response.
The European Union and the United States, among other countries, will be expected to leverage severe diplomatic repercussions with widespread international condemnation and potential sanctions.
Cyber warfare, as real as it is now, may escalate into broader warfare, and affected nations will likely need to respond with retaliatory cyber-attacks, if there is any internet at all.
An attack on the internet by a rogue nation would likely lead to new alliances, cybersecurity treaties, and agreements among other countries.
Of course, it goes without saying that a large-scale internet disruption would have far-reaching economic consequences.
Global trade and supply chains will be heavily disrupted, affecting everything from financial markets to logistics. Businesses can expect significant economic losses due to the halt of online business operations and services.
Without a doubt, there will be massive upheaval in global stock markets due to uncertainty and loss of confidence.
The societal implications of such an event would be profound.
There would likely be widespread public panic and social unrest due to loss of access to information and communication tools.
As reliable news sources become inaccessible, we can expect to see an increase in misinformation and propaganda being spread.
It should be clear by now that the disruption of the internet would have a cascade of effects, from technical and operational challenges to significant geopolitical and societal impacts. Both IT experts and foreign affairs specialists would need to work together to navigate the immediate crisis and to develop strategies for enhancing resilience and security in the long term.
If anything, this proves that the global dependency on internet infrastructure is dangerous and there is a need for resilient, decentralized alternatives.
Read more:
Can We Survive Without Internet? - hackernoon.com
Fraud Alert: Beware! 7% of All Internet Traffic Is Malicious – Moneylife
The internet has come a long way from its idealistic beginnings. The history of the internet has its origin in the efforts of scientists and engineers to build and interconnect computer networks since the 1950s. In 1974, Vint Cerf and Bob Kahn published a research note that evolved into transmission control protocol (TCP) and internet protocol (IP). However, it was British computer scientist Tim Berners-Lee, whose research at CERN in Switzerland resulted in www or world wide web, which linked hypertext documents into an information system that could be accessed from any node on the network. The rest, as they say, is history.
However, since the very beginning, scientists and engineers aimed to build networks for sharing information freely. Since these initial networks used for information sharing were known and trusted, they did not pay enough attention to the security aspect of data transfer. Although, in later years, scientists and engineers developed several protocols and measures for internet security, the basics remain the same. In other words, internet security will continue to stay in an evolving state, forever.
According to Cloudflare, during the past quarter, half of all hypertext transfer protocol (HTTP) DDoS attacks (DDoS attacks designed to overwhelm a targeted server with HTTP requests) were mitigated using proprietary heuristics that targeted botnets known to Cloudflare. "Another 29% were HTTP DDoS attacks that used fake user agents, impersonated browsers or were from headless browsers. An additional 13% had suspicious HTTP attributes, which triggered our automated system, and 7% were marked as generic floods. One thing to note is that these attack vectors, or attack groups, are not necessarily exclusive and known botnets also impersonate browsers and have suspicious HTTP attributes."
Information technology (IT) and services were ranked as the most targeted industry in the second quarter of 2024. Telecommunications, services providers and the carrier sector came in second. Consumer goods came in third place.
What is more worrying is that one out of every 25 respondents (customers) told Cloudflare that DDoS attacks against them were carried out by state-level or state-sponsored threat actors.
"Almost 75% of respondents reported that they did not know who attacked them or why. Of the respondents who claim they did know, 59% said it was a competitor who attacked them. Another 21% said the DDoS attack was carried out by a disgruntled customer or user, and another 17% said that the attacks were carried out by state-level or state-sponsored threat actors. The remaining 3% reported it being a self-inflicted DDoS attack," the report says.
According to Cloudflare, threat actor sophistication fuels the continued increase in DDoS attacks. It says, "In the first half of 2024, we mitigated 8.5mn (million) DDoS attacks, including 4.5mn in the first quarter (Q1) and 4mn in Q2. Overall, the number of DDoS attacks in Q2 decreased by 11% quarter-over-quarter (q-o-q) but increased 20% year-over-year."
"For context, in 2023, we mitigated 14mn DDoS attacks, and halfway through 2024, we have already mitigated 60% of last year's figure. Cloudflare successfully mitigated 10.2trn (trillion) HTTP DDoS requests and 57 petabytes of network-layer DDoS attack traffic, preventing it from reaching our customers' origin servers," it added.
Cloudflare says this ten-fold difference underscores the dramatic change in the threat landscape. "The tools and capabilities that allowed threat actors to carry out such randomised and sophisticated attacks were previously associated with capabilities reserved for state-level actors or state-sponsored actors. But, coinciding with the rise of generative artificial intelligence (AI) and autopilot systems that can help actors write better code faster, these capabilities have made their way to the common cyber-criminal."
According to the report, Libya ranked as the largest source of DDoS attacks in the second quarter of 2024, followed by Indonesia and the Netherlands. China is ranked the most attacked country in the world. After China, Turkey came second, followed by Singapore, Hong Kong, Russia, Brazil, and Thailand.
"Despite the majority of attacks being small, the number of larger volumetric attacks has increased. One out of every 100 network-layer DDoS attacks exceed 1mn packets per second (pps), and two out of every 100 exceed 500GBps (gigabits per second). On layer 7, four out of every 1,000 HTTP DDoS attacks exceed 1mn requests per second," Cloudflare says.
The majority of DDoS attacks are small and quick. However, Cloudflare says even these attacks can disrupt online services that do not follow best practices for DDoS defence. "Furthermore, threat actor sophistication is increasing, perhaps due to the availability of generative AI and developer copilot tools, resulting in attack code that delivers DDoS attacks that are harder to defend against."
However, Cloudflare is not the only one that blocks malicious DDoS attacks. For two days in August 2023, Amazon Web Services (AWS) detected a spike in HTTP/2 requests to Amazon CloudFront. HTTP/2 allows for multiple distinct logical connections to be multiplexed over a single HTTP session.
Last year in October, Google Cloud thwarted a DDoS attack that was seven and a half times bigger than it faced in 2022. The attackers used new techniques to try to disrupt websites and internet services.
While protecting against DDoS attacks can be challenging for common users, here are some steps that can be taken to mitigate the risk...
1. Use a reliable internet service provider (ISP)
ISP with DDoS protection: Choose an ISP that offers DDoS protection services. Many ISPs have built-in safeguards to detect and mitigate DDoS attacks.
2. Enable firewall and security features
Ensure that your router's firewall is enabled to block unauthorised traffic.
Use software (intrusion detection systems -IDS) that can detect unusual behaviour patterns, indicating a potential attack.
3. Keep software updated
Regularly update the firmware of your router and other network devices.
Ensure all software, including operating systems and applications, are up-to-date with the latest security patches.
4. Use strong passwords
Use complex, unique passwords for your router, network, and online accounts to prevent unauthorised access.
Enable multi-factor authentication (MFA) where possible to add an extra layer of security.
5. Implement network segmentation
Use different networks for different purposes (for example, guest network, intenet of things (IoT) devices) to limit the spread of an attack.
6. Use a VPN
A virtual private network (VPN) can help protect your IP address from being exposed, making it harder for attackers to target you.
7. Monitor network traffic
Use tools to monitor network traffic for unusual activity, which can indicate an ongoing attack.
Set up alerts for any abnormal spikes in traffic.
8. Educate yourself
Understand the basics of DDoS attacks and how they work.
Keep up-to-date with the latest security news and trends.
9. Utilise DDoS protection services
Consider using third-party DDoS protection services, especially if you run a website or an online service. Services like Cloudflare, Akamai, or AWS Shield can help mitigate attacks.
10. Regular backups
Regularly back up important data to recover quickly in case of an attack.
Have a disaster recovery plan in place for how to respond if an attack occurs.
Implementing these measures can significantly reduce your vulnerability to DDoS attacks and enhance overall network security.
Stay Alert, Stay Safe!
Read the original here:
Fraud Alert: Beware! 7% of All Internet Traffic Is Malicious - Moneylife
NCD Pledges Strong Push to Improve Internet Routing Security – MeriTalk
National Cyber Director (NCD) Harry Coker is promising a strong effort by the Federal government to shore up internet router security particularly in the area of Border Gateway Protocol (BGP) rules that determine the best network route for data transmission on the internet in light of attacks over the past 15 years that have leveraged weak BGP security.
Coker made that commitment at a May 23 meeting of the National Security Telecommunications Advisory Committee (NSTAC). The committee is housed within the Cybersecurity and Infrastructure Security Agency (CISA) and is made up of private sector experts who advise the White House on telecommunications issues that affect national security and emergency preparedness.
During his remarks, Coker said the security effort centers around increasing the Federal governments adoption of Resource Public Key Infrastructure (RPKI), which he said is an existing and available security upgrade through which we can ensure that BGP hijacking is a thing of the past.
While RPKI technology has been around for more than a decade, it was only recently that a bare majority of global Internet addresses were appropriately registered in RPKI to allow internet service providers to filter false routing advertisements and prevent attempts to hijack them, the NCD said.
On the government front, Coker said were working with interagency partners and the private sector on a roadmap to drive RPKI adoption across the board.
As part of that effort, he said several Commerce Department component agencies two weeks ago signed model contracts Registration Service Agreements to register their address space and create route origin authorizations, or ROAs.
Those contracts, he said, are based on work done by the National Oceanic and Atmospheric Administration (NOAA), and are models for other agencies across the government to follow.
Coker said hes looking for strong progress on the effort this year.
By the end of the year, we expect over 50 percent of the Federal advertised IP space to be covered by Registration Service Agreements, paving the way to establish ROAs for Federal networks, he told the NSTAC.
We recognize that implementing RPKI is a first step in improving internet routing security, Coker said. Collectively, we have much more to do to secure the technical foundations of the Internet going forward, and we look forward to the government and private sector working together to address these critical challenges.
During his NSTAC presentation, Coker recounted BGP security problems stretching back as far as 2008, and a finding from 2018 that internet traffic from western countries was being routed far out of its way through servers in China.
More recently, we have seen the sophistication of BGP hijacks increase, Coker said. These hijacks are often used as stepping-stone attacks to subvert other foundational Internet Protocols, including domain name systems and the web public key infrastructure. The end objective of these BGP attacks is often to gather account credentials or install malware used to steal cryptocurrency. Recent incidents have resulted in losses in the millions of dollars.
Read the original post:
NCD Pledges Strong Push to Improve Internet Routing Security - MeriTalk
Hays cyber expert discusses security in light of attacks – Hays Post
By CRISTINA JANNEYHays Post
Multiple cyberattacks have hit Kansas in recent weeks.
The City of Wichita and Via Christi Hospital in Wichita were affected, and Trego County Lemke Memorial Hospital announced Tuesday it was the subject of a ransomware attack.
Dallas Haselhorst, owner of TreeTop Security in Hays, discussed cyber threats and prevention on Thursday on Eagle Radio's Morning Blend show.
Haselhorst said everyone is vulnerable to cyberattacks.
"It's definitely one of those things that now that technology has become so ubiquitous to everything we do that if you are connected to the internet, in any way, shape, or form, there's a good chance that you could be attacked in some way, shape or form," Haselhorst said.
Haselhorst said hackers are not just after big companies and government agencies.
"We have done [incident responses] for billion dollar companies that are multinational. The smallest response we did was a local business here that had a total of four computers," he said. "It can absolutely affect anyone."
Haselhorst said prevention is the best action.
"I always tell people if you want to be secure, you should have started six months ago," he said, "because it's not an overnight thing even in small environments and businesses we work with. It can take a few months to get them more secure there's no such thing as 100 percent."
He suggested working with a company that can offer comprehensive services and is not just a reseller of hardware, firewalls and software.
He said to look for frameworks and best practices developed by the National Institute of Standards in Technology or the Center for Internet Security.
"You have a burglar that could go through a 20-foot brick wall, or they could go to the house that has an unlocked door. Which one are they going to do?" Haselhorst said. "They are going to do the unlocked door every single time, regardless of what's inside."
"You need to get your doors all locked and do some basic security measures so the attacker bangs on the door enough and decides it's not worth it and goes to the next one that's a lot easier," he said.
Some basics of securing medical data or energy systems are the same for small companies with sales data.
Although security measures can be expensive, much of what TreeTop does also brings businesses into compliance with regulations.
If a business that accepts credit cards or digital payments is breached, it is liable for any data that might be compromised, Haselhorst said.
"You are basically out of business because you will fined out of business," he said.
Sometimes, cyber security comes down to people.
"If I'm an attacker, why would I go through all of these hoops if I could simply call up Cristina and act like I'm the IT help desk?" Haslehorst said. "'Hey, Cristina, it looks like you got locked out of your account. I can help with that. What's your old password?'"
Unfortunately, Haselhorst said often those tactics work.
"Your people can be the weakest link," he said. "Your people can also be the strongest link."
TreeTop offers free cybersecurity training.
If a hacker makes it past all of the technical barriers, but an employee is adequately trained to recognize phishing attempts, they can stop the hacker, Haselhorst said.
Haselhorst described a phishing attack in which a hacker posed as someone high in a company. A hacker sent 73 emails within 30 minutes, but several employees alerted cybersecurity of the emails.
Those emails were blocked and labeled as missed attacks, which helped train the AI security program, and the emails were removed from users' accounts.
As a user or consumer, there's not much you can do if an entity you do business with has been attacked, Haslehorst said.
However, if you are a business, he recommends cutting digital ties with the affected business or entity. He said he helped some companies do this when the Kansas court system was a cyberattack victim.
Businesses can also limit access to networks and data without completely cutting ties.
If an affected business or entity offers you free ID protection or credit monitoring, Haselhorst said it can help in some regards, but your information is already out there.
He did not suggest buying ID theft protection/credit monitoring.
"It's a running joke among cybersecurity professions, don't buy credit monitoring because your next free year is right around the corner because there's going to be another breech from someone," he said.
"Unfortunately, that's the world we live in that your data is all over the place. Once that cat's out of the bag, it's really hard to put it back in," Haselhorst said.
He suggested watching credit reports and card transactions and signing up for transaction alerts.
He also recommends having regular discussions with your spouse or anyone else on your bank or credit card about charges so you can better track transactions and spot fraud.
Read this article:
Hays cyber expert discusses security in light of attacks - Hays Post
The Minnesota Vikings have the same internet password as your parents – SB Nation
Its that time of year in the NFL calendar where teams are releasing behind-the-scenes videos from their war rooms, and the decision making that went into the draft picks. This can often lead to some interesting discoveries like how bad the Vikings internet security is.
This comes to us from the teams video about picking J.J. McCarthy and Dallas Turner. You can freeze the video at 15:02 and double check, but yes its the same WiFi password that your parents used ten years ago, but even theyre wise enough know to have a little more security.
Now, before you get all huffy and say this is common for a guest password, please keep in mind that the footage is from INSIDE THE VIKINGS WAR ROOM. This isnt a public lobby or a meeting room, but one of the most closely-guarded areas during draft season. Its not outside the realm of possibility to imagine someone cracking this basic-ass password and gaining access to all sorts of documents on the Vikings network. You know if this is their password then someone out there is keeping the big board in a shared folder.
Never change. Actually please change, but just your password. That really needs to be changed.
Read this article:
The Minnesota Vikings have the same internet password as your parents - SB Nation
How to install antivirus and scan your computer – Komando.com – Komando
If youre online, youre at risk, plain and simple. Theres more out there after your info and wallet than you realize, from phishing scams to ransomware and malicious apps to malware.
Thats why its critical to protect your personal and business devices correctly. When it comes to your computer, tablet and phone, you need a robust security suite.
You can find free antivirus software online or in the various app stores, but can you trust it? Remember, when something is free, you are the product. At best, these free solutions dont work very well. At worst, they are the malicious software you need to worry about.
Instead of doing a Google search and hoping for the best, go with Kims pick for total online security, our sponsor, TotalAV.
TotalAVs industry-leading security suite is easy to use and offers the best protection in the business. Its received the renowned VB100 award for detecting over 99% of malware samples for the last three years.
Not only do you get continuous protection from the latest threats, but its AI-driven Web Shield browser extension blocks dangerous websites automatically, and its Junk Cleaner can help you quickly clear out your old files.
Kim has arranged a deal for Komando listeners to make it even sweeter. Right now, get an annual plan of TotalAV Internet Security for only $19 at ProtectWithKim.com. Thats over 85% off the regular price.
Step one is signing up for an account. To sign up for TotalAV, go to ProtectWithKim.com. Fill out your details and payment info, and youre all set. You get a year of protection on five devices for just $19.
After that, youll be prompted to install the TotalAV software. From here, youre just a few clicks away from protecting your Windows PC, Mac, Android or iPhone.
Throughout the process, you must allow full access to your system. This will enable TotalAV to scan for malware and thoroughly review junk files. This step is easy, too. The on-screen prompts will walk you through what permissions to allow.
You can scan your system after following all the on-screen steps and allowing appropriate permissions. Open TotalAV and from the Dashboard, hit Run a Smart Scan. It doesnt take long for TotalAV to scan for malware, junk files, duplicate files, startup programs, web browser data, data breaches and tracking cookies.
After the scan is complete, you can click to get more details on any suspected threats. Then, youre good to go. TotalAV works in the background to protect your devices, and you can run a scan whenever you choose.
Were willing to bet the process is even easier than you thought. There are a lot of threats online, but TotalAV makes it easy to stay safe. What are you waiting for? Get an annual plan of TotalAV Internet Security for only $19 at ProtectWithKim.com.
Go here to read the rest:
How to install antivirus and scan your computer - Komando.com - Komando
Report reveals cybersecurity anxiety among Australians – IT Brief Australia
The .au Domain Administration (auDA) has unveiled its Digital Lives of Australians 2024 report, highlighting the crucial role of the internet in Australian society while also drawing attention to increasing cyber security concerns.
Based on a survey that involved 1,500 consumers and 400 small businesses, the report reveals that nearly all Australian consumers (99%) and the majority of small businesses (97%) find significant value in using the internet. Despite this, approximately 64% of consumers and 55% of small businesses are limiting their online activities due to fears over cyber security.
This annual research, now in its fourth year, assesses the online experiences of Australians. It covers various aspects, including the benefits of the internet, views on emerging technologies, and attitudes towards cyber security and digital skills for the future. It is clear from the survey results that anxiety over internet security is a dominant issue for both consumers and small businesses.
The report discloses several key findings:
Nine out of ten working Australians (88%) rely on the internet for their jobs, while 78% of small businesses struggle to operate without it. There is also growing confidence in Artificial Intelligence (AI), with 39% of employed Australians believing AI skills will enhance their job prospects, and 48% of small businesses thinking AI tools will boost their operational efficiency.
Nonetheless, cyber security threats have touched a vast majority, with 77% of consumers recalling a cyber threat or attack in the past year. Many have received scam messages or suffered hacking incidents.
According to the survey, two out of five consumers (43%) and small businesses (40%) express a desire to enhance their online security but lack the know-how. Moreover, nearly half of consumers (48%) and over a third of small businesses (35%) do not know where to report a data breach. High expectations are placed on companies, with 83% of consumers and 79% of businesses believing that firms should do more to protect personal information.
There is also a significant skill gap in cyber security. While 62% of consumers and 77% of small businesses view cyber security skills as crucial for their future, only 13% of consumers and 24% of businesses feel highly competent in this area.
auDA CEO Rosemary Sinclair AM stated that the report reinforces the indispensable value of a secure and open internet for Australias social and economic fabric. Sinclair noted that even though Australians appreciate the benefits of the internet, their engagement is hindered by concerns over cyber security.
Sinclair emphasised the need for reliable and accessible cyber security training and resources to build confidence among Australians. She likened the effort needed to improve cyber security awareness to that of nationwide road safety campaigns.
In closing, Sinclair urged industry leaders, government entities, businesses, and educational institutions to utilise the findings of the Digital Lives of Australians 2024 report to make informed decisions that would help Australia fully leverage the potential of the internet in a secure manner.
See more here:
Report reveals cybersecurity anxiety among Australians - IT Brief Australia
More than antivirus: What to expect from your security software – PCWorld
Antivirus is just one part of keeping your PC secure. What about backups, password storage, and software updates? Do you use a VPN? Are you monitoring the dark web for your personal data? Thats where security suites come in they bundle all the tools you might need into a convenient package. Everything is available in one place for a single payment, no juggling eight different applications with different subscription fees.
There are all kinds of features youll find in premium security suites. Well use Norton 360 Deluxe as an example here, as its our top antivirus security suite pick here at PCWorld. But all popular security suites from Avast One and AVG Internet Security to Avira Prime and McAfee Total Protection offer a variety of similar features.
Security suites frequently include dark web monitoring for details like your e-mail addresses, phone numbers, and credit cards. The dark web is a place where people can better hide their identity and be anonymous. It may involve using software like the Tor web browser and anonymous .onion sites, for example.
Given the vastly improved anonymity, theres a seedy underbelly of criminal dark web sites where databases full of e-mail addresses and passwords, payment details, and other private information are sold. The dark web scan feature will let you know if your information appears in one of these breaches. Youll be able to see what appears in various leaks.
Chris Hoffman/IDG
Chris Hoffman/IDG
Chris Hoffman/IDG
Norton 360, like many other security suites, offers dark web scanning for your e-mail addresses as well as any phone numbers and credit card numbers you may want to provide. Youll get reports about the contents of each breach the scan finds.
You can get this kind of monitoring in a lot of places. For example, Googles Google One subscription offers dark web monitoring, too.
Premium online security suites usually include built-in VPN services. While our top-rated VPN services arent the ones built into online security applications, VPNs built into security apps work fine. A VPN is a nice to have security feature and having it built into your security app means you dont have to juggle a pile of different system tray icons. Everything is in one place.
Chris Hoffman/IDG
Chris Hoffman/IDG
Chris Hoffman/IDG
The VPN built into Norton 360, for example, can be configured to automatically start and protect your connection whenever you connect to a public Wi-Fi network. You can turn it on and off whenever you want on any connection and choose what region it connects to. It supports optional features like split tunneling (only sending traffic from some apps through the VPN) and a kill switch (automatically cutting off all network access when the VPN connection goes down to protect your privacy).
Dedicated VPN apps may be shinier and have more bells and whistles, but you may not need them. A capable VPN is a great additional value in a security application. You wont have to pay for a VPN subscription separately and you wont have to deal with the drawbacks of a free VPN like a limited monthly data allowance.
Everyone should use a high-quality password manager. After all, you need to use strong, unique passwords for all your accounts and unless you have a photographic memory, theres no way to remember them all.
Online security suites have bundled password managers. For example, you get Norton Password Manager with Norton 360. Like with other password managers, you can generate and autofill passwords and access them on any browser you use with Android and iPhone apps, too.
Chris Hoffman/IDG
Chris Hoffman/IDG
Chris Hoffman/IDG
If youre seeking out the absolute best password manager, you may want to look for a dedicated one (check out PCWorlds top password manager picks). But Nortons password manager is perfectly capable.
In fact, there are a wide variety of solid password managers these days. We even think using Google Chromes built-in password manager is fine. An online security suite that bundles a solid password manager means you dont have to pay for anything extra.
Online security suites also often bundle some cloud backup capabilities. Norton 360 Deluxe gives you 50GB of online storage so you can back up your personal files.
These built-in cloud backup tools are nice to have in a pinch. If you need to back up a lot of files, you may want a dedicated cloud backup service.
Chris Hoffman/IDG
Chris Hoffman/IDG
Chris Hoffman/IDG
Likewise, its worth noting that if you pay for a Microsoft 365 subscription, you get 1TB of cloud storage with OneDrive and OneDrive can sync folders like your PCs Documents folder to the cloud.
Still, you only get 5GB of OneDrive storage with Windows unless you pay. That 50GB of cloud backup storage in Norton, for example, will be more than enough for many people, no extra payments required.
Windows application updates are messy. Unlike on an Android phone or iPhone, apps have to update themselves on a PC. You can easily end up with outdated applications installed and they might have security flaws.
Chris Hoffman/IDG
Chris Hoffman/IDG
Chris Hoffman/IDG
Thats why security suites often include software updaters: Theyll scan your computer for installed software, let you know which ones have updates, and tell you how important they are for your security. They may even be able to auto-update these programs for you.
You can get features like this with other free apps, but they may be rather technical. Im a big fan of the free WingetUI tool for updating apps, for example, but it doesnt have the most user-friendly interface. Software updaters in security suites will have an easier-to-understand interface and be easy to find.
Data broker websites collect all sorts of public records on you and make them available to people who want to pay up. You can remove your data from these websites, but its a time-consuming task.
Some security suites have features that will scan for your personal information on these data broker sites and perhaps let you remove it. Norton 360, for example, has a privacy monitor feature that will scan data broker sites for your personal data and let you know where its found.
Chris Hoffman/IDG
Chris Hoffman/IDG
Chris Hoffman/IDG
You can then contact these sites on your own to get them to remove your data. Unfortunately, Norton charges you extra for the Privacy Monitor Assistant if you want Norton to do the legwork of removing the data on your behalf. Still, its good that Norton and other security suites are letting people know about this privacy concern data broker sites are big business, but they arent often talked about.
Security suites are increasingly bundling their own unique web browsers with their security suites. For example, Norton 360 offers Norton Private Browser. These are totally optional you can keep using Chrome, Edge, Firefox, or whatever other browser you might prefer instead.
These browsers will feel familiar to use. They tend to be based on the same open-source technology that underlies Google Chrome. They also bundle extra features: Nortons browser has Nortons password manager built-in, naturally.
Chris Hoffman/IDG
Chris Hoffman/IDG
Chris Hoffman/IDG
Security suites also tend to offer browser extensions that warn you about dangerous websites in your browser of choice. For example, Norton has the Norton Safe Web extension for Chrome, Edge, and Firefox. Its the kind of thing thats built into Nortons own browser.
In my opinion, a dedicated web browser isnt a critical feature modern web browsers are pretty secure and you probably already have a web browser you use and trust. You can also install your security suites browser extension in whatever browser you currently use. But security-focused browsers are clearly in high demand and theyre fine if you want to use them. Theyre just customized versions of Google Chrome, after all.
Youll often find parental control features built into security suites, too. For example, Norton 360 has Norton Family built in. You can monitor what children are doing on the web, set screen time limits, and access other similar features. With the associated mobile apps, you can also keep track of a childs location (or at least the location of their phone!).
Chris Hoffman/IDG
Chris Hoffman/IDG
Chris Hoffman/IDG
Available parental control features will vary depending on the application you choose. Its worth doing some research to see whether the parental controls in a security suite fit your needs, or whether you may want a different tool with different features. But once again, its nice to have this thrown in: You get a useful package of software that youd often have to pay for bundled with all the other tools in your security suite of choice.
Security suites offer a lot of features. Many of them, like password managers, VPNs, and online backup, often require separate subscription fees if you go for dedicated apps.
Thats a big difference between paid premium security suites and free antivirus programs: Security suites go beyond antivirus. Free antivirus programs often stick to the basics just antivirus software and youll have to look elsewhere for any extras. Free antivirus software does the job, but paid security suites often have some nice-to-have extras.
Which you prefer is up to you. Maybe you want to seek out the best password manager, top-tier VPN, and and assemble your own security suite from parts. Go right ahead!
But its easy to see the value of a security suite in providing everything in a convenient bundle. Theres a lot of value in simplifying things and saving time. Having all those tools in one dashboard is a much cleaner experience that will be much easier for many people to understand.
Why get eight different pieces of software when you can install one to do the same job?
Read this article:
More than antivirus: What to expect from your security software - PCWorld