Skip to content
Blog

Home > Resources > Common Cyber Security Threats - Part 1

Common Cyber Security Threats - Part 1

 

Many times a conversation around 'cyber threats' gets too complicated, too technical and way beyond the average person's depth of knowledge.  Many acronyms and terms are thrown around and many business leaders are lost in the jargon and complexities.  Below is the first part of a few posts about what are common threats and how it might impact a typical business.   Hope this helps to de-mystify the concepts a bit!

Account Take Over (ATO)

Description:

Bad actor(s) obtain credentials (username/password; authentication token; etc.) and login to a user account such as local desktop/laptop; network/active directory; Microsoft Exchange Online; Cloud based software application and engage in malicious activities disguised as the original user.

Harmful activities:

    • Sending emails out impersonating original user to perpetrate further malicious activities
    • Deleting data within applications
    • Posting data to the Dark Web for purposes of selling
    • Exfiltrating data from the organization to use for harmful purposes (i.e. ransom; public exploit, etc.)

Attack vectors:

    • Phishing email that takes end-user to a disguised site and asks for credentials
    • Clandestine software residing on websites that can extract digital tokens from Phished users
    • SMS (Texting) Phishing (aka Smishing) cell phone users for credentials

Activities to Prevent:

    • Phishing simulation for end-users to build skills and awareness of attempts for Phishing activities
    • Two-Factor / Multi-factor authentication (2FA/MFA) for all platforms where possible
    • Regular password change requirements

Ransomware - Encryption

Description:

Software is downloaded onto local desktop or network device (Server) and encrypts files on those devices. Users are notified of encryption activity and instructed to contact the 3rd party for instructions on how to submit payment to release decryption keys.

Harmful activities:

    • Organization cannot access business critical data
    • Federal / State regulatory compliance violations
    • Deleting data within applications
    • Posting user data to the Dark Web for purposes of selling
    • Exfiltrating data from the organization to use for harmful purposes (i.e. ransom; public exploit, etc.)
    • NOTE: It is not uncommon that even if ransom is paid and decryption keys provided that later the malicious software can launch again in an attempt to re-ransom data.

Attack vectors:

    • Phishing email that takes end-user to a disguised site and users unknowingly download malicious software
    • Portable or mobile media (i.e., CD-ROM disks, USB / Thumb drives) are inserted into devices and software automatically downloaded
    • Email attachments
    • Open external ports or unaddressed vulnerabilities that allow 3rd parties access into the network
    • Unattended vendor access where access is enabled through that party’s external access

Activities to Prevent:

    • Phishing simulation for end-users to build skills and awareness of attempts for Phishing activities
    • Actively managed Anti-virus/Malware/End-Point protection application
    • Effective network / IP scheme architecture that can prevent spread of malicious software
    • Properly managed firewall and external facing entry points into the network (firmware updates, patching, routine threat assessments)

 

Learn More About Mandry SECURE

 
Mandry Technology Solutions headshot

Subscribe

Stay up to date on the latest content in information technology.