Cybersecurity: Key Concepts and Strategies

Nowadays, we are inundated with reports of cyberattacks and their ramifications. We hear about attacks on global supply chains that have major economic consequences.

Some examples of significant recent Supply Chain Attacks include [4]:

Dependency Confusion, 2021: A security researcher was able to breach Microsoft, Uber, Apple, and Tesla by taking advantage of dependencies that applications use to provide services to end-users.

Mimecast, 2021: In the Mimecast attack, hackers were able to compromise a security certificate that authenticates Mimecast's services on Microsoft 365 Exchange Web Services.

SolarWinds, 2020: The SolarWinds attack was orchestrated by injecting a backdoor, into the Orion IT update tool.

ASUS, 2018: The attack on ASUS, according to Symantec researchers, took advantage of an update feature and impacted as many as 500,000 systems.

Event-stream, 2018: In the event-stream attack, a repository within the GitHub system was injected with malware. The dependency in the repository containing the malware was accessed by an unknown number of applications.

Routinely, we find out that cybercriminals have stolen the personal information of millions of consumers through platforms used daily. Sometimes, we even hear about vital government and health services being blocked and extorted for ransom. These Cyberattacks are continuously evolving.

Cybersecurity is an important, expanding field in a world where companies and institutions are racing to move and maintain their businesses online. So, it becomes one of the most important components of a technology strategy when most of our information is online and teams are working remotely [2].

We constantly hear references to concepts like cybersecurity, cyberattacks, cybercriminals, and more. This can all sound daunting and difficult to grasp. To protect yourself and those around you, you will need to have a basic understanding of these concepts [5]:

1. Cyberattack is commonly defined as an attempt to gain illegal access to a computer or computer system to cause damage or harm. But only thinking of computers or computer systems, in a traditional sense, is limiting. The reality is that a cyberattack can occur on almost any modern digital device. The impact can range from an inconvenience for an individual to global economic and social disruption.

2. Cybercriminal is anyone who carries out a cyberattack. Cybercriminals can be:

• A single person or a group of people.
• An organisation for hire.
• A government entity.

Cybercriminals can be located anywhere, including embedded inside an organisation or institution, to cause damage from within.

Cybersecurity refers to technologies, processes, and training that help protect systems, networks, programs, and data from cyberattacks, damage, and unauthorised access. Cybersecurity enables you to achieve the following goals:

• Confidentiality: this means that Information should only be visible to the right people.
• Integrity: this means that Information should only be changed by the right people or processes.
• Availability: this means that Information should be visible and accessible whenever needed.

This is commonly referred to as the Confidentiality, Integrity, Availability (CIA) model in the context of cybersecurity.

We'll also need to understand the means cybercriminals can use to carry out attacks and achieve their aims, hence need to be aware of concepts like the threat landscape, attack vectors, security breaches, and more.

So, what is a threat landscape?

Whether an organisation is big or small, the entirety of the digital landscape with which it interacts represents an entry point for a cyberattack. These can include [5]:

• Email accounts
• Social media accounts
• Mobile devices
• The organisation’s technology infrastructure
• Cloud services
• People

Collectively, these are referred to as the threat landscape. Please note that the threat landscape can cover more than just computers and mobile phones. It can include any elements that are owned or managed by an organisation, or some that are not.

What Are Attack Vectors? 

An attack vector is an entry point or route for an attacker to gain access to a system [5]:

• Email is the most common attack vector. Cybercriminals will send legitimate emails that result in users acting. This might include downloading a file or selecting a link that will compromise their device. These attachments can be in the form of documents, PDFs, voicemails, video clips and images [1].

• Another common attack vector is through wireless networks. Bad actors will often tap into unsecured wireless networks at airports or coffee shops, looking for vulnerabilities in the devices of users who access the wireless network.

• Monitoring social media accounts, or even accessing devices that are left unsecured, are other commonly used routes for cyberattacks.

However, attackers do not need to rely on any of these. They can use a variety of less obvious attack vectors. Here are some examples [5]:

• Removable media. An attacker can use media such as USB drives, smart cables, storage cards, and more to compromise a device.

• Browser. Attackers can use malicious websites or browser extensions to get users to download malicious software on their devices or change a user's browser settings.
• Cloud services. Attackers can compromise poorly secured resources or services in the cloud. For example, an attacker could compromise an account in a cloud service, and gain control of any resources or services accessible to that account.
• Insiders. The employees of an organisation can serve as an attack vector in a cyberattack, whether intentionally or not. An employee might become the victim of a cybercriminal who impersonates them as a person of authority to
gain unauthorised access to a system. This is a form of social engineering attack. In this scenario, the employee serves as an unintentional attack vector. In some cases, however, an employee with authorised access may use it to intentionally steal or cause harm.

What Are Security and Data Breaches? 

Any attack that results in someone gaining unauthorised access to devices, services, or networks is considered a security breach. Imagine a security breach as like a break-in where an intruder (attacker) successfully breaks into a building (a device, application, or network).

A data breach is when an attacker successfully gains access or control of data. Using the intruder example, this would be like that person getting access to, or stealing, vital documents and information inside the building:

When an attacker achieves a security breach, they will often want to target data, because it represents vital information. Poor data security can lead to an attacker gaining access and control of data. This can lead to profound consequences for the victim as the victim's data could be abused in many ways. For example, it can be held as ransom or used to cause financial or reputational harm.

Malware, Viruses, Worms, etc. What Do They Mean?

Malware comes from the combination of the words malicious and software. It is a piece of software used by cybercriminals to infect systems and carry out actions that will cause harm. This could include stealing data or disrupting normal usage and processes.

Malware has two main components:

• Propagation mechanism
• Payload

Propagation is how the malware spreads itself across one or more systems. Few examples of common propagation techniques are Viruses, Worms, and Trojans.

Payload is the action that a piece of malware performs on an infected device or system. Some common types of payloads are:

• Ransomware that locks systems or data until the victim has paid a ransom.
• Spyware that spies on a device or system.
• Backdoors that enable a cybercriminal to exploit a vulnerability in a system or device to bypass existing security measures and cause harm.
• Keyloggers track everything that you type on your keyboard and usually have a built-in functionality that sends a file to the hacker containing all the data you entered. It is usually designed to find passwords, or personal information [2].
• Botnet that joins a computer, server, or another device to a network of similarly infected devices that can be controlled remotely to carry out some nefarious action. A common application of botnet malware is crypto-mining (often referred to as crypto-mining malware). In this case, the malware connects a device to a botnet that consumes the device's computing power to mine or generate cryptocurrencies. A user might notice their computer is running slower than normal and getting worse by the day.

How To Protect Yourself?

There are several ways that you can keep cyberattacks at bay, A measure or collection of steps that an organisation takes to prevent or defend against a cyberattack is called Mitigation Strategy. Some of the many different mitigation strategies available to an organisation are:

Multifactor authentication [MFA/2FA] works by requiring a user to provide multiple forms of identification to verify that they are who they claim to be. This entails mostly three coverage areas:

1. First, something the user knows like a password.
2. Second, something the user is, such as a fingerprint or retinal scan (a biometric form of authentication),
3. Third, something the user has, such as a phone, hardware key, or other trusted device.

Multifactor authentication employs at least two of these three forms of proof to verify a valid user. For example, a bank might require a user to provide security codes sent to their mobile device, in addition to their username and password, to access their online account. 2-factor authentication, also known as MFA, has been around for some time but has now  become significantly more popular and is an essential part of being cyber safe [3].

Setting up multifactor authentication on your social accounts is important to protect yourself from identity theft. It is simple to setup, you can learn how to do so in this article.

Browser Security is absolute must as we all rely on browsers to access the internet to work and carry out our daily tasks. Organisations can protect against these types of attacks by implementing security policies that:
• Prevent the installation of unauthorised browser extensions or add-ons.
• Only allow permitted browsers to be installed on devices.
• Block certain sites using web content filters.
• Keep browsers up to date.

Educating your team is a great strategy to mitigate social engineering attacks that rely on the vulnerabilities of humans to cause harm. Organisations can defend against social engineering attacks by educating their staff. Users should learn how to recognise malicious content they receive or encounter and know what to do when they spot something suspicious. For example, organisations can teach users to:
• Identify suspicious elements in a message.
• Never respond to external requests for personal information.
• Lock devices when they are not in use.
• Only store, share and remove data according to the organisation's policies.

Threat intelligence enables an organisation to collect systems information, details about vulnerabilities,  information on attacks, and more. Based on its understanding of this information, the organisation can then implement policies for security, devices, user access, and more, to defend against cyberattacks. The collection of information to gain insights, and respond to cyberattacks, is immensely valuable.

These are just some of the mitigation strategies that organisations can take to protect against cyberattacks. Mitigation strategies enable an organisation to take a robust approach to cybersecurity. This will protect the confidentiality, integrity, and availability of information. If you would like further information, get in touch with our Cybersecurity Team. 

References: 

Cyber Threats Australian Businesses are Facing 2021 [free eBook]: https://blog.power-net.com.au/blog/the-most-common-cyber-threats-to-businesses-in-australia-in-2021-free-ebook

Our Guide to Cyber Security [free eBook], URL: https://blog.power-net.com.au/blog/the-ultimate-guide-to-cybersecurity

Why 2-Factor Authentication Is Essential for Cybersecurity: https://blog.power-net.com.au/blog/2fa-is-essential-for-cybersecurity

Describe the basic concepts of cybersecurity - Learn | Microsoft Docs: https://docs.microsoft.com/en-us/learn/paths/describe-basic-concepts-of-cybersecurity/  

Supply Chain Attacks: Examples and Countermeasures: https://www.fortinet.com/resources/cyberglossary/supply-chain-attacks