The first 24 hours after a cyber attack

The first 24 hours after a cyber attack

The first 24 hours after a cyber attack

A simple guide on how to respond to a cyber attack:

Data Breaching

by Praise Maukazuva

A data breach is when your personal data has been viewed, stolen or used without any authorization.

Computer Security Incident Response Team (CSIRT)

Dealing with cyber attacks is strenuous. There is no guarantee that your security measures will keep your system or data safe.

Ways to respond to these attacks in an effective and comprehensive manner are actively being developed at the highest level in government bodies and International communities. However it is difficult to identify the type of attack you are facing until an investigation has been carried out.

First of all, you need a Computer Security Incident Response Team (CSIRT) to manage the whole process. They should all be assigned to a task each, for example one member will deal with how to notify affected users or IT specialists in case there is a technical fault.

Notifications

Secondly, notifications are sent to affected users. For example, in a company, employees, investors, and customers should be notified. Most importantly the law enforcement and legal authorities should also be notified. The notification should include key details to show the source of the problem, how it is currently being fixed and assurance that it will not be a problem in the future. E-bay was criticized for not notifying its victims in time after its system was hacked in 2014.

As mentioned earlier, the type of attack is essential to determine the type of response. The network will be slower than normal due to reduced internet speed. This can be a sign of a hacking attempt or that the computer has been infected by a form of malware, or a network worm could be replicating itself. There could also be frequent antivirus software alerts reporting an infection in the computer.

After detecting the type of attack the next step would be to assess whether it is massive or not. Cyber attacks can either be a basic or sophisticated. So how do we distinguish between the two.

BASIC ATTACKS

BASIC ATTACKS involve small-time criminals such as individual hacktivists that target other private individuals and non-strategic Government departments for financial gain and publicity. They have limited skills and resources that are publicly known.

SOPHISTICATED ATTACKS

SOPHISTICATED ATTACKS are seriously organized crimes that are usually sponsored by the State and advanced tools are used. Their targets are the Government or Major Corporate Organizations for warfare, terrorism, major financial rewards and also to unveil National secrets.

In a sophisticated attack the whole system may be shut down and you will know that you have been attacked. For example a certain department in an Organization has its system shutdown by an attacker and for them to restore their system they need to pay money.

Prevention

Next step is to prevent the attack from spreading into other systems as well. You can keep all affected systems or devices offline,isolated or suspended to stop incoming traffic from the attacker. Passwords should be changed and strengthened.

Do not delete any files, as they might be useful during the investigation.

Continuously document the whole process. So far, the type of attack, the areas it has affected, how it occurred and how it was detected should have been documented. This will be for future references.

Forensic

The most important step would be to contact a forensic team or cyber security experts to further investigate the incident. The investigation will include:

  • Identifying the attacker or the cause of the attack
  • Detecting previously unknown security vulnerabilities
  • Identifying areas that need improvement or better security.
  • Assist in repairing the damage and re-building a stronger system protection with sophisticated security measures.

The forensic team uses a variety of tools during the investigation process. A simple example is TRIPWIRES, a software that detects critical file changes and intrusions on the network.

In short, a cyber attack response involves:

  • Form an incident response team
  • Notify victims and law enforcement
  • Detect the type of attack
  • Assess the scale of the attack
  • Prevent further damage
  • Document the steps taken and why they were taken
  • Contact security specialists for forensic investigation
  • Recover system with prevention measures

An effective method of response to a cyber attack is necessary as it minimises loss and data destruction. It shows vulnerabilities that were compromised and methods to avoid or reduce future risks!

Can you get hacked?

Can you get hacked?

Imagine the amount of personal information, the purchases you make and all your day to day processes that are stored in your computer. Are they all secure?

Cyber Security is one of the most urgent issues of the day. Cyber attacks have evolved over the years in parallel to the advancement of the tech industry and will continue as the network expands. It is advisable to take the right prevention techniques as they say prevention is better than cure.

Let’s take a look at some of the most common cyber attacks around.

1. MALWARE

Malwares are basically software with a malicious intent to either steal your data or to destroy your operating system. It operates on computers, smartphones, tablets and even servers. It houses a variety of cyber threats:

  • Worms – Just like a virus, it replicates itself and spreads, but only across the network.
  • Trojan horses – they are harmless until they are activated and their intentions are to steal data or files. Trojan horses generally don’t spread like worms.
  • Viruses – This type of malware reproduces itself and spreads from file to file, slowing down the system, disrupting operations and also deleting files.
  • Spyware – Spyware monitors all your activities, sites visited, programs run to track login and password information.

Malwares are transmitted via email attachment, instant messaging or a website that is either infected or malicious. Some websites will automatically download the malware without users’ knowledge.

It tricks you into clicking, for example, an email attachment or a software download, resulting in it being installed in your computer. Once installed, it spreads and starts executing malicious commands.

How to avoid

 

  • This type of cyber attack can be avoided by simply installing an antivirus or antimalware software, once installed it has to be updated and run regularly. You can schedule automatic scans on your computer too for consistency.
  • Avoid opening emails or messages from unknown recipients and also websites with illegal or pirated content. Files should always be scanned before they are downloaded.
  • Use strong passwords, include upper cases, lower cases, numbers and symbols as they are difficult to crack. Avoid using common English words.
  • Lastly, backup all your files, using an external hard disk or cloud services regularly.

2. RANSOMWARE

This is a new type of malware. It limits users from accessing their systems or files by locking their screens or the files until a ransom in the form of money is paid in order to restore your computer.

The data can be converted into a code that can not be read or understood, and in order to make your data understandable, an online payment must be made. This malware can be delivered to your computer through email attachments or pirated downloads.

It tricks you into clicking, for example, an email attachment or a software download, resulting in it being installed in your computer. Once installed, it spreads and starts executing malicious commands.

How to avoid

  • Install an antivirus software that supports internet security features. This will scan your emails and downloads.
  • Your data always backup your files. You can use external hard drives, USB flash drives or Cloud storage such as Dropbox.
  • Use strong passwords, include upper cases, lower cases, numbers and symbols as they are difficult to crack. Avoid using common English words.
  • Do not open attachments that look suspicious or messages sent by unfamiliar people and avoid clicking on just any hyperlinks especially on social media.

3. PHISHING

Phishing is when personal data such as passwords, usernames, or credit card information are stolen. How does it work?

A user receives an email from someone pretending to be a trustworthy bank or credit card company for example, that will redirect the user to a fake website that is identical to the original website.

The website will then prompt the user to enter personal email address, password or credit card information.

How to avoid

Phishing, however, can be avoided. Received emails must be checked carefully. Phishing emails usually have a “dear customer” without stating the name of the receiver. Such emails need you to verify with the organization stated in the email. During the verification, one should not use any email address or phone number from the email received.

Entering confidential information should be avoided at all costs, and this information should never be sent through emails. Online banking credentials should be changed regularly to avoid targeted attacks.

4. DENIAL OF SERVICE (DDoS)

This cyber threat disrupts the service of a network and brings servers to a halt. Attackers use multiple computers to send large volumes of data packets and traffic to the network.

This will slow down the network performance and the user will not be able to access any websites, resulting in low productivity especially for businesses. There will also be a dramatic increase in spam emails.

How to avoid

DDoS attacks can be prevented by installing a firewall. Firewalls can be hardware or software based, and they control the amount of incoming and outgoing traffic.

Firewalls can detect irregular traffic patterns and fend them off.

Email filters, on the other hand, will reduce spam emails.

“Understand what data you hold, how you are using it, and make sure that you are practicing good data hygiene

David Mount, Director, Micro Focus, London – April 2016

 

Pokémon GO: Are you letting a thief in?

Pokémon GO: Are you letting a thief in?

Pokémon GO: Are you letting a thief in?

You might want to know this before you go and catch ’em all.

In a blog post by security analyst, Adam Reeve, Reeve reported that users had inadvertently given Pokémon Go developers, Niantic, access to their google accounts in a rush to join the Pokémon Go bandwagon.

Checking permission settings, he noticed that “Pokémon Go has full access to your Google account.” Cautious, he checked the Google help page for indications on what “full access” meant and came across this: “When you grant full account access, the application can see and modify nearly all information in your Google Account” and “This “Full account access” privilege should only be granted to applications you fully trust, and which are installed on your personal computer, phone, or tablet.”

As many would induce, Reeve suggested that Pokémon Go and Niantic could now:

  • Read all your emails
  • Send email as you
  • Access all your google drive documents (including deleting them)
  • Look at your search history and your Maps navigation history
  • Access any private photos you may store in Google Photos
  • And a whole lot more

Niantic have since come out with a statement:

“We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO‘s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.”

Read more here