The first 24 hours after a cyber attack

The first 24 hours after a cyber attack

The first 24 hours after a cyber attack

A simple guide on how to respond to a cyber attack:

Data Breaching

by Praise Maukazuva

A data breach is when your personal data has been viewed, stolen or used without any authorization.

Computer Security Incident Response Team (CSIRT)

Dealing with cyber attacks is strenuous. There is no guarantee that your security measures will keep your system or data safe.

Ways to respond to these attacks in an effective and comprehensive manner are actively being developed at the highest level in government bodies and International communities. However it is difficult to identify the type of attack you are facing until an investigation has been carried out.

First of all, you need a Computer Security Incident Response Team (CSIRT) to manage the whole process. They should all be assigned to a task each, for example one member will deal with how to notify affected users or IT specialists in case there is a technical fault.

Notifications

Secondly, notifications are sent to affected users. For example, in a company, employees, investors, and customers should be notified. Most importantly the law enforcement and legal authorities should also be notified. The notification should include key details to show the source of the problem, how it is currently being fixed and assurance that it will not be a problem in the future. E-bay was criticized for not notifying its victims in time after its system was hacked in 2014.

As mentioned earlier, the type of attack is essential to determine the type of response. The network will be slower than normal due to reduced internet speed. This can be a sign of a hacking attempt or that the computer has been infected by a form of malware, or a network worm could be replicating itself. There could also be frequent antivirus software alerts reporting an infection in the computer.

After detecting the type of attack the next step would be to assess whether it is massive or not. Cyber attacks can either be a basic or sophisticated. So how do we distinguish between the two.

BASIC ATTACKS

BASIC ATTACKS involve small-time criminals such as individual hacktivists that target other private individuals and non-strategic Government departments for financial gain and publicity. They have limited skills and resources that are publicly known.

SOPHISTICATED ATTACKS

SOPHISTICATED ATTACKS are seriously organized crimes that are usually sponsored by the State and advanced tools are used. Their targets are the Government or Major Corporate Organizations for warfare, terrorism, major financial rewards and also to unveil National secrets.

In a sophisticated attack the whole system may be shut down and you will know that you have been attacked. For example a certain department in an Organization has its system shutdown by an attacker and for them to restore their system they need to pay money.

Prevention

Next step is to prevent the attack from spreading into other systems as well. You can keep all affected systems or devices offline,isolated or suspended to stop incoming traffic from the attacker. Passwords should be changed and strengthened.

Do not delete any files, as they might be useful during the investigation.

Continuously document the whole process. So far, the type of attack, the areas it has affected, how it occurred and how it was detected should have been documented. This will be for future references.

Forensic

The most important step would be to contact a forensic team or cyber security experts to further investigate the incident. The investigation will include:

  • Identifying the attacker or the cause of the attack
  • Detecting previously unknown security vulnerabilities
  • Identifying areas that need improvement or better security.
  • Assist in repairing the damage and re-building a stronger system protection with sophisticated security measures.

The forensic team uses a variety of tools during the investigation process. A simple example is TRIPWIRES, a software that detects critical file changes and intrusions on the network.

In short, a cyber attack response involves:

  • Form an incident response team
  • Notify victims and law enforcement
  • Detect the type of attack
  • Assess the scale of the attack
  • Prevent further damage
  • Document the steps taken and why they were taken
  • Contact security specialists for forensic investigation
  • Recover system with prevention measures

An effective method of response to a cyber attack is necessary as it minimises loss and data destruction. It shows vulnerabilities that were compromised and methods to avoid or reduce future risks!

Can you get hacked?

Can you get hacked?

Imagine the amount of personal information, the purchases you make and all your day to day processes that are stored in your computer. Are they all secure?

Cyber Security is one of the most urgent issues of the day. Cyber attacks have evolved over the years in parallel to the advancement of the tech industry and will continue as the network expands. It is advisable to take the right prevention techniques as they say prevention is better than cure.

Let’s take a look at some of the most common cyber attacks around.

1. MALWARE

Malwares are basically software with a malicious intent to either steal your data or to destroy your operating system. It operates on computers, smartphones, tablets and even servers. It houses a variety of cyber threats:

  • Worms – Just like a virus, it replicates itself and spreads, but only across the network.
  • Trojan horses – they are harmless until they are activated and their intentions are to steal data or files. Trojan horses generally don’t spread like worms.
  • Viruses – This type of malware reproduces itself and spreads from file to file, slowing down the system, disrupting operations and also deleting files.
  • Spyware – Spyware monitors all your activities, sites visited, programs run to track login and password information.

Malwares are transmitted via email attachment, instant messaging or a website that is either infected or malicious. Some websites will automatically download the malware without users’ knowledge.

It tricks you into clicking, for example, an email attachment or a software download, resulting in it being installed in your computer. Once installed, it spreads and starts executing malicious commands.

How to avoid

 

  • This type of cyber attack can be avoided by simply installing an antivirus or antimalware software, once installed it has to be updated and run regularly. You can schedule automatic scans on your computer too for consistency.
  • Avoid opening emails or messages from unknown recipients and also websites with illegal or pirated content. Files should always be scanned before they are downloaded.
  • Use strong passwords, include upper cases, lower cases, numbers and symbols as they are difficult to crack. Avoid using common English words.
  • Lastly, backup all your files, using an external hard disk or cloud services regularly.

2. RANSOMWARE

This is a new type of malware. It limits users from accessing their systems or files by locking their screens or the files until a ransom in the form of money is paid in order to restore your computer.

The data can be converted into a code that can not be read or understood, and in order to make your data understandable, an online payment must be made. This malware can be delivered to your computer through email attachments or pirated downloads.

It tricks you into clicking, for example, an email attachment or a software download, resulting in it being installed in your computer. Once installed, it spreads and starts executing malicious commands.

How to avoid

  • Install an antivirus software that supports internet security features. This will scan your emails and downloads.
  • Your data always backup your files. You can use external hard drives, USB flash drives or Cloud storage such as Dropbox.
  • Use strong passwords, include upper cases, lower cases, numbers and symbols as they are difficult to crack. Avoid using common English words.
  • Do not open attachments that look suspicious or messages sent by unfamiliar people and avoid clicking on just any hyperlinks especially on social media.

3. PHISHING

Phishing is when personal data such as passwords, usernames, or credit card information are stolen. How does it work?

A user receives an email from someone pretending to be a trustworthy bank or credit card company for example, that will redirect the user to a fake website that is identical to the original website.

The website will then prompt the user to enter personal email address, password or credit card information.

How to avoid

Phishing, however, can be avoided. Received emails must be checked carefully. Phishing emails usually have a “dear customer” without stating the name of the receiver. Such emails need you to verify with the organization stated in the email. During the verification, one should not use any email address or phone number from the email received.

Entering confidential information should be avoided at all costs, and this information should never be sent through emails. Online banking credentials should be changed regularly to avoid targeted attacks.

4. DENIAL OF SERVICE (DDoS)

This cyber threat disrupts the service of a network and brings servers to a halt. Attackers use multiple computers to send large volumes of data packets and traffic to the network.

This will slow down the network performance and the user will not be able to access any websites, resulting in low productivity especially for businesses. There will also be a dramatic increase in spam emails.

How to avoid

DDoS attacks can be prevented by installing a firewall. Firewalls can be hardware or software based, and they control the amount of incoming and outgoing traffic.

Firewalls can detect irregular traffic patterns and fend them off.

Email filters, on the other hand, will reduce spam emails.

“Understand what data you hold, how you are using it, and make sure that you are practicing good data hygiene

David Mount, Director, Micro Focus, London – April 2016

 

Which is the biggest mobile tech news of 2016?

Which is the biggest mobile tech news of 2016?

Vote for the biggest mobile tech news of 2016

2016 has been an explosive year for mobile enthusiasts, and here, we list the most prominent pieces of news from the world of mobile technology.

(Note that these are numbered in no particular order)

From exploding phones to disappearing airpods, 2016 has been an interesting year for those who pay attention to the mobile industry.

They didn’t let me on the plane

Arguably the piece of smartphone news this year that has been the most prominent was the recall of 2.5million Galaxy Note 7’s, Samsung’s flagship device, a mere two weeks after its launch due to exploding batteries. Samsung initially offered replacements, but decided to refund and discontinue the phones altogether after the replacements themselves began to go up in flames.

Picture from Daily Star UK

Hey Apple, Where are my earphones?

Apple set social media abuzz with memes and giggles when the newly announced Iphone 7 was revealed to have no aux cable. Worse yet, the internet was flooded with jokes about losing the new cordless air pods within seconds of buying them, becoming a running quip among apple and android fans alike.

Picture from MashableAsia

The Bezel-less Mi Mix

Xiao Mi’s announcement of the Bezel-less phone, the Mi Mix, got netizens excited for the next step in smartphone design. People are evidently bored of prevailing smartphone models, but there are only a limited number of ways one can design a rectangular slab of metal and glass.

At the same event, Xiaomi also unveiled the Mi Note 2, which looks similar to Samsung’s Note 7, but without the caveat of setting the house on fire.

Picture from The Verge

The Google Pixel

The Google Pixel is Googles newest attempt at breaking into the high-end mobile phone market. The Google Pixel and Google Pixel XL sport a 5.0- and 5.5-inch build respectively, both run on the Qualcomm Snapdragon 821, the Adreno 530 and 4GB of RAM. Both of them pack 32 GB to 128 GB internal memory. The Google Pixel runs on 2,770 mAH, while the Google Pixel XL runs on 3,450 mAH. Pegged at $699 for the lowest-end configuration.

Picture from Made by Google

Google's Pixel Phone Hacked In Under a Minute

Speaking of the pixel, a group of white hat hackers from Qihoo, a Chinese security firm, exploited the phones security flaw in under a minute, bagging a $120,000 bounty from google. The hack left the Pixel vulnerable to outside control, giving hackers’ access to eavesdrop, pick pocket, and utilize the device in botnet attacks.

Oops.

Huawei’s Leica-P9 Combo

Huawei and Leica’s joint announcement on their collaboration on the new 2016 huawei P9 was a big deal this year. The P9 was the smartphone industry’s first serious investment in a dual camera system, one that has since been adopted by apple. The P9 has a traditional 12-megapixel camera, but right next to it is another, monochrome 12-megapixel one. Working together they improve contrast and triple the amount of light information received by the device.

LG-G5 Modular Flop

LG’s announcement that it will be releasing a modular phone in the form of the LG-G5 got nerds and geeks excited for its release. Unfortunately, at the commencement of sale, LG only had two modules available, largely relying on third parties to create more. Later, the LG-G5 was apparently a flop with LG admitting its disappointment with “somewhat slow” sales.

Picture from Androidcentral

Timeline

  • Googles Pixel Hacked

  • Google Pixel launch

  • Mi Mix Launch

  • Samsung Note 7 explodes

  • iPhone 7 launch

  • Huawei’s Leica-P9 Combo

  • LG-G5 Modular Flop