BY DIRAMAKINI REPORTER
IN recent years since the start of COVID-19, we witness the accelerated digitalization related to the COVID-19 pandemic which has significantly influenced the development of a number of cyber threats.
Cyber criminals have been quick to abuse the current circumstances to increase profits, spreading their tentacles to various areas and exposing vulnerabilities, connected to systems in financial institutions, hospitals, government sectors and individuals.
When we approach festival season, the rise of cyberattacks in financial institutions are seen widely across the world due to big number of people purchasing things either online or making use of bank cards to purchase goods at supermarkets.
Yusuph Kileo, A cybersecurity and digital forensics experts during his interview with one media station call on users to be extra careful when purchasing goods online – Kileo sited few examples of popular online selling sites falling victim of being impersonated by cybercriminals causing users to end up falling victims by using impersonated sites to purchase goods.
“Cybercriminals normally create website by changing one or few letters to confuse individual. for example, eBay criminals can write it as eBuy. And both websites may look very similar,”Kileo urge users when purchasing goods online, to make sure the site you are planning to use to purchase goods online has exactly the same name with the one you wanted to purchase from.
In addition, Websites which provide financial services or requiring individuals to keying their details needs to be secure (starting with https and not http). To be on safe side its good for individual to make use of Web Of Trust (WOT) extension embedded to web browsers. WOT will help in identifying malicious websites.
As for financial institutions, Ransomware is one among many cyberattacks expected to spike – and for good reason. Such attacks can cripple financial institution’s ability to conduct important operations or provide needed services to the customers.
While ransomware, a malicious software that locks up computer data until a ransom is paid, has been a threat for years, newer variants are able to infect entire networks and cause considerable damage. They often command exponentially higher ransoms as a result. No single organisation, no matter how large, small or remote, is immune.
Here are some measures you can take to help protect your data and ensure an effective response in the event of a ransomware attack at your public entity:
Train Employees
Phishing email or Malicious link are the most common method that attackers use to spread ransomware. Regardless of what security features are installed on someone’s device, if a malicious link is opened, that device could be compromised.
To minimize the risk of human error, offer continuous, ongoing training on how to recognize cyber threats. Stress to your employees the importance of examining links and attachments to make sure they are from a reliable source. Also, warn them of the dangers of sharing company or personal information in response to an email, letter or phone call, and set up protocols for reporting suspicious activity to a designated manager.
Back Up Data
A primary step is to back up critical data on a regular basis. Backed-up files can be quickly recovered, which can help to restore operations in the event of an attack. Be sure the backed-up data is stored on a separate offline device that is completely severed from the working network. Otherwise, it’s likely to be ransomed along with your primary data.
“If the backups are also unavailable due to the attack, recovering quickly will be more complicated,” Kileo said. “You may need to rebuild using older data or other sources to recover.”
Patch or update your software
Unpatched and unsupported operating systems are easy vulnerabilities for cyber threat actors to exploit. Be sure to keep your OS and all third-party apps patched with the newest updates – Patch early, patch often.
Ransomware like WannaCry and NotPetya relied on unpatched vulnerabilities to spread around the globe. Some vendors release security updates on a regular basis (Microsoft and Adobe both use the second Tuesday of the month), but there are often “out-of-band” or unscheduled updates in case of emergency.
Enable automatic updates if you can, or go directly to the software vendor’s website, as malware authors like to disguise their creations as software update notifications too.
Segment Network Access
Splitting your network into smaller segments is another way to protect critical data. This is typically done by business function or data type, so you can grant employees access to just the data they need to do their jobs. If an employee should fall for a ransomware attack, segmentation can help to prevent the virus from spreading throughout your network and operations. Access to the most critical data should be limited to a small number of employees.
Use Multifactor Authentication
Multifactor authentication (MFA) adds another level of protection to your network data. This is a method of verifying an employee’s identity with two or more pieces of proof. The authentication factors typically correlate to a device (e.g., an authenticator app on a smartphone), biometrics (e.g., a fingerprint) or information (e.g., a PIN).
Even if a cyber attacker has obtained a user ID and password, MFA decreases the risk that an attacker can gain access by requiring an additional means of validation. For example, they would need to steal both an employee’s password, as well as their phone, to be able to log in to your systems.
Develop an Incident Response Plan
Avoid scrambling to figure out a plan after a ransomware attack occurs. Having an incident response plan (IRP) in place in advance is key to a swift, systematic response to help contain the damage and minimize costs. To ensure that your plan will fulfill its intended purpose, test your IRP and put it into practice before an incident occurs. You should also continuously update it as you become aware of new risks and vulnerabilities.
When falling victim to ransomware attacks, Kileo strongly urge organisation not to panic- Instead they should respond to the attack by identifying the type of the ransomware attack and then respond to it accordingly.
Knowing the type of ransomware, you are dealing with can help you search for solution. There are a number of online tools that you can use to check if your specific ransomware has been seen before and if there is a solution available to decrypt it.
Take note of any URLs to which the ransom page is trying to direct you, as this might be a clue as to the type of ransomware.
Look at your encrypted files to see if they have been renamed with a new file extension.
This technique is often used by cyber threat actors - For example, the Locky ransomware in 2016 renamed files with “. locky” as the extension.
This may indicate the name of the ransomware and will help you track down any solutions online.
Organisations can also engage legal and cyber forensics experts. These professionals can assist with investigating the extent of the infiltration, removing the cause, restoring your network and determining whether or not to pay the ransom. You may also have an obligation to notify others of the incident if their information was potentially compromised as a result of the breach.
YUSUPH KILEO
Cybersecurity & digital forensics Expert
Twitter: @YUSUPHKILEO
EduBlog: http://ykileo.blogspot.com